I am trying to setup HTTPS request using custom keys which area made available to Gatling through gatling.conf.
#type = “” # Type of SSLContext’s KeyManagers store #file = “C:\Users\user\Downloads\Keystore.p12” # Location of SSLContext’s KeyManagers store #password = “synth” # Password for SSLContext’s KeyManagers store #algorithm = “” # Algorithm used SSLContext’s KeyManagers store
}
How ever when I run the test, it fails due to Handshake error.
Could some help and point me to the right direction. At first i though it might be TLS version, hence i tried using both TLSv1 and TLS v1.2, but still the same issue.
Does Gatling support different TLS and SSL versions.
Further down the log I could see
java.io.IOException: Invalid keystore format
at sun.security.provider.JavaKeyStore.engineLoad(Unknown Source)
at sun.security.provider.JavaKeyStore$JKS.engineLoad(Unknown Source)
at java.security.KeyStore.load(Unknown Source)
at io.gatling.http.util.SSLHelper$$anonfun$newKeyManagers$1.apply(SSLHelper.scala:53)
at io.gatling.http.util.SSLHelper$$anonfun$newKeyManagers$1.apply(SSLHelper.scala:50)
at io.gatling.core.util.IO$.withCloseable(IO.scala:154)
at io.gatling.http.util.SSLHelper$.newKeyManagers(SSLHelper.scala:50)
at io.gatling.http.ahc.HttpEngine$$anonfun$6.apply(HttpEngine.scala:180)
at io.gatling.http.ahc.HttpEngine$$anonfun$6.apply(HttpEngine.scala:180)
at scala.Option.map(Option.scala:145)
at io.gatling.http.ahc.HttpEngine.(HttpEngine.scala:180)
at io.gatling.http.ahc.HttpEngine$.start(HttpEngine.scala:91)
at io.gatling.http.config.HttpProtocol.warmUp(HttpProtocol.scala:125)
at io.gatling.core.config.Protocols$$anonfun$warmUp$1.apply(Protocols.scala:43)
at io.gatling.core.config.Protocols$$anonfun$warmUp$1.apply(Protocols.scala:43)
at scala.collection.Iterator$class.foreach(Iterator.scala:727)
at scala.collection.AbstractIterator.foreach(Iterator.scala:1157)
at scala.collection.MapLike$DefaultValuesIterable.foreach(MapLike.scala:206)
at io.gatling.core.config.Protocols.warmUp(Protocols.scala:43)
at io.gatling.core.structure.PopulatedScenarioBuilder.build(ScenarioBuilder.scala:86)
at io.gatling.core.scenario.Simulation$$anonfun$scenarios$3.apply(Simulation.scala:41)
at io.gatling.core.scenario.Simulation$$anonfun$scenarios$3.apply(Simulation.scala:41)
at scala.collection.TraversableLike$$anonfun$map$1.apply(TraversableLike.scala:244)
at scala.collection.TraversableLike$$anonfun$map$1.apply(TraversableLike.scala:244)
at scala.collection.immutable.List.foreach(List.scala:318)
at scala.collection.TraversableLike$class.map(TraversableLike.scala:244)
at scala.collection.AbstractTraversable.map(Traversable.scala:105)
at io.gatling.core.scenario.Simulation.scenarios(Simulation.scala:41)
at io.gatling.core.controller.Controller$$anonfun$1.applyOrElse(Controller.scala:80)
at akka.actor.Actor$class.aroundReceive(Actor.scala:465)
at io.gatling.core.akka.BaseActor.aroundReceive(BaseActor.scala:23)
at akka.actor.ActorCell.receiveMessage(ActorCell.scala:516)
at akka.actor.ActorCell.invoke(ActorCell.scala:487)
at akka.dispatch.Mailbox.processMailbox(Mailbox.scala:238)
at akka.dispatch.Mailbox.run(Mailbox.scala:220)
at akka.dispatch.ForkJoinExecutorConfigurator$AkkaForkJoinTask.exec(AbstractDispatcher.scala:393)
at scala.concurrent.forkjoin.ForkJoinTask.doExec(ForkJoinTask.java:260)
at scala.concurrent.forkjoin.ForkJoinPool$WorkQueue.runTask(ForkJoinPool.java:1339)
at scala.concurrent.forkjoin.ForkJoinPool.runWorker(ForkJoinPool.java:1979)
at scala.concurrent.forkjoin.ForkJoinWorkerThread.run(ForkJoinWorkerThread.java:107)
Hence I changed the Keystore type JKS for PKS12 and was able to resolve the above issue.
However now I get a different error listed below.
New I/O worker #3, fatal error: 46: General SSLEngine problem
sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
%% Invalidated: [Session-1, TLS_RSA_WITH_AES_256_CBC_SHA256]
New I/O worker #3, SEND TLSv1.2 ALERT: fatal, description = certificate_unknown
New I/O worker #3, WRITE: TLSv1.2 Alert, length = 2
New I/O worker #3, fatal: engine already closed. Rethrowing javax.net.ssl.SSLHandshakeException: General SSLEngine problem
New I/O worker #3, called closeOutbound()
New I/O worker #3, closeOutboundInternal()
15:11:23.189 [DEBUG] i.g.h.a.AsyncHandler - Request ‘AccountCreate’ failed for user 2141150877656040733-0
sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.provider.certpath.SunCertPathBuilder.build(Unknown Source) ~[na:1.8.0_20]
at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(Unknown Source) ~[na:1.8.0_20]
at java.security.cert.CertPathBuilder.build(Unknown Source) ~[na:1.8.0_20]
… 34 common frames omitted
Wrapped by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested targe
t
at sun.security.validator.PKIXValidator.doBuild(Unknown Source) ~[na:1.8.0_20]
at sun.security.validator.PKIXValidator.engineValidate(Unknown Source) ~[na:1.8.0_20]
at sun.security.validator.Validator.validate(Unknown Source) ~[na:1.8.0_20]
at sun.security.ssl.X509TrustManagerImpl.validate(Unknown Source) ~[na:1.8.0_20]
at sun.security.ssl.X509TrustManagerImpl.checkTrusted(Unknown Source) ~[na:1.8.0_20]
at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(Unknown Source) ~[na:1.8.0_20]
… 28 common frames omitted
Wrapped by: javax.net.ssl.SSLHandshakeException: General SSLEngine problem
at sun.security.ssl.Alerts.getSSLException(Unknown Source) ~[na:1.8.0_20]
at sun.security.ssl.SSLEngineImpl.fatal(Unknown Source) ~[na:1.8.0_20]
at sun.security.ssl.Handshaker.fatalSE(Unknown Source) ~[na:1.8.0_20]
at sun.security.ssl.Handshaker.fatalSE(Unknown Source) ~[na:1.8.0_20]
at sun.security.ssl.ClientHandshaker.serverCertificate(Unknown Source) ~[na:1.8.0_20]
at sun.security.ssl.ClientHandshaker.processMessage(Unknown Source) ~[na:1.8.0_20]
at sun.security.ssl.Handshaker.processLoop(Unknown Source) ~[na:1.8.0_20]
at sun.security.ssl.Handshaker$1.run(Unknown Source) ~[na:1.8.0_20]
at sun.security.ssl.Handshaker$1.run(Unknown Source) ~[na:1.8.0_20]
at java.security.AccessController.doPrivileged(Native Method) ~[na:1.8.0_20]
at sun.security.ssl.Handshaker$DelegatedTask.run(Unknown Source) ~[na:1.8.0_20]
at org.jboss.netty.handler.ssl.ImmediateExecutor.execute(ImmediateExecutor.java:31) ~[netty-3.9.4.Final.jar:na]
at org.jboss.netty.handler.ssl.SslHandler.runDelegatedTasks(SslHandler.java:1453) ~[netty-3.9.4.Final.jar:na]
at org.jboss.netty.handler.ssl.SslHandler.unwrap(SslHandler.java:1326) ~[netty-3.9.4.Final.jar:na]
… 18 common frames omitted
Wrapped by: javax.net.ssl.SSLHandshakeException: General SSLEngine problem
at sun.security.ssl.Handshaker.checkThrown(Unknown Source) ~[na:1.8.0_20]
at sun.security.ssl.SSLEngineImpl.checkTaskThrown(Unknown Source) ~[na:1.8.0_20]
at sun.security.ssl.SSLEngineImpl.readNetRecord(Unknown Source) ~[na:1.8.0_20]
at sun.security.ssl.SSLEngineImpl.unwrap(Unknown Source) ~[na:1.8.0_20]
at javax.net.ssl.SSLEngine.unwrap(Unknown Source) ~[na:1.8.0_20]
at org.jboss.netty.handler.ssl.SslHandler.unwrap(SslHandler.java:1285) ~[netty-3.9.4.Final.jar:na]
at org.jboss.netty.handler.ssl.SslHandler.decode(SslHandler.java:917) ~[netty-3.9.4.Final.jar:na]
at org.jboss.netty.handler.codec.frame.FrameDecoder.callDecode(FrameDecoder.java:425) ~[netty-3.9.4.Final.jar:na]
at org.jboss.netty.handler.codec.frame.FrameDecoder.messageReceived(FrameDecoder.java:310) ~[netty-3.9.4.Final.jar:na]
at org.jboss.netty.channel.SimpleChannelUpstreamHandler.handleUpstream(SimpleChannelUpstreamHandler.java:70) ~[netty-3.9.4.Final.jar:na]
at org.jboss.netty.channel.DefaultChannelPipeline.sendUpstream(DefaultChannelPipeline.java:564) [netty-3.9.4.Final.jar:na]
at org.jboss.netty.channel.DefaultChannelPipeline.sendUpstream(DefaultChannelPipeline.java:559) [netty-3.9.4.Final.jar:na]
at org.jboss.netty.channel.Channels.fireMessageReceived(Channels.java:268) [netty-3.9.4.Final.jar:na]
at org.jboss.netty.channel.Channels.fireMessageReceived(Channels.java:255) [netty-3.9.4.Final.jar:na]
at org.jboss.netty.channel.socket.nio.NioWorker.read(NioWorker.java:88) [netty-3.9.4.Final.jar:na]
at org.jboss.netty.channel.socket.nio.AbstractNioWorker.process(AbstractNioWorker.java:108) [netty-3.9.4.Final.jar:na]
at org.jboss.netty.channel.socket.nio.AbstractNioSelector.run(AbstractNioSelector.java:318) [netty-3.9.4.Final.jar:na]
at org.jboss.netty.channel.socket.nio.AbstractNioWorker.run(AbstractNioWorker.java:89) [netty-3.9.4.Final.jar:na]
at org.jboss.netty.channel.socket.nio.NioWorker.run(NioWorker.java:178) [netty-3.9.4.Final.jar:na]
at org.jboss.netty.util.ThreadRenamingRunnable.run(ThreadRenamingRunnable.java:108) [netty-3.9.4.Final.jar:na]
at org.jboss.netty.util.internal.DeadLockProofWorker$1.run(DeadLockProofWorker.java:42) [netty-3.9.4.Final.jar:na]
at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source) [na:1.8.0_20]
at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source) [na:1.8.0_20]
at java.lang.Thread.run(Unknown Source) [na:1.8.0_20]
15:11:23.206 [WARN ] i.g.h.a.AsyncHandlerActor - Request ‘AccountCreate’ failed: javax.net.ssl.SSLHandshakeException: General SSLEngine problem
15:11:23.212 [DEBUG] i.g.h.a.AsyncHandlerActor -
After searching a bit, I understand
Wrapped by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested targe
Error is because I use self signed certificate and I need to update the CACERT file in the my JRE_HOME/lib directory.
I know that I can import the certificate into the JRE’s certificate authority store, and that will allow Java to accept it. That’s not an approach I want to take; it seems very invasive to do on all of our test machines.
And I also know Jmeter accepts self signed certs( as I am trying to moving Perfomance Test suite from Jmeter to Gatling) without the above step.
Can this be achieved in Gatling as well, where I don’t have to import the certificate into the JRE’s certificate authority store for self signed Keystore’s…?
Is there any way you can send me your key store and your config, please?
I guess the solution is to provide an option for using a lenient TrustStore instead of Java’s default one, but I’d like to properly test it (and I’m a bit pressed atm).