Ticket #9 (assigned defect)
jCookie problems on HTTPS sites
| Reported by: | fcohen | Owned by: | fcohen |
|---|---|---|---|
| Priority: | trivial | Milestone: | |
| Version: | 4.4.2 | Keywords: | tm4 jcookie |
| Cc: |
Description
Frank, et al,
When this port is browsed, the first action that takes place is the server offers up a certificate for the browser to accept. This response is received by HTTPProtocol.connect() which then stores the cookies found in the response object thusly:
// Stores cookies in response object try {
cookieJar.addAll( theClient.getCookies( con ) );
} catch ( com.sonalb.net.http.cookie.MalformedCookieException? mcex ) {
throw new ToolException?("HTTPProtocol problem: Malformed Cookie Exception. " + mcex);
} catch ( java.lang.IllegalArgumentException? arex ) {
throw new ToolException?("HTTPProtocol problem: Illegal Argument to SaveCookies?. " + arex);
}
When theClient.getCookies(con) is invoked, RFC2965CookieParser.parseCookies() is invoked in turn which looks in the header to see if it is empty or null. I'm not sure if response has a cookie to be honest so I'm unsure if this is the correct thing to do at this point which is where I need some guidance.
I've noticed that there is another version of HTTPProtocol.connect() which accepts an javax.net.ssl.SSLSocketFactory as an argument. From what I gather this may take advantage of an already existing SSL Socket and could circumvent this issue? What I don't get is how to create an object from this Abstract class to then pass in... :o( What was the intention of this method's use and could it solve my issue?
Thanks,
-Kyle
On Wed, 2006-09-20 at 14:49 -0500, Kyle Bell wrote: Thanks, Frank.
I'll see if I can find a work around and post if I do.
-Kyle
On Wed, 2006-09-20 at 12:12 -0700, Frank Cohen wrote: Hi Kyle: That looks like a bug in the way the HTTPProtocol object is calling jCookie. I'll add this to the list of things to check in to. If you find a workaround then please let me know.
I'm working on new functions for TestMaker now so I haven't been doing much maintenance on the code in the past two months. If this is a big pain for you then I'll switch back and fix this problem. Please let me know.
Thanks.
-Frank
On Sep 19, 2006, at 12:14 PM, Kyle Bell wrote:
Hello All,
I've recently attempted to use my HTTPProtocol written test cases to connect to my server that is now using HTTPS over SSL rather than plain vanilla HTTP. All these test cases work like a charm over HTTP I might add. When I perform an http_ph.connect(0) to the secure port the following error occurs:
com.pushtotest.tool.ToolException?: com.pushtotest.tool.ToolException?: HTTPProtocol problem: Illegal Argument to SaveCookies?. java.lang.IllegalArgumentException?: No Headers
===================================================
Here is the code leading up to the connect:
def runTest( self ):
Run the test self.log( 1, "PC01002: runTest" )
try:
The following parameters are found in properties.py username = self.username password = self.password hostName = self.tangoc_host serverPort = self.portNum
http_ph = ProtocolHandler?.getProtocol("http") This is the hostname specified in properties.py http_ph.setHost(hostName) this is the port number specified in properties.py http_ph.setPort(serverPort) the specified path to our servlet http_ph.setPath("/provisioning/LoginServ") http_ph.setType( HTTPProtocol.POST )
http_h = self.build_mozilla_header() http_ph.setHeader(http_h)
body = ProtocolHandler?.getBody( "http" ) body.addParameter("username",username) body.addParameter("password",password) body.addParameter("bSubmit","Submit") http_ph.setBody( body )
here is a debug statement so that we know the
parameters we set above
self.log(2, "the URL we are calling is: http://"+hostName
+":"+serverPort.toString()+"/provisioning/LoginServ")
self.log(2, "The parameters we are passing are: ") self.log(2, " username = " + str(username)) self.log(2, " password = " + str(password)) self.log(2, "Sending request. ")
response = http_ph.connect( 0 )
This is the section where we start checking the
content of the response for specific pieces ==================================================
Here is the code for self.build_mozilla_header():
def build_mozilla_header(self):
http_h = ProtocolHandler?.getHeader("http") http_h.set('User-Agent', 'Mozilla/5.0 (X11; U; Linux
x86_64; en- US; rv:1.7.12) Geck0/20060130 Red Hat/1.0.7-1.4.3 Firefox/1.0.7')
http_h.set('Accept', 'text/xml,application/xml,application/
xhtml +xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5')
http_h.set('Accept-Language','en-us,en;q-0.5') http_h.set('Accept-Encoding', 'gzip,deflate') http_h.set('Accept-Charset','ISO-8859-1,utf-8;q=0.7,*;q=0.7') http_h.set('Keep-Alive','300') http_h.set('Connection','keep-alive')
return http_h
=============================================
I found a couple of postings from a few years ago that had responses looking like this:
Hi Xiuping,
I pondered this java.lang.IllegalArgumentException? case when I was working on this. The jCookie API is a little unclear on when this comes up. I finally decided that "No Headers" really was an abberant condition. But since you saw it right away, it sounds like the jCookie code is perhaps throwing that when there just isn't any cookie information.
For now I would suggest you wrap your call in:
try:
whatever
except java.lang.IllegalArgumentException?:
"""Ignore this case"""
BTW is the service you are testing publicly available? If so then we have a pretty good chance of making sure this works when we do the next TM release. I believe you sent the script to Frank before, yes?
Thanks -TAB
====================================================
The new version of Tool uses the jCookie library to manage cookies. The jCookie API is on docs.pushtotest.com at:
http://docs.pushtotest.com/jcookie/jCookie-0.8b/docs/api/
Also, look at the Javadoc for TOOL to see how to view the cookies in an HTTPProtocol object at:
http://docs.pushtotest.com/tooldocs/com/pushtotest/tool/ protocolhandler/HTTP Protocol.html#getCookies(0)
-Frank
-- Frank Cohen, Founder, http://www.PushToTest.com, phone: 408 374 7426
PushToTest offers free open-source test software and global services solutions that test, monitor and automate Web Service systems for functionality, scalability and performance.
====================================================
Now, the TestMaker version I am currently running is 4.4 which has an up-to-date version of jCookie, so that shouldn't be my problem. Also, the example in Frank's book and on the pushtotest web site is using an older agent called HTTPS_Connect.a which uses the deprecated HTTPSProtocol class.
In the TM4.4 example_agents folder there is an example called HTTPS_SSL_Reference.py which appears to set some certificates and such up, but I haven't seen an agent which actually performs a connect over an SSL/TLS socket with out a deprecated class.
Does anyone have any updated example scripts for connecting and getting a response to a secure HTTP request or could you kindly point out what I'm missing from my own code?
Regards,
Kyle Bell Tango Networks
