0

In my development and qa environments, I will be hitting a rest endpoint using internally signed certs. The policy where I work is to put internal certs in a separate bundle on our Linux servers.

The following works perfectly well in curl:

curl -X GET -H "Content-Type: application/json" -H "Accept: application/json" --negotiate --cacert /etc/pki/tls/out-internal-bundle.pem -u : "https://<dev or qa root>/api/profile/8461869a8b6e4558b20b14411337440b"

My actual client for this endpoint is written in Scala, however. Currently I'm making my call using scala.io.Source:

val url = s"$baseUrl/data-profiler/$id"
using(Source.fromURL(url)) { source => {
  val result = source.mkString
  val jsonAst = result.parseJson
  jsonAst.convertTo[Job]
}}

I would like to figure out how, in my dev and qa environments, to use our internal bundle. Anyone doing that in Scala or Java?

Stuart
  • 1,572
  • 4
  • 21
  • 39

2 Answers2

1

You need to configure the "truststore" used by the JVM, with the "javax.net.ssl.trustStore" option when you launch java, i.e.

java -Djavax.net.ssl.trustStore=/etc/pki/tls/out-internal-bundle.jks ...

(sbt will take the same -D argument if you are using SBT to launch your app)

You'll need to get your CA certs into JKS format.

See:

Community
  • 1
  • 1
Rich
  • 15,048
  • 2
  • 66
  • 119
-2

I would entirely recommend you to use Gatling for this kind of things. Gatling is a really cool framework for load-testing and it provides support for many protocols like jms, jdbc, and of course http among others. Please take a look on it here http://gatling.io/#/ (This framework is build on Scala) and it provides support for the things that you are searching for

Rene Enriquez
  • 1,418
  • 1
  • 13
  • 33
  • This doesn't really answer the question. If he switches to Gatling, he will still need to configure the Gatling client to provide the internal CA config. – Rich Feb 21 '17 at 13:59
  • Taking a dependency on a load testing framework is a non-starter. – Stuart Feb 21 '17 at 15:03