Service Virtualization

  • 1.  Problems with Loading Keystore File During Deployment

    Posted Jan 22, 2016 05:22 PM

    I am using DevTest 9.0 and have recorded a service that requires mutual authentication between the client and service.

     

    When I go to deploy my virtual service, it immediately fails for a "java.lang.RuntimeException: Cannot load keystore file named C:/Users/Public/Documents/keystore.jks"

     

    Now obviously, this is probably happening because that file does not exist on my VSE server.

     

    So how do I tell DevTest where my keystore file is during recording, but also have that same keystore file be available out on the VSE box when deploying the virtual service?

     

     


    Below are the configurations I made to the recorder when I created the Virtual Service.

     

    Recorder_Config.png

     

    For the "Use SSL to Server" section I ::

    - used the "Select..." button to navigate to and select my keystore.jks file

    - entered the password

    - clicked the "Verify..." button to ensure that it worked.

     

    For the "Use SSL to Client" section I ::

    - used the "Select..." button to navigate to and select my keystore.jks file

    - entered the password

    - clicked the "Verify..." button to ensure that it worked.

     

    I also enabled the "Enable Client Certificate Authentication" option and set it to "Require client certificate"

     


    This configuration allowed me to record transactions, but when I attempt to deploy the .vsm to my VSE, I get the "Cannot load keystore" error (see above)

     

     

    So what am I doing wrong here? 

    Do I need to make some kind of configuration to the local.properties file, rather than using the "Select..." button and picking my keystore file from the filesystem?

    Do I need to be storing my keystore file in a specific place, maybe like in the project itself?

     

     

    Any help would be very much appreciated.

    - Jeff



  • 2.  Re: Problems with Loading Keystore File During Deployment
    Best Answer

    Posted Jan 25, 2016 11:10 AM

    Hi Jeff,

    As you have discovered, you can specify the location of the keystores by directing DevTest to look in a specific directory (c:/users/public/....).  When you specify the location of the keystores, DevTest generates a VSM such that the LISTEN and, if necessary, Live Invocation steps contain this path.  DevTest does not attempt to alter these paths so when the VSM deploys to VSE, the path specified during recording is used during playback.  You can double click the LISTEN step in Workstation to see the configuration, but I figure you already know this.

     

    There are several approaches to solve for this, but some of them may or may not be acceptable depending on your organization's security policies regarding keystore governance, sharing password information, etc.

     

    Option A (spin off your scenario above):

    - Save the keystore on your VSE server in a directory of your choice

    - Edit the recorded VSM's LISTEN and/or Live Invocation Steps and change the location of the keystore from c:/users/public/documents/keystore.jks to the location where you saved the keystore file on the VSE

    - Save and deploy your VSM

    - NOTE: This approach may be sub-optimal because if you run the VSM in ITR mode, the cert path specified in VSE is most likely different from the cert path used locally.  You could set up a local config and VSE config to point to the JKS location and use property {{ }} notation to keep the two in check by executing or deploying with the desired config.

     

    Option B:

    - Create a directory in your DevTest installation [LISA_HOME] folder (technically this directory can be any location)

    - Copy/paste the keystore files into this directory

    - Use DevTest property notation such as {{LISA_HOME))/<yourDirectory>/keystore.jks to specify the location of the keystore in LISTEN and LIVE INVOCATION steps

      - This approach ensures that the JKS file is in a location available to both Workstation and VSE regardless of the Operating System and pathing notation

      - Also, storing keystores this way may improve automated deployments of Workstation and VSEs as deployment of the keystores could be automated with an installation of DevTest

    - Ensure that the keystore is deployed into the LISA_HOME directory for all instances of DevTest VSE and Workstation -- or at least those instances that may edit or use this VSM

    - Deploy the VSM

     

    Option C:

    - Another option is the use of the Project folder; however, your certs might be used by other services that are not in this project so isolating the JKS at the project level may not provide maximum reusability.

     

    Other techniques are commented on in the DevTest Solutions - 9.0_ENU_20151117.pdf.  Look for sections on SSL Properties, SSL Certificates, and Interconnectivity Properties.  These options use global properties such as ssl.server.cert.path, ssl.client.cert.path, ws.ssl.client.cert.path, etc. which override the OOTB DevTest key and trust stores.  Regardless though, these options require the keystore file be in a path that is accessible to both VSE and Workstation.

     

    Hope this helps some.

    Regards,

    Joel



  • 3.  Re: Problems with Loading Keystore File During Deployment

    Posted Jan 25, 2016 11:31 AM

    Joel -

     

    Thank you for the very detailed and helpful response!  I am working through some of your suggestions right now and will let you know how it goes.

     

    Thanks again!

    -Jeff



  • 4.  Re: Problems with Loading Keystore File During Deployment

    Posted Jan 25, 2016 01:54 PM

    Joel -

     

    You're awesome!  I tried out your Option C and it worked perfectly.  I was able to record my transactions in the workstation and deploy to my VSE (on another machine) with no problem.  When I get more time, I'll go back and try out one of your other, more efficient options.

     

    Thanks again for the help!

    -Jeff