Bug 54977 - Ability to choose the client alias for the cert key in JsseSslManager such that Mutual SSL auth testing can be made more flexible
Ability to choose the client alias for the cert key in JsseSslManager such th...
Status: RESOLVED FIXED
Product: JMeter
Classification: Unclassified
Component: Main
2.9
All All
: P2 enhancement (vote)
: ---
Assigned To: JMeter issues mailing list
:
Depends on:
Blocks:
  Show dependency tree
 
Reported: 2013-05-15 18:39 UTC by chrisryp
Modified: 2013-12-19 21:00 UTC (History)
2 users (show)



Attachments
Patch proposal that implements this feature (18.09 KB, patch)
2013-12-19 20:30 UTC, UbikLoadPack support
Details | Diff
Screenshot showing KeystoreConfig (20.34 KB, image/png)
2013-12-19 20:31 UTC, UbikLoadPack support
Details
Plan showing how to use feature (9.07 KB, application/xml)
2013-12-19 20:34 UTC, UbikLoadPack support
Details

Note You need to log in before you can comment on or make changes to this bug.
Description chrisryp 2013-05-15 18:39:06 UTC
Currently, in JsseSSLManager the alias selection is managed soley by the incrementing key index value. The user cannot override the selection of a specific client alias for a thread in ThreadGroup. This makes testing Mutual SSL auth impossible to do if each thread must be assigned a specific client alias. One potential approach is to handle this is to allow the user to define a hint variable in the thread and parse that in WrappedX509KeyManager.chooseClientAlias() as such:

> diff JsseSSLManager.java JsseSSLManager.java.proposed 
42a43
> import org.apache.jmeter.threads.JMeterContextService;
397c398,407
<             String alias = this.store.getAlias();
---
>             
>             // Give the user a choice to select the alias by reading an alias hint from
>             // a thread local variable
>             String aliasHint = 
>                     JMeterContextService.getContext().getVariables().
>                     get("jmeter.keystore.alias.hint");
>             String alias = aliasHint;
>             if (alias == null) {
>                 alias = this.store.getAlias();
>             }


A better, long term approach is to improve KeyStoreConfiguration to allow a thread local variable to specify the alias for the cert key but this requires the SSLManager to not be a singleton or to process thread local variables as above.

Note that chooseClientAlias() has a comment currently that suggests allowing the user to choose the client alias is already on the TODO list:
 TODO? - does not actually allow the user to choose an alias at present
Comment 1 UbikLoadPack support 2013-12-19 20:30:24 UTC
Created attachment 31134 [details]
Patch proposal that implements this feature

Hello,
Please find attached a patch that implements the described feature.
Note by the way it fixes the following:
- When certificates are not found, IllegalArgumentException or IllegalStateException are thrown making debug much easier
- SSLManager#getKeyStore has been synchronized to avoid synchronization issues if Preload is set to false and performance issues due to as many loads as there are threads in worst case


As always, we grant full rights to use, modify, do anything project wants to do with classes as per our signed CLA.
Comment 2 UbikLoadPack support 2013-12-19 20:31:44 UTC
Created attachment 31135 [details]
Screenshot showing KeystoreConfig
Comment 3 UbikLoadPack support 2013-12-19 20:34:48 UTC
Created attachment 31136 [details]
Plan showing how to use feature
Comment 4 UbikLoadPack support 2013-12-19 20:57:11 UTC
Date: Thu Dec 19 20:56:21 2013
New Revision: 1552423

URL: http://svn.apache.org/r1552423
Log:
Bug 54977 - Ability to choose the client alias for the cert key in JsseSslManager such that Mutual SSL auth testing can be made more flexible
Bugzilla Id: 54977

Modified:
    jmeter/trunk/docs/images/screenshots/keystore_config.png
    jmeter/trunk/src/components/org/apache/jmeter/config/KeystoreConfig.java
    jmeter/trunk/src/components/org/apache/jmeter/config/KeystoreConfigBeanInfo.java
    jmeter/trunk/src/components/org/apache/jmeter/config/KeystoreConfigResources.properties
    jmeter/trunk/src/components/org/apache/jmeter/config/KeystoreConfigResources_fr.properties
    jmeter/trunk/src/core/org/apache/jmeter/util/JsseSSLManager.java
    jmeter/trunk/src/core/org/apache/jmeter/util/SSLManager.java
    jmeter/trunk/src/core/org/apache/jmeter/util/keystore/JmeterKeyStore.java
    jmeter/trunk/xdocs/changes.xml
    jmeter/trunk/xdocs/images/screenshots/keystore_config.png
    jmeter/trunk/xdocs/usermanual/component_reference.xml
Comment 5 Philippe Mouawad 2013-12-19 21:00:59 UTC
Thanks for patch , applied with minor changes on message labels.

PS : Next time, wait for a JMeter commiter to put the commit mail message and mark bug as resolved.