Newman: Support Client Side Certificate Authentication

Newman maintains feature parity with postman app. Need to check how this will work in postman app before implementing in Newman.

In OSX Postman, the cert appears to be managed by Chrome (via Keychain).

It would be nice to tie/define a certificate in the environment so we can switch.

Now that we moved to NodeJS driven runtime, this feature has been bumped up in priority.

• @numaanashraf @czardoz

The goal:

• understand the Chrome magic when it picks up the certificate
• possibly add better user experience around certificates
• implement it across the board

@tdurden82 - yes, either via environment or using an in-app certificate store (like our cookie store) should make the workflow better.

Hi,

Here is my proposition to solve the problem:

diff --git a/lib/run/index.js b/lib/run/index.js
index 0234f94..ad328ce 100644
--- a/lib/run/index.js
+++ b/lib/run/index.js
@@ -94,7 +94,16 @@ module.exports = function (options, callback) {
             timeout: options.timeoutRequest ? { request: options.timeoutRequest } : undefined,
             requester: {
                 followRedirects: _.has(options, 'ignoreRedirects') ? !options.ignoreRedirects : undefined,
-                strictSSL: _.has(options, 'insecure') ? !options.insecure : undefined
+                strictSSL: _.has(options, 'insecure') ? !options.insecure : undefined,
+                certificateManager: _.has(options, 'certInfo') ? {
+                    getCertificateContents: function(domain, callback){
+                        if(_.has(options.certInfo, domain)){
+                            callback(null, options.certInfo[domain]);
+                        }else{
+                            callback('Certificate not found for domain' + domain, null);
+                        }
+                    }
+                } : undefined
             }
         }, function (err, run) {
             var callbacks = {},

Usage of above patch:

newman.run({
    ...
    certInfo: {
        "server1.com" : {
                                        pem: fs.readFileSync(certFile1), //reading content from file 
                                        key: fs.readFileSync(keyFile1),
                                        passphrase: 'password1'
                                   }
        },
        "server2.com" : {
                                        pem: fs.readFileSync(certFile2),
                                        key: fs.readFileSync(keyFile2),
                                        passphrase: 'password2'
                                   }
        }
})

Only thing that left is to add new parameter to CLI with accept json file with certInfo configuration.

This static approach will allow to use this configuration with jenkins.

Yes. This is what we are looking into as well. We want to make the json structure common to a cookie store - so that they look similar and easier to parse using a common algorithm.

Give us a while to decide what would be the input file structure. We should be able to support domains and wildcards as well.

@shamasis Any updates on this issue?

Yes. Work is underway. Will take a week to Geet around to finish integration at Newman level after all underlying modules are updated.

Hi @czardoz,
Any idea when this feature will come out. We are really in need of it.

Any updates on this issue?

@anirupdutta @fazlerabbi @tdurden82 @pawelka As of Newman v3.3.0, this feature is available. See https://github.com/postmanlabs/newman#ssl-client-certificates for more details. :)

I can't get this to work in a mac:
newman --version
3.3.0

newman -u https://www.getpostman.com/collections/XXXX --ssl-client-cert PATH_TO_CERT --ssl-client-passphrase PASSWORD
and I am getting this:

newman: error: Unrecognized arguments: --ssl-client-cert PATH_TO_CERT --ssl-client-passphrase PASSWORD.

Also in the help these options are not there:
usage: newman [-h] [-c COLLECTION] [-u URL]
[-e ENVIRONMENT | --environment-url ENVIRONMENT_URL] [-g GLOBAL]
[-n NUMBER] [-f FOLDER] [-r REQUESTTIMEOUT] [-y DELAY] [-R] [-k]
[-d DATA] [-E EXPORTENVIRONMENT] [-G EXPORTGLOBALS] [-H HTML]
[-j] [-C] [-S] [-l]
[-N {ascii,utf8,utf16le,ucs2,base64,binary,hex}] [-o OUTPUTFILE]
[-O OUTPUTFILEVERBOSE] [-t TESTREPORTFILE] [-i IMPORT]
[-p PRETTY] [-W] [-L RECURSELIMIT] [-s] [-x] [--silent] [-v]

@ezedeveloper The command used here is in Newman v2.x style, so the ssl client certificate options are not provided therein. You would have to use the Newman v3 command:

newman run https://www.getpostman.com/collections/XXXX --ssl-client-cert PATH_TO_CERT --ssl-client-passphrase PASSWORD --insecure

@kunagpal Awesome, that worked! (I am just starting with this tool)
Thanks for the fast reply.

@kunagpal Thanks a lot!

Hi,

i try to run postman collection with envirement but more than one certificate

Hi,

Here is my proposition to solve the problem:

diff --git a/lib/run/index.js b/lib/run/index.js
index 0234f94..ad328ce 100644
--- a/lib/run/index.js
+++ b/lib/run/index.js
@@ -94,7 +94,16 @@ module.exports = function (options, callback) {
             timeout: options.timeoutRequest ? { request: options.timeoutRequest } : undefined,
             requester: {
                 followRedirects: _.has(options, 'ignoreRedirects') ? !options.ignoreRedirects : undefined,
-                strictSSL: _.has(options, 'insecure') ? !options.insecure : undefined
+                strictSSL: _.has(options, 'insecure') ? !options.insecure : undefined,
+                certificateManager: _.has(options, 'certInfo') ? {
+                    getCertificateContents: function(domain, callback){
+                        if(_.has(options.certInfo, domain)){
+                            callback(null, options.certInfo[domain]);
+                        }else{
+                            callback('Certificate not found for domain' + domain, null);
+                        }
+                    }
+                } : undefined
             }
         }, function (err, run) {
             var callbacks = {},

Usage of above patch:

newman.run({
    ...
    certInfo: {
        "server1.com" : {
                                        pem: fs.readFileSync(certFile1), //reading content from file 
                                        key: fs.readFileSync(keyFile1),
                                        passphrase: 'password1'
                                   }
        },
        "server2.com" : {
                                        pem: fs.readFileSync(certFile2),
                                        key: fs.readFileSync(keyFile2),
                                        passphrase: 'password2'
                                   }
        }
})

Only thing that left is to add new parameter to CLI with accept json file with certInfo configuration.

This static approach will allow to use this configuration with jenkins.

how can i start this script? i try to run a postman collection using windows command line