Recorder created using the V2 API don't work with SSL

Products

Service Virtualization

Issue/Introduction

When the VS recorder is created using the Virtual Service Invoke API V2 for SSL endpoint, the recorder does not provide any response to any request and transactions are not recorded.

This issue prevents us from automating the creation of recorders using the APIs.

Steps to reproduce:

Step 1: creating a real service

We created an HTTPS service using the following python 3 code:

import http.server, ssl

server_address = ('0.0.0.0', 8443)
httpd = http.server.HTTPServer(server_address, http.server.SimpleHTTPRequestHandler)
httpd.socket = ssl.wrap_socket(httpd.socket,
                               server_side=True,
                               certfile='localhost.pem',
                               ssl_version=ssl.PROTOCOL_TLS)

httpd.serve_forever()

It requires a self signed certificate in the same folder which can be generated with the following command

openssl req -new -x509 -keyout localhost.pem -out localhost.pem -days 365 -nodes

After running the service we were able to open the url https://localhost:8443 with a web browser as shown in img1.png.

Step 2: creating the recorder using the Portal UI

Created a recorder using the Portal UI.

The Python HTTPS service is running on the IP a.a.a.a, while the VSE in on the IP b.b.b.b

As expected every call to this recorder is proxied to the python HTTPS server. We could verify this by accessing the page

http://b.b.b.b:23785

Step 3: creating the recorder using the Virtual Service Invoke API

We created a recorder using the following API calls:

POST http://localhost:1505/lisa-virtualize-invoke/api/v2/vses/{{vseId}}/vsBuilderSessions
Body:
{"name": "test001","description": "Optional description"}

POST http://localhost:1505/lisa-virtualize-invoke/api/v2/vses/{{vseId}}/vsBuilderSessions/{{sessionId}}/transportProtocols
Body:
{
    "typeId": "HTTP",
    "basePath": "/",
    "useGateway": true,
    "hostHeaderPassThrough": true,
    "allAreStateless": true,
    "allowModifyHostHeader":true,
    "recordingEndpoint": {
        "host": "b.b.b.b",
        "port": "8033"
    },
    "targetEndpoint": {
        "useSSL": true,
        "host": "a.a.a.a",
        "port": "8443"
    }
}

POST http://localhost:1505/lisa-virtualize-invoke/api/v2/vses/{{vseId}}/recorders
Body:
{
  "sessionId": "{{sessionId}}"
}

Finally we made a request to the recorder using the browser by accessing the page http://b.b.b.b:8033

Unfortunately the recorder was not able to provide a response.

Environment

All supported DevTest releases and platforms.

Cause

V2 API is not context aware, hence whatever is mentioned Transport Protocol it tries to start the recording with it. Though useSSL=true was it it was not aware about the certificate.

Resolution

Take make V2 API aware about certificate, certificate needs to be copied on VSE server and reference it in the Transport Protocol as shown below

{
"typeId": "HTTP",
"basePath": "/",
"useGateway": true,
"hostHeaderPassThrough":false,
"allowModifyHostHeader": false,
"targetEndpoint":{
"port":"8443",
"host":"a.a.a.a",
"useSSL":true,
"sslConfig":{
"keystoreFile":"C:/Program Files/CA/DevTestServer/localhost.pem",
"keystorePassword":"",
"alias":"lisa",
"aliasPassword":""
}
},
"recordingEndpoint":{
"port":"8033",
"host":"b.b.b.b",
"useSSL":false
}
}

where

a.a.a.a is the Python Server where it is using localhost.pem file
It should be copied on the devtest server b.b.b.b and refer it in the ssLConfig object of targetEndPoint
SSL can be enabled for recordingEndPoint too but same certificate should be available on the DevTest server.

Please note that in "keystoreFile":"C:/Program Files/CA/DevTestServer/localhost.pem" is the complete path of localhost.pem file from server.