When the keyStore contains trustedCertEntry entries alongside the PrivateKeyEntry and the PrivateKeyEntry is not the 1st entry in the keyStore, Jmeter 2.7's JmeterKeystore.load cannot find the key. It throws an exception which accompanying message reads "No key(s) found". The reason lies in the implementation of the load method. Its skeleton when scanning the aliases is: if (null != is){ // is is the InputStream PrivateKey _key = null; int index = 0; Enumeration<String> aliases = store.aliases(); while (aliases.hasMoreElements()) { String alias = aliases.nextElement(); if (store.isKeyEntry(alias)) { if ((index >= startIndex && index <= endIndex)) { _key = (PrivateKey) store.getKey(alias,...); if (null == _key) { throw new Exception(...); } ... v_names.add(alias); ... } } index++; } if (null == _key) { // Defect: source of problem throw new Exception("No key(s) found"); } } int v_size = v_names.size(); ... So: - The location test of _key itself would be a problem because _key would always be the last entry read in the keyStore, which might not be the private key. - But the fact that startIndex and endIndex are 0 (default initialisation values of implicitly initialised arguments, see SSLManager.java) implies that the private key would be found only if it was the 1st entry in the keystore. I didn't find any hint that this is a JSSE requirement. Assuming that only 1 key can be loaded (another source file states that no provision has been made to allow the user to specify one key amongst many) I think that: - the "if ((index >= startIndex && index <= endIndex))" condition gets in the way; - the validation that a key does exist in the keystore would be better done by asserting that "v_size != 0". Note that JMeter 2.4 was loading the keystore along the lines I'm suggesting, which is no surprise since I located the problem by investigating how JMeter 2.4 was getting it right when 2.7 was failing (on the same keystore).
There is a mistake in my explanation of the problem. The core of it in the current implementation (official release of 2.7) is the condition around the index variable. Were that condition removed, _key would be set if one private key had been found, even if it is not the 1st entry in the keystore. Sorry to the hasty confusing initial description.
Can you attach a keystore file showing the issue ? And also can you explain what issue you are facing. I agree there is a problem, but I want to know the impacts for you and what exactly is your test case. Thank you
Date: Thu Sep 27 20:14:28 2012 New Revision: 1391197 URL: http://svn.apache.org/viewvc?rev=1391197&view=rev Log: Bug 53911 - JmeterKeystore does not allow for key down the list of certificate Modified: jmeter/trunk/src/core/org/apache/jmeter/util/keystore/JmeterKeyStore.java jmeter/trunk/xdocs/changes.xml
Issue has been fixed but it would be very kind of you to make a test on nightly build to ensure it is for you and give us some feedback. See: http://jmeter.apache.org/nightly.html
This issue has been migrated to GitHub: https://github.com/apache/jmeter/issues/2934