Hello, I’ve been beating my head against the wall. TL;DR is that for some reason Gatling will not send, to my understanding, the client cert at all.
Some details:
- Project is a gatling-maven-plugin project
- Client cert is signed by an internal CA
- Enabling -Djavax.net.debug=all for gatling-maven-plugin reveals a ton of SSL information and from what I can glean it doesn’t send my cert
- If I purposely put in the wrong password OR bad file name, the gatling.conf is read and an exception is thrown.
- Based on the nature of the infrastructure the server will NOT reject due to no client cert but rather the application will have permission/entitlement issues and respond with error when not present
- My Scala skills are weak
My project structure below:
`
±—shared-services-capacity
±—pom.xml
±—src
±—test
±—resources±—EACertsKeystore.jks
±—gatling.conf
±—logback.xml
±—recorder.conf
±—scala
±—com
±—tm
±—sharedservices
±—Healthcheck.scala
±—RecordedSimulation.scala
±—TAP
±—ReserveCriteria.scala
±—Engine.scala
±—IDEPathHelper.scala
±—Recorder.scala
`
My pom:
`
<?xml version="1.0" encoding="UTF-8"?>
4.0.0
com.tm.sharedservices
shared-service-capacity
1.0-SNAPSHOT
<gatling.version>2.2.4</gatling.version>
<scala-maven-plugin.version>3.2.2</scala-maven-plugin.version>
My gatling.conf:
`
…
http {
#fetchedCssCacheMaxCapacity = 200 # Cache size for CSS parsed content, set to 0 to disable
#fetchedHtmlCacheMaxCapacity = 200 # Cache size for HTML parsed content, set to 0 to disable
#perUserCacheMaxCapacity = 200 # Per virtual user cache size, set to 0 to disable
#warmUpUrl = “http://gatling.io” # The URL to use to warm-up the HTTP stack (blank means disabled)
#enableGA = true # Very light Google Analytics, please support
ssl {
keyStore {
type = “jks” # Type of SSLContext’s TrustManagers store
file = “EATMCertsKeystore.jks” # Location of SSLContext’s TrustManagers store
password = “XXXX” # Password for SSLContext’s TrustManagers store
#algorithm = “” # Algorithm used by SSLContext’s TrustManagers store
}
trustStore {
#type = “jks” # Type of SSLContext’s KeyManagers store
#file = “XXXX” # Location of SSLContext’s KeyManagers store
#password = “XXX” # Password for SSLContext’s KeyManagers store
#algorithm = “” # Algorithm used SSLContext’s KeyManagers store
}
}
ahc {
#keepAlive = true # Allow pooling HTTP connections (keep-alive header automatically added)
#connectTimeout = 10000 # Timeout when establishing a connection
#handshakeTimeout = 10000 # Timeout when performing TLS hashshake
#pooledConnectionIdleTimeout = 60000 # Timeout when a connection stays unused in the pool
#readTimeout = 60000 # Timeout when a used connection stays idle
#maxRetry = 2 # Number of times that a request should be tried again
#requestTimeout = 60000 # Timeout of the requests
acceptAnyCertificate = true # When set to true, doesn’t validate SSL certificates
…
`
-
Is there some sort of standard regarding the JKS file that isn’t well documented that will eliminate gatling from sending it?
-
Is there any sort of real GitHub project with test JKS that one could pull apart to suss out the differences and flaws in their own project?
-
Is there any sort of debug information I should be looking for as to why the cert is not being sent?
-
What else can I do to get unblocked? What information can I provide?
Thanks!
