HTTPS client certificate configuration

Hi,

I would like to configure Gatling in order to have an HTTPS client
certificate per user. I saw the keyStore and trustStore configuration
in gatling.conf but in my case I really need to specify it per user.
Is there a way to do that ? With a feeder for example ?

Thanks

You can’t, the AsyncHttpClient engine is shared amongst users.

What’s your use case exactly? I have the feeling that you’re looking for some beyond web apps load testing… Networks? If so, people tend to implement their own protocol support and ship it Gatling orchestration engine.

My use case is to test an HTTP REST application in which each user have a unique SSL client certificate. This is important because users are authenticated with it and access their private data. I cannot test my application with only one client certificate because I will only be able to access one account which is not representative of my application usage.

If the only way to do that is to implement a custom protocol then I will try to

Thanks

Hello,
I this case maybe you could use alternative tools like JMeter which allows https client certificate per user.

Regards

For completeness:

Regards

How does this work then ?
You specify the Keystore, and from that, JMeter cycle thru all the certificates ?
What if you inject more users than the number of certificates your have ?

Regards

Let me talk about this with Jean-François (the AHC project leader) to see if we can find a proper solution for this.

Cheers,

Stéphane

@JB: I was able to have one AHC instance per user, while sharing the underlying thread pools.
Meaning that we could perfectly implement what you need.

I would just need some help on the SSL part:
https://github.com/excilys/gatling/blob/master/gatling-http/src/main/scala/io/gatling/http/ahc/GatlingHttpClient.scala#L63

Cheers,

Stéphane

Hi,

The problem as I understand it is that the keystore is only defined once in gatling.conf. Then, the same instance is given to all AHC. The solution would be to provide a keystore for each AHC but I don’t know how…

Jean-Baptiste

No no no, this part will be just fine. :slight_smile:

I just need to get sure that passing one keystore per user is fine for you, or if you want one single keystore containing multiple key.
I have no problem with the first solution, but I don’t know how to implement the second one.

OK,

One KeyStore per user is fine for me.

Thanks

Cool!

Can you wait a day or two so I implement this properly?

Yes !

Thank you for your reactivity

Stay tuned!
Beware that you’ll have to walk on the wild side: 2.0.0-SNAPSHOT

I don't know if it's the proper place for that , maybe jmeter user mailing list or stackoverflow (with jmeter tag) is more appropriate but yes you need to have as many certs as users you inject, otherwise your test would not be realistic anyway and you might introduce non existent problems.

Regards

@JB I have great news: I was able to implement it.

Please use this bundle: https://docs.google.com/file/d/0B1zTVlhQrNiyN2dRcExteWVoUGM/edit

Here’s the procedure: https://github.com/excilys/gatling/issues/1121

Beware that we’re dropping our own JsonPath for Jayway’s one, and the syntax is a bit different: http://goessner.net/articles/JsonPath

Please provide feedback.
Cheers,

Stéphane

Hi,

Sorry it took time to test because my simulation was based on gatling 2.

With the new code I am not able to connect to my application with client certificate. I noticed with basic tests that only my trustStore was used in the test
Then, I looked at the code in git and I think I found a bug in gatling-http/src/main/scala/com/excilys/ebi/gatling/http/ahc/GatlingHttpClient.scala:

val trustManagers = for {
storeType ← session.getAttributeAsOptionString
file ← session.getAttributeAsOptionString
password ← session.getAttributeAsOptionString
algorithm = session.getAttributeAsOptionString
} yield newTrustManagers(storeType, file, password, algorithm)

val keyManagers = for {
storeType ← session.getAttributeAsOptionString
file ← session.getAttributeAsOptionString
password ← session.getAttributeAsOptionString
algorithm = session.getAttributeAsOptionString
} yield newKeyManagers(storeType, file, password, algorithm)

but I think it should be:

val trustManagers = for {
storeType ← session.getAttributeAsOptionString
file ← session.getAttributeAsOptionString
password ← session.getAttributeAsOptionString
algorithm = session.getAttributeAsOptionString
} yield newTrustManagers(storeType, file, password, algorithm)

val keyManagers = for {
storeType ← session.getAttributeAsOptionString
file ← session.getAttributeAsOptionString
password ← session.getAttributeAsOptionString
algorithm = session.getAttributeAsOptionString
} yield newKeyManagers(storeType, file, password, algorithm)

I don’t know how to recompile everything and to test my patch. Can you tell me if you think this will fix my issue and provide me a new gatling environment ?

Thanks

Damn copy/paste.

Do you prefer a SNAPSHOT of 1.5 or 2.0?

2.0 if possible

Thanks

Here you are: https://docs.google.com/file/d/0B1zTVlhQrNiyUFhBZzBacGVNZnc/edit