How do I configure Betamax to use SSL for my Spock tests?

Question

I have been trying to configure Betamax v2.0.0-alpha-1 to mock HTTP(S) calls from my spock tests. Calls to non-SSL sites work but a call to an HTTPS site causes the following exception:

javax.ws.rs.ProcessingException: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

I've boiled the code down to that shown below and calling groovy BetamaxTestSpec.groovy should give you the exception. As you can see in the code, I'm using the jersey-client library.

Gist: https://gist.github.com/dedickinson/6ad96679a15b24b2e3d3

Code:

@Grab('org.spockframework:spock-core:1.0-groovy-2.4')
@Grab('software.betamax:betamax-junit:2.0.0-alpha-1')
@Grab('org.glassfish.jersey.core:jersey-client:2.22.1')
import org.junit.Rule
import software.betamax.ProxyConfiguration
import software.betamax.TapeMode
import software.betamax.junit.Betamax
import software.betamax.junit.RecorderRule
import spock.lang.Specification

import javax.ws.rs.client.ClientBuilder
import javax.ws.rs.core.MediaType

import groovy.json.JsonSlurper

class BetamaxTestSpec extends Specification {
    @Rule
    RecorderRule recorderRule = new RecorderRule(ProxyConfiguration.builder()
            .sslEnabled(true)
            .build())

    @Betamax(tape = 'jCenterKeywordQuery.tape', mode = TapeMode.WRITE_ONLY)
    def "Test basic keyword query with JCenter"() {
        given:
        def searcher = new Searcher()
        def result = searcher.searchJCenter('groovy*')
        expect:
        1 == 1
    }

    @Betamax(tape = 'mvnKeywordQuery.tape', mode = TapeMode.WRITE_ONLY)
    def "Test basic keyword query with Maven Central"() {
        given:
        def searcher = new Searcher()
        def result = searcher.searchMavenCentral('groovy')
        expect:
        1 == 1
    }

    class Searcher {
        def searchJCenter(qry) {
            new JsonSlurper().parseText ClientBuilder.newClient().
                    target('https://api.bintray.com/search/packages/maven/'.toURI()).
                    queryParam('q', qry).
                    request(MediaType.APPLICATION_JSON_TYPE).get(String)
        }

        def searchMavenCentral(qry) {
            new JsonSlurper().parseText ClientBuilder.newClient().
                    target('http://search.maven.org/solrsearch/select'.toURI()).
                    queryParam('q', qry).
                    queryParam('rows', 20).
                    queryParam('wt', 'json').
                    request().
                    get(String)
        }
    }
}

Answer 1

You need to import the certificate to JRE in order to make it work. After running the script two files will occur (as in comments): - littleproxy_cert - littleproxy_keystore.jks

Run the following command to import the certificate:

keytool -import -file littleproxy_cert -alias littleproxy -keystore $JAVA_HOME/jre/lib/security/cacerts

The default password is changeit. You probably haven't changed it ;)

P.S. Upvoted for preparing a running example - still so rare here.