We need to create a self-signed certificate for two reasons. Firstly when accessing CoW directly we need a certificate that we can accept permanently and store in the Firefox profile used by Selenium. The one grails generates is different on each machine which would make unattended testing tricky.
Secondly the certificate that is distributed with ratproxy appears to be of the type that is impossible to get Firefox to remember between sessions so we need to replace this as well in order to be able to route the Selenium tests via ratproxy during unattended testing.
To make life as easy as possible the following instructions will use the same certificate information for both cases, although this doesn't have to be the case.
Let's start with the private key as we need this to create the certificate. Simply issue the command:
openssl genrsa -out keyfile.key
Dead easy! The thing to note is that this key isn't password protected, which may not be ideal but is required otherwise ratproxy won't be able to use it.
So we have the private key let's now create the certificate. This is a bit more complex but start by issuing the command:
openssl req -new -x509 -key keyfile.key -out keyfile.crt
Now this will ask you for a whole bunch of information. Fortunately we don't have to provide many answers. Simply leave all the fields blank (by answering .) except the 'Common Name' field. This must be set to the hostname of the ratproxy server. Most of the time this will simply be 'localhost' but if you are running the proxy on a remote machine then you will need to set this value appropriately.
Ratproxy needs the certificate and private key to be combined into a single file, which can be achieved with the command
cat keyfile.key keyfile.crt > keyfile.pem
Now simply place keyfile.pem into the ratproxy directory, replacing, the default.
First let's continue using OpenSSL to generate a PKCS12 keystore.
openssl pkcs12 -export -in keyfile.crt -inkey keyfile.key -out keystore.pkcs12
When asked for a password use the six digit password '123456'. This is the default password that grails uses and so will result in a keystore that can be used as a drop-in replacement for the default one.
Unfortunately Java can't read PKCS12 keystores so we have to use a Jetty util class to convert it to a normal Java keystore. Grab a copy of the main Jetty JAR file and then issue the command (fixing the JAR name as appropriate), remembering to use the same password as in the previous step:
java -classpath jetty-x.y.z.jar org.mortbay.jetty.security.PKCS12Import keystore.pkcs12 keystore
Now the final step is to fix the alias inside the keystore.
keytool -changealias -alias 1 -destalias localhost -keystore keystore
Right the keystore file can now be used by Grails to sign secure pages.
We use a specific Firefox profile when running the Selenium tests to ensure that we always start from the same state and aren't seeing issues related to Firefox addins or configuration.
We need two slightly different profiles for when Selenium access CoW directly and for when requests are sent via ratproxy for security testing. The steps required to create both profiles are essntially the same.
The idea is that we allow Firefox to create a basic profile and only add information necessary for the Selenium tests to run so we need a profile that...
We can't easily generate the certificate exceptions by hand so we have to get Firefox to do the work for us. Close down all open instances of Firefox and then start it up again using the command firefox -ProfileManager and then create a new profile in a directory of your choice.
Now startup an instance of CoW, and if using ratproxy configure the proxy information in Firefox as well. Access CoW and permanently accept the security certificate. Now you can close down Firefox.
Locate the directory in which you created the profile and copy the files cert8.db and cert_override.txt to the appropriate Selenium profile folder. Now when Selenium runs Firefox it will already know about the security certificate and be able to login to CoW without having to deal with the browser warnings and so can be run unattended by Hudson.
If you are going to be accessing CoW via ratproxy then you need to also configure the profile with details of the proxy address. These details should be saved in the prefs.js file which can be edited manually. The default values (shown below) should suffice.
user_pref("network.proxy.http", "127.0.0.1");
user_pref("network.proxy.http_port", 8084);
user_pref("network.proxy.ssl", "127.0.0.1");
user_pref("network.proxy.ssl_port", 8084);
user_pref("network.proxy.no_proxies_on", "localhost:4444");
user_pref("network.proxy.type", 1);