Service Virtualization

Broadcom Employee Shiney Abraham posted Mar 02, 2023 10:25 AM

Can you verify the live call using a Webservice step ?  what response are you getting?

Leon Skeldon posted Mar 02, 2023 11:58 AM

Similar

When I try it locally (hitting the green button with the arrow) it tells me its a

javax.net.ssl.SSLException: Received fatal alert: protocol_version

I cannot see anyway of providing a JKS for the webservice step so don't know if this is causing a problem.

I know the ciphers required are one of:

        - ECDHE-RSA-AES256-GCM-SHA384
        - ECDHE-ECDSA-AES256-GCM-SHA384

Could it be CA Lisa doesn't have these ciphers?  Pretty sure we just upgraded to 10.7

When I try to access the deployed service the web service step I added says:

============================================================================ | java.net.SocketTimeoutException: connect timed out ============================================================================ | Step: http GET ---------------------------------------------------------------------------- | Message: connect timed out ---------------------------------------------------------------------------- | Trapped Exception: connect timed out | Trapped Message: java.net.SocketTimeoutException: connect timed out ---------------------------------------------------------------------------- STACK TRACE java.net.SocketTimeoutException: connect timed out at java.net.PlainSocketImpl.socketConnect(Native Method) at java.net.AbstractPlainSocketImpl.doConnect(AbstractPlainSocketImpl.java:350) at java.net.AbstractPlainSocketImpl.connectToAddress(AbstractPlainSocketImpl.java:206) at java.net.AbstractPlainSocketImpl.connect(AbstractPlainSocketImpl.java:188) at java.net.SocksSocketImpl.connect(SocksSocketImpl.java:392) at java.net.Socket.connect(Socket.java:607) at org.apache.http.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java:542) at org.apache.http.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java:414) at org.apache.http.impl.conn.DefaultClientConnectionOperator.openConnection(DefaultClientConnectionOperator.java:180) at org.apache.http.impl.conn.ManagedClientConnectionImpl.open(ManagedClientConnectionImpl.java:326) at org.apache.http.impl.client.DefaultRequestDirector.tryConnect(DefaultRequestDirector.java:610) at org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:445) at org.apache.http.impl.client.AbstractHttpClient.doExecute(AbstractHttpClient.java:835) at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:72) at com.itko.lisa.test.CommTrans.doSend(CommTrans.java:1107) at com.itko.lisa.test.CommTrans.doSend(CommTrans.java:910) at com.itko.lisa.test.CommTrans.send(CommTrans.java:864) at com.itko.lisa.test.CommTrans.sendGET(CommTrans.java:739) at com.itko.lisa.ws.rest.RESTNode.doSend(RESTNode.java:264) at com.itko.lisa.ws.rest.RESTNode.doWebTrans(RESTNode.java:181) at com.itko.lisa.ws.rest.RESTNodeBase.execute(RESTNodeBase.java:370) at com.itko.lisa.test.TestNode.executeNode(TestNode.java:994) at com.itko.lisa.test.TestCase.execute(TestCase.java:1297) at com.itko.lisa.test.TestCase.execute(TestCase.java:1198) at com.itko.lisa.test.TestCase.executeNextNode(TestCase.java:1183) at com.itko.lisa.test.TestCase.executeTest(TestCase.java:1124) at com.itko.lisa.coordinator.Instance.run(Instance.java:210) ============================================================================

Broadcom Employee Shiney Abraham posted Mar 02, 2023 12:04 PM

Leon, please review this KB  : https://knowledge.broadcom.com/external/article/111791/list-of-vulnerabilities-for-devtest-serv.html

you might have to add the below ciphers in your local.properties. 

Thanks

Shiney

Leon Skeldon posted Mar 03, 2023 03:36 AM

Where do I find local.properties?  I cannot see it on my local lisa project.

Broadcom Employee Danny Saro posted Mar 03, 2023 05:26 AM

Hi Leon,

local.properties has to reside in your DevTest installation directory, also know as LISA_HOME (not in a lisa project structure).

By default there is no local.properties in there but there is a template called _local.properties. Recommendations are to copy _local.properties to local.properties and continue from there.

Cheers,

Danny

Leon Skeldon posted Mar 06, 2023 06:28 AM

Hi

Am I meant to be updating local.properties on my workspace or on the server where the VS is deployed (assume server?)

I did try on my local but didnt get good results.....

When I try to execute an HTTP get locally from a REST step to the server I get the error message

| Message:     javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

I'm assuming this is because it cannot find the jks it has been given?

In the local.properties I have set 
ssl.client.cert.path=C:\Program Files\Java\jdk1.8.0_101\jre\lib\security\cacerts
ssl.client.cert.pass=*****
#ssl.client.key.pass=
ssl.client.alias=lbgroot

I know the certs in this truststore work as I've proven it using a test harness.

I notice if I look on the global properties in the Workstation I see

ssl.client.cert.path=C:Program FilesJavajdk1.8.0_101jrelibsecuritycacerts

I notice if I change the ssl.client.cert.path in local.properties the value shown on global properties does not change.

What am I doing wrong?

Broadcom Employee Shiney Abraham posted Mar 06, 2023 02:36 PM

Leon,  the path you used does not look valid. Its a Java file seperator issue. 

  Perhaps you meant a path like:

ssl.client.cert.path={{LISA_HOME}}/Projects/mykeystore.jks  

or 

ssl.client.cert.path={{LISA_HOME}}\\Projects\\mykeystore.jks  ( full path the the keystore file  and not the trusted cacert file)