Jwebunit is an excellent tool for testing webpages. It’s part of our build process in cruisecontrol. In the build script we deploy all ear files to an Oracle Application Server and then we use jwebunit to test all the webpages.
Getting jwebunit to work over https, using an untrusted certificate (eg, a self signed certificate), behind a proxy requires some configuration. First some code. The following is a simple jwebunit test:
import net.sourceforge.jwebunit.WebTestCase;
public class Test1 extends WebTestCase {
public Test1() {
}
protected void setUp() throws Exception {
super.setUp();
// configuration for http proxy use
System.setProperty("proxyHost", "10.0.0.1");
System.setProperty("proxyPort", "8080");
System.setProperty("proxySet", "true");
System.setProperty("http.nonProxyHosts", "mywebserver");
// configuration for https proxy use
System.setProperty("https.proxyHost", "10.0.0.1");
System.setProperty("https.proxyPort", "8080");
System.setProperty("https.proxySet", "true");
System.setProperty("https.nonProxyHosts", "mywebserver");
// configure which keystore to use to validate certificate
System.setProperty("javax.net.ssl.trustStore",
"d:\projects\tests\jwebunit\dev.keystore");
System.setProperty("javax.net.ssl.trustStorePassword", "secret");
// specify base url of the web application
getTestContext().setBaseUrl("https://mywebserver/app1/");
beginAt("/");
}
public void test1() {
// test the title of the default page
assertTitleEquals("App1 title");
}
}
The setup method first specifies which proxy to use for http connections. It then specifies the proxy for https connections. The last configuration step specifies a keystore which can be used to validate certificates. This is required if the web server you are using, uses certificates issued by an untrusted party for the https encryption. This might be the case if you create your own certificate, for example using java’s keytool.
You have to tell java that the untrusted certificate used by the webserver can be trusted, otherwise your jwebunit test will fail with the following error:
Caused by: javax.net.ssl.SSLHandshakeException:
sun.security.validator.ValidatorException: No trusted certificate found
To avoid this you provide the certificate used by the webserver in a keystore. The easiest way to save the certificate used by the webserver is to open your website with internet explorer. MSIE will show a ‘Security Alert’ popup window. If you select ‘View Certificate’, choose the ‘Details’ tab, andthen ‘copy to file’, you can save the certificate on your development pc.
After you’ve saved the certificate you can display the contents of the certificate using keytool:
D:projectstestsjwebunit>keytool -printcert -file dev.cer
Owner: CN=dvlp.iteye.nl, O=IT-eye, L=Nieuwegein, ST=Utrecht, C=NL
Issuer: O=IT-eye, C=NL
Serial number: 6
Valid from: Mon Mar 14 15:06:35 CET 2005 until: Sat Mar 13 15:06:35 CET 2010
Certificate fingerprints:
MD5: 7B:26:F0:67:48:4C:1C:35:52:C4:BC:32:50:72:49:CE
SHA1: 94:44:33:18:59:66:BB:71:9F:5B:7C:FE:C3:A6:A8:04:2F:9B:DB:1D
Next, import the certificate into a keystore as follows:
D:projectstestsjwebunit>keytool -import -v -file dev.cer -storepass secret -keystore dev.keystore -alias dev
Owner: CN=dvlp.iteye.nl, O=IT-eye, L=Nieuwegein, ST=Utrecht, C=NL
Issuer: O=IT-eye, C=NL
Serial number: 6
Valid from: Mon Mar 14 15:06:35 CET 2005 until: Sat Mar 13 15:06:35 CET 2010
Certificate fingerprints:
MD5: 7B:26:F0:67:48:4C:1C:35:52:C4:BC:32:50:72:49:CE
SHA1: 94:44:33:18:59:66:BB:71:9F:5B:7C:FE:C3:A6:A8:04:2F:9B:DB:1D
Trust this certificate? [no]: yes
Certificate was added to keystore
[Saving dev.keystore]
Make sure the file is stored in the location specified in the code.