使用.p12证书对Selenium WebDriver(Java)进行身份验证 [英] Authenticating Selenium WebDriver (Java) with .p12 certificate
问题描述
我花了几天时间寻找解决方案.
I spent a couple days searching for a solution for this.
我有一个项目正在尝试为其创建Selenium WebDriver测试套件.该站点旨在通过两因素身份验证进行保护. 2个因素将用于提供将通过服务器进行身份验证的证书.
I have a project I am attempting to create a Selenium WebDriver test suite for. This site is intended to be protected by 2-factor authentication. The 2-factors would be use to deliver a certificate which would authenticate with the server.
目前,我们已经拥有它,因此我们可以使用以"https://" 开头的URL访问服务器.当我们转到url(在firefox中)时,会看到一个标签为用户标识请求"的弹出窗口,以及带有标签选择要作为标识出示的证书"的下拉列表.
At the moment, we have have it so that we access the server with a url beginning with "https://". When we go the url (in firefox) we see a pop-up labeled "User Identification Request" with a dropdown with the label "Choose a certificate to present as identification:".
之前,我通过转到选项->隐私权&添加了证书(标记为"client1.p12").在安全性"->证书"->查看证书"中,选择您的证书"选项卡,单击导入",浏览到"client1.p12"文件并输入密码.这样,我现在可以在选择要显示的证书..."下拉列表中看到相应的证书.
Earlier, I added the certificate (labeled "client1.p12") by going to Options->Privacy & Security->Certificates->View Certificates, selecting the "Your Certificates" tab, clicking "Import", browsing to the "client1.p12" file and entering the password. By doing this, I can now see the appropriate certificate in the "Choose a certificate to present . . . " dropdown.
我的问题是如何设置Selenium WebDriver以选择证书.上述弹出窗口是Windows组件(不是html),因此我不能简单地单击并选择证书.我也在尝试对geckodriver使用headless选项.
The question I have is how do I set-up Selenium WebDriver to select the certificate. The pop-up described above is a Windows component (not html), so I cannot simply click and select the certificate. I am also trying to use the headless option for geckodriver.
我能找到的最佳解决方案涉及以下内容:
The best solution I was able to find involved something like the following:
DesiredCapabilities capabilities = new DesiredCapabilities();
capabilities.setCapability(CapabilityType.ACCEPT_SSL_CERTS, true);
capabilities.setCapability("ssl-client-certificate-file", "<path-to-client1.p12>");
capabilities.setCapability("ssl-client-key-passphrase", "<password>");
WebDriver driver = new FirefoxDriver(capabilities);
driver.get(<url>);
不幸的是,我在最后一行"driver.get();"获得了"org.openqa.selenium.WebDriverException".
Unfortunately, I get a "org.openqa.selenium.WebDriverException" at the last line, "driver.get();"
推荐答案
我已经找到了部分解决方案.在其他情况下,可能只是我所需要的,但是由于我将在结尾处描述的原因,此处不够.
I have figured out a partial solution. In other circumstances, it may be all I would need, but, for reasons I will describe at the end, it is insufficient here.
这个问题有两个方面.首先,我需要设置Selenium来接受服务器的证书.其次,我需要让Selenium将.p12证书交付给服务器.
There were two sides to this problem. First, I needed to set up Selenium to accept the server's certificate. Second, I needed to get Selenium to deliver the .p12 certificate to the server.
要接受服务器的证书,我做了如下操作:
To accept the server's certificate, I did something like the following:
DesiredCapabilities capabilities = DesiredCapabilities.firefox();
capabilities.setCapability(CapabilityType.ACCEPT_INSECURE_CERTS, true);
. . .
FirefoxOptions firefoxOptions = new FirefoxOptions();
. . .
firefoxOptions.addCapabilities(capabilities);
. . .
driver = new FirefoxDriver(firefoxOptions);
. . .
driver.get(nbisURL);
要将.p12证书发送到服务器,我使用了firefox配置文件.此处描述了部分过程: https://seleniumbycharan.wordpress.com/2015/07/12/how-to-create-custom-firefox-profile-in-selenium-webdriver/
To send the .p12 certificate to the server, I used a firefox profile. Part of the procedure is described here: https://seleniumbycharan.wordpress.com/2015/07/12/how-to-create-custom-firefox-profile-in-selenium-webdriver/
基本上,正如本文中所述,我创建了一个配置文件("eAgency-Client1"),从而打开了firefox浏览器.在该浏览器中,我按照原始帖子中描述的方式设置了证书.然后,我设置硒以使用该配置文件:
Essentially, I created a profile ("eAgency-Client1"), as described in the article, which resulted in an open firefox browser. In that browser, I set-up the certificate in the manner I described in my original post. I then set up selenium to use that profile:
ProfilesIni profile = new ProfilesIni();
FirefoxProfile ffProfile = profile.getProfile("eAgency-Client1");
ffProfile.setPreference("security.default_personal_cert", "Select Automatically");
. . .
FirefoxOptions firefoxOptions = new FirefoxOptions();
. . .
firefoxOptions.setProfile(ffProfile);
. . .
driver = new FirefoxDriver(firefoxOptions);
因此,将上面的两个代码片段交错会得到我的解决方案.
So, interlacing the above two snippets results in my solution.
我现在遇到的问题是,我似乎无法在其他计算机上使用该配置文件,因此该Selenium测试套件不可移植.
The problem I have now is that I cannot seem to use that profile on other machines, so this Selenium testing suite is not portable.
我在Jenkins中运行测试套件. Jenkins在没有GUI的CentOS服务器上运行.我将"eAgency-Client1"配置文件从本地Windows计算机复制到CentOS服务器中的正确位置,并在CentOS上适当地修改了profile.ini文件.
I run the testing suite in Jenkins. Jenkins runs on a CentOS server that does not have GUI. I copied the "eAgency-Client1" profile from my local windows machine to the proper location in the CentOS server and modified the profiles.ini file on CentOS appropriately.
(I loosely followed the advice given here http://forum.notebookreview.com/threads/migrate-firefox-profile-from-windows-to-linux.444601/. However, I needed to add the profile to the Jenkins firefox instance by copying it to /var/lib/jenkins/.mozilla/firefox. I also did not copy the entire Mozilla directory. Just the profile, after which I modified the profiles.ini file.)
我知道个人资料已成功复制,因为. .
I know the profile was successfully copied because . . .
FirefoxProfile ffProfile = profile.getProfile("eAgency-Client1");
. . .不返回空值.当我访问该网站时,麻烦就来了.当我转到该站点并获取页面源代码时,可以看到表明我没有发送证书的标准错误:
. . . does not return a null. The trouble comes when I access the site. When I go to the site and get the page source, I can see the standard error which indicates I did not send the certificate:
<html><head><title>400 No required SSL certificate was sent</title></head>
<body bgcolor="white">
<center><h1>400 Bad Request</h1></center>
<center>No required SSL certificate was sent</center>
<hr><center>nginx/1.10.2</center>
</body></html>
我没有在本地计算机上获得此源.我的本地计算机可以轻松到达所需的位置.在本地,我没有收到"400错误请求".
I do not get this source on my local machine. My local machine gets to the place it needs to go to without trouble. Locally, I do not get the "400 Bad Request".
这篇关于使用.p12证书对Selenium WebDriver(Java)进行身份验证的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!