Betamax HTTPS Recording with Proxy - Certificate Error - Java Groovy

Question

I can't get HTTPS URL's working with betamax.

It's similar to this other issue posted below, however I've already done the betamax.pem file import and it seems to have had no effect:

Here's the import command I ran:

c:\Users\UserAccount>"%JAVA_HOME%/bin/keytool.exe" -importcert -keystore "%JAVA_HOME%/jre/lib/security/cacerts" -file betamax.pem -alias betamax -storepass changeit -noprompt

Here is my config:

    static final File TAPES =
    new File(System.getProperty('BETAMAX_TAPEDIR') ?:
        'src/integrationTest/resources/betamax/tapes')

    static final TapeMode TAPEMODE =
    System.getProperty('BETAMAX_MAKETAPES') ?
        TapeMode.READ_WRITE :
        TapeMode.READ_ONLY

    static final Integer PROXYPORT =
    System.getProperty('BETAMAX_PROXYPORT') ?
        System.getProperty('BETAMAX_PROXYPORT').toInteger() :
        Configuration.DEFAULT_PROXY_PORT

    @Shared
    Configuration configuration =  Configuration.builder()
            .tapeRoot(TAPES)
            .ignoreLocalhost(false)
            .defaultMode(TAPEMODE)
            .proxyPort(PROXYPORT)
            .sslEnabled(true)
            .build()

    @Rule
    RecorderRule recorder = new RecorderRule(configuration)

    @Betamax(tape='GradleNews.tape')
    def "Try record HTTPS"()
    {
      when:
      def http = new RESTClient('https://discuss.gradle.org')
      http.head path: 'c/books-articles'

      then:
      true
    }

Which produces:

javax.net.ssl.SSLException: hostname in certificate didn't match: <discuss.gradle.org> != <*.discourse.org> OR <*.discourse.org> OR <discourse.org>

Can anyone see what I'm doing wrong?

Here's a report of a similar issue: Betamax fails to record HTTPS traffic

Answer 1

In summary, the answer to this is that HTTPBuilder does not respect the automatic redirect to proxy implemented by Betamax. This is documented on the betamax.software documentation, which I seem to have misunderstood. To work with HTTPBuilder (or it's RESTClient derivative), just set the proxy host/port on the httpclient manually to 127.0.0.1/5555 respectively. When using an HTTP client which respects the JVM proxy setting, it seems to work seamlessly.

It's also worth noting that the error message was very misleading. When using RESTClient, it seems to point to an issue in the certificate, which made me spend a day trying to figure out why it's not seeing the betamax certificate in the certificate store. However, there was no issue with the certificate, it was fixed purely by setting the proxy manually.