Gatling not sending client cert at all
200 views
Skip to first unread message
Ethan Allen
Apr 8, 2017, 12:27:03 AM4/8/17
to Gatling User Group
Hello, I've been beating my head against the wall. TL;DR is that for some reason Gatling will not send, to my understanding, the client cert at all.
Some details:
- Project is a gatling-maven-plugin project
- Client cert is signed by an internal CA
- Enabling -Djavax.net.debug=all for gatling-maven-plugin reveals a ton of SSL information and from what I can glean it doesn't send my cert
- If I purposely put in the wrong password OR bad file name, the gatling.conf is read and an exception is thrown.
- Based on the nature of the infrastructure the server will NOT reject due to no client cert but rather the application will have permission/entitlement issues and respond with error when not present
- My Scala skills are weak
My project structure below:
+----shared-services-capacity
+----pom.xml
+----src
| +----test
| +----resources
| | +----EACertsKeystore.jks
| | +----gatling.conf
| | +----logback.xml
| | +----recorder.conf
| +----scala
| +----com
| | +----tm
| | +----sharedservices
| | +----Healthcheck.scala
| | +----RecordedSimulation.scala
| | +----TAP
| | +----ReserveCriteria.scala
| +----Engine.scala
| +----IDEPathHelper.scala
| +----Recorder.scalaMy pom:
<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>
<groupId>com.tm.sharedservices</groupId>
<artifactId>shared-service-capacity</artifactId>
<version>1.0-SNAPSHOT</version>
<properties>
<maven.compiler.source>1.8</maven.compiler.source>
<maven.compiler.target>1.8</maven.compiler.target>
<scala.version>2.11.8</scala.version>
<encoding>UTF-8</encoding>
<gatling.version>2.2.4</gatling.version>
<scala-maven-plugin.version>3.2.2</scala-maven-plugin.version>
</properties>
<dependencyManagement>
<dependencies>
<dependency>
<groupId>io.gatling</groupId>
<artifactId>gatling-app</artifactId>
<version>${gatling.version}</version>
</dependency>
<dependency>
<groupId>io.gatling</groupId>
<artifactId>gatling-recorder</artifactId>
<version>${gatling.version}</version>
</dependency>
<dependency>
<groupId>io.gatling.highcharts</groupId>
<artifactId>gatling-charts-highcharts</artifactId>
<version>${gatling.version}</version>
</dependency>
<dependency>
<groupId>org.scala-lang</groupId>
<artifactId>scala-library</artifactId>
<version>${scala.version}</version>
</dependency>
</dependencies>
</dependencyManagement>
<dependencies>
<dependency>
<groupId>io.gatling.highcharts</groupId>
<artifactId>gatling-charts-highcharts</artifactId>
</dependency>
<dependency>
<groupId>io.gatling</groupId>
<artifactId>gatling-app</artifactId>
</dependency>
<dependency>
<groupId>io.gatling</groupId>
<artifactId>gatling-recorder</artifactId>
</dependency>
<dependency>
<groupId>org.scala-lang</groupId>
<artifactId>scala-library</artifactId>
</dependency>
</dependencies>
<build>
<testSourceDirectory>src/test/scala</testSourceDirectory>
<pluginManagement>
<plugins>
<plugin>
<groupId>net.alchim31.maven</groupId>
<artifactId>scala-maven-plugin</artifactId>
<version>${scala-maven-plugin.version}</version>
</plugin>
</plugins>
</pluginManagement>
<plugins>
<plugin>
<groupId>net.alchim31.maven</groupId>
<artifactId>scala-maven-plugin</artifactId>
<executions>
<execution>
<goals>
<goal>testCompile</goal>
</goals>
<configuration>
<args>
<arg>-Ybackend:GenBCode</arg>
<arg>-Ydelambdafy:method</arg>
<arg>-target:jvm-1.8</arg>
<arg>-deprecation</arg>
<arg>-feature</arg>
<arg>-unchecked</arg>
<arg>-language:implicitConversions</arg>
<arg>-language:postfixOps</arg>
</args>
</configuration>
</execution>
</executions>
</plugin>
<plugin>
<groupId>io.gatling</groupId>
<artifactId>gatling-maven-plugin</artifactId>
<version>${gatling.version}</version>
<configuration>
<runMultipleSimulations>true</runMultipleSimulations>
<includes>
<!--<param>com.tm.sharedservices.Healthcheck</param>-->
<param>com.tm.sharedservices.TAP.ReserveCriteria</param>
</includes>
</configuration>
<executions>
<execution>
<phase>test</phase>
<goals><goal>execute</goal></goals>
<configuration>
<jvmArgs>
<jvmArg>-Djavax.net.debug=all</jvmArg>
</jvmArgs>
</configuration>
</execution>
</executions>
</plugin>
</plugins>
</build>
</project>My gatling.conf:
.....
http {
#fetchedCssCacheMaxCapacity = 200 # Cache size for CSS parsed content, set to 0 to disable
#fetchedHtmlCacheMaxCapacity = 200 # Cache size for HTML parsed content, set to 0 to disable
#perUserCacheMaxCapacity = 200 # Per virtual user cache size, set to 0 to disable
#warmUpUrl = "http://gatling.io" # The URL to use to warm-up the HTTP stack (blank means disabled)
#enableGA = true # Very light Google Analytics, please support
ssl {
keyStore {
type = "jks" # Type of SSLContext's TrustManagers store
file = "EATMCertsKeystore.jks" # Location of SSLContext's TrustManagers store
password = "XXXX" # Password for SSLContext's TrustManagers store
#algorithm = "" # Algorithm used by SSLContext's TrustManagers store
}
trustStore {
#type = "jks" # Type of SSLContext's KeyManagers store
#file = "XXXX" # Location of SSLContext's KeyManagers store
#password = "XXX" # Password for SSLContext's KeyManagers store
#algorithm = "" # Algorithm used SSLContext's KeyManagers store
}
}
ahc {
#keepAlive = true # Allow pooling HTTP connections (keep-alive header automatically added)
#connectTimeout = 10000 # Timeout when establishing a connection
#handshakeTimeout = 10000 # Timeout when performing TLS hashshake
#pooledConnectionIdleTimeout = 60000 # Timeout when a connection stays unused in the pool
#readTimeout = 60000 # Timeout when a used connection stays idle
#maxRetry = 2 # Number of times that a request should be tried again
#requestTimeout = 60000 # Timeout of the requests
acceptAnyCertificate = true # When set to true, doesn't validate SSL certificates
....- Is there some sort of standard regarding the JKS file that isn't well documented that will eliminate gatling from sending it?
- Is there any sort of real GitHub project with test JKS that one could pull apart to suss out the differences and flaws in their own project?
- Is there any sort of debug information I should be looking for as to why the cert is not being sent?
- What else can I do to get unblocked? What information can I provide?
Thanks!
Message has been deleted
Ethan Allen
Apr 11, 2017, 1:22:29 PM4/11/17
to Gatling User Group
We did the following to get past this:
- Created a new trust store that had the client cert and grandfather cert that signed the server cert
- Created a new key store that just had the client private key
- Made sure both had the same password (I don't know why this would matter)
- Dont rename the keystore once created :)
Reply all
Reply to author
Forward
0 new messages