Creating a Mock Google Apps API Certificate

The Setup

In this post we’ll discuss how to create a self-signed Google Apps API certificate for use in automated testing.

We do many types of software and system testing in the Custom Development practice at IDMWORKS, from Unit tests to Integration tests, System and Smoke tests. These are created using tools such as JUnit and RSpec and automated using systems such as Jenkins.

One of the techniques we employ is mocking HTTP responses from 3rd-party APIs. This allows us the flexibility of targeting either the real API or mocking the results while using the same bed of test cases and code.

The Challenge

One of the 3rd-party APIs that we ran into trouble mocking at the HTTP level was Google Apps. Their Client Library expects a certificate to be supplied for communication with their API. In our case, when mocking the HTTP responses we did not want to provide a real certificate for a Google Apps service account. Rather, we wanted to simply use a self-signed Google Apps API certificate.

While generating a self-signed p12 file is fairly straight forward using OpenSSL, getting the steps to work with the Google Apps Client Library took a bit of trial and some spelunking in the Google Apps Client Library for Java source code.

The error we initially ran into with a self-signed certificate was:

A bit of research led to the conclusion that the password being used to encrypt private keys was not correct. Indeed we were testing with a blank password in the self-signed cert. Luckily the source code for the Google Apps Client Library is Open Source, so a bit of digging lead to the following code:

By referencing the SecurityUtils.loadPrivateKeyFromKeyStore online documentation, we can see that the Google Apps Client Library expects the certificate to use the password “notasecret” and the alias “privatekey”.

The Solution

Armed with that knowledge, the final set of steps for creating the self-signed Google Apps API certificate is found below:

This will create and export a self-signed p12 file that can be successfully loaded by the Google Apps Client Library. Good luck and happy testing!

Questions, comments or concerns? Feel free to reach out to us below, or email us at IDMWORKS to learn more about how you can protect your organization and customers.

Leave a Reply

Your email address will not be published. Required fields are marked *