From 98321d542a6b432dc326946ac695936383fedd69 Mon Sep 17 00:00:00 2001 From: Felix Schumacher Date: Sat, 2 Jan 2021 14:07:00 +0100 Subject: [PATCH] Log debug information about loaded certs from keystore Bugzilla Id: 64831 --- .../jmeter/util/keystore/JmeterKeyStore.java | 60 +++++++++++++++++++ 1 file changed, 60 insertions(+) diff --git a/src/core/src/main/java/org/apache/jmeter/util/keystore/JmeterKeyStore.java b/src/core/src/main/java/org/apache/jmeter/util/keystore/JmeterKeyStore.java index 5a3afdf8a1..e9ad28f53e 100644 --- a/src/core/src/main/java/org/apache/jmeter/util/keystore/JmeterKeyStore.java +++ b/src/core/src/main/java/org/apache/jmeter/util/keystore/JmeterKeyStore.java @@ -27,6 +27,7 @@ import java.security.PrivateKey; import java.security.UnrecoverableKeyException; import java.security.cert.Certificate; import java.security.cert.CertificateException; +import java.security.cert.CertificateParsingException; import java.security.cert.X509Certificate; import java.util.ArrayList; import java.util.Arrays; @@ -113,6 +114,9 @@ public final class JmeterKeyStore { this.certsByAlias = new HashMap<>(); PrivateKey privateKey = null; + if (log.isDebugEnabled()) { + logDetailsOnKeystore(store); + } int index = 0; Enumeration aliases = store.aliases(); while (aliases.hasMoreElements()) { @@ -148,6 +152,62 @@ public final class JmeterKeyStore { this.names = aliasesList.toArray(new String[aliasesList.size()]); } + private static final Map EXTENDED_KEY_USAGES = new HashMap<>(); + static { + EXTENDED_KEY_USAGES.put("1.3.6.1.5.5.7.3.9", "Signing Online Certificate Status Protocol (OCSP) responses"); + EXTENDED_KEY_USAGES.put("1.3.6.1.4.1.311.20.2.2", "Smartcard logon to Microsoft Windows"); + EXTENDED_KEY_USAGES.put("1.3.6.1.4.1.311.10.3.4", "Can use encrypted file systems (EFS) (EFS_CRYPTO)"); + EXTENDED_KEY_USAGES.put("1.3.6.1.4.1.311.10.3.4.1", "Can use encrypted file systems (EFS) (EFS_RECOVERY)"); + EXTENDED_KEY_USAGES.put("1.3.6.1.5.5.7.3.1", + "Transport Layer Security (TLS) World Wide Web (WWW) server authentication"); + EXTENDED_KEY_USAGES.put("1.3.6.1.5.5.7.3.2", + "Transport Layer Security (TLS) World Wide Web (WWW) client authentication"); + EXTENDED_KEY_USAGES.put("1.3.6.1.5.5.7.3.3", "Signing of downloadable executable code"); + EXTENDED_KEY_USAGES.put("1.3.6.1.5.5.7.3.4", "Email protection"); + EXTENDED_KEY_USAGES.put("1.3.6.1.5.5.7.3.8", "Time stamping"); + } + + private void logDetailsOnKeystore(KeyStore keystore) { + Enumeration aliases; + try { + aliases = keystore.aliases(); + } catch (KeyStoreException e) { + log.debug("Problem reading the aliases from the store {}", keystore, e); + return; + } + int i = 1; + while(aliases.hasMoreElements()) { + String alias = aliases.nextElement(); + log.debug("{}: {}", i++, alias); + X509Certificate cert; + try { + cert = (X509Certificate) keystore.getCertificate(alias); + } catch (KeyStoreException e) { + log.debug("Can't read certificate for alias {}", alias, e); + continue; + } + log.debug("valid not after: {}", cert.getNotAfter().toInstant()); + log.debug("valid not before: {}", cert.getNotBefore().toInstant()); + log.debug("issuer DN: {}", cert.getIssuerDN()); + try { + log.debug("SAN: {}", cert.getSubjectAlternativeNames()); + } catch (CertificateParsingException e) { + log.debug("Problem parsing SAN for {}", alias, e); + } + List extendedKeyUsage; + try { + extendedKeyUsage = cert.getExtendedKeyUsage(); + if (extendedKeyUsage != null) { + for (String keyUsage : extendedKeyUsage) { + log.debug("Extended Key Usage {} ({})", EXTENDED_KEY_USAGES.getOrDefault(keyUsage, keyUsage), keyUsage); + } + } + } catch (CertificateParsingException e) { + log.debug("Can't get extendedKeyUsage for alias {}", alias, e); + } + } + } + private X509Certificate[] toX509Certificates(Certificate[] chain) { X509Certificate[] x509certs = new X509Certificate[chain.length]; for (int i = 0; i < x509certs.length; i++) { -- 2.25.1