[patch] Log debug information about loaded certificates

0001-Log-debug-information-about-loaded-certs-from-keysto.patch (text/plain), 4.58 KB, created by Felix Schumacher on 2021-01-02 13:08:33 UTC

(hide)

Description: Log debug information about loaded certificates

Filename:

MIME Type:

Creator: Felix Schumacher

Created: 2021-01-02 13:08:33 UTC

Size: 4.58 KB

patch

obsolete

>From 98321d542a6b432dc326946ac695936383fedd69 Mon Sep 17 00:00:00 2001 >From: Felix Schumacher <felix.schumacher@internetallee.de> >Date: Sat, 2 Jan 2021 14:07:00 +0100 >Subject: [PATCH] Log debug information about loaded certs from keystore > >Bugzilla Id: 64831 >--- > .../jmeter/util/keystore/JmeterKeyStore.java | 60 +++++++++++++++++++ > 1 file changed, 60 insertions(+) > >diff --git a/src/core/src/main/java/org/apache/jmeter/util/keystore/JmeterKeyStore.java b/src/core/src/main/java/org/apache/jmeter/util/keystore/JmeterKeyStore.java >index 5a3afdf8a1..e9ad28f53e 100644 >--- a/src/core/src/main/java/org/apache/jmeter/util/keystore/JmeterKeyStore.java >+++ b/src/core/src/main/java/org/apache/jmeter/util/keystore/JmeterKeyStore.java >@@ -27,6 +27,7 @@ import java.security.PrivateKey; > import java.security.UnrecoverableKeyException; > import java.security.cert.Certificate; > import java.security.cert.CertificateException; >+import java.security.cert.CertificateParsingException; > import java.security.cert.X509Certificate; > import java.util.ArrayList; > import java.util.Arrays; >@@ -113,6 +114,9 @@ public final class JmeterKeyStore { > this.certsByAlias = new HashMap<>(); > > PrivateKey privateKey = null; >+ if (log.isDebugEnabled()) { >+ logDetailsOnKeystore(store); >+ } > int index = 0; > Enumeration<String> aliases = store.aliases(); > while (aliases.hasMoreElements()) { >@@ -148,6 +152,62 @@ public final class JmeterKeyStore { > this.names = aliasesList.toArray(new String[aliasesList.size()]); > } > >+ private static final Map<String, String> EXTENDED_KEY_USAGES = new HashMap<>(); >+ static { >+ EXTENDED_KEY_USAGES.put("1.3.6.1.5.5.7.3.9", "Signing Online Certificate Status Protocol (OCSP) responses"); >+ EXTENDED_KEY_USAGES.put("1.3.6.1.4.1.311.20.2.2", "Smartcard logon to Microsoft Windows"); >+ EXTENDED_KEY_USAGES.put("1.3.6.1.4.1.311.10.3.4", "Can use encrypted file systems (EFS) (EFS_CRYPTO)"); >+ EXTENDED_KEY_USAGES.put("1.3.6.1.4.1.311.10.3.4.1", "Can use encrypted file systems (EFS) (EFS_RECOVERY)"); >+ EXTENDED_KEY_USAGES.put("1.3.6.1.5.5.7.3.1", >+ "Transport Layer Security (TLS) World Wide Web (WWW) server authentication"); >+ EXTENDED_KEY_USAGES.put("1.3.6.1.5.5.7.3.2", >+ "Transport Layer Security (TLS) World Wide Web (WWW) client authentication"); >+ EXTENDED_KEY_USAGES.put("1.3.6.1.5.5.7.3.3", "Signing of downloadable executable code"); >+ EXTENDED_KEY_USAGES.put("1.3.6.1.5.5.7.3.4", "Email protection"); >+ EXTENDED_KEY_USAGES.put("1.3.6.1.5.5.7.3.8", "Time stamping"); >+ } >+ >+ private void logDetailsOnKeystore(KeyStore keystore) { >+ Enumeration<String> aliases; >+ try { >+ aliases = keystore.aliases(); >+ } catch (KeyStoreException e) { >+ log.debug("Problem reading the aliases from the store {}", keystore, e); >+ return; >+ } >+ int i = 1; >+ while(aliases.hasMoreElements()) { >+ String alias = aliases.nextElement(); >+ log.debug("{}: {}", i++, alias); >+ X509Certificate cert; >+ try { >+ cert = (X509Certificate) keystore.getCertificate(alias); >+ } catch (KeyStoreException e) { >+ log.debug("Can't read certificate for alias {}", alias, e); >+ continue; >+ } >+ log.debug("valid not after: {}", cert.getNotAfter().toInstant()); >+ log.debug("valid not before: {}", cert.getNotBefore().toInstant()); >+ log.debug("issuer DN: {}", cert.getIssuerDN()); >+ try { >+ log.debug("SAN: {}", cert.getSubjectAlternativeNames()); >+ } catch (CertificateParsingException e) { >+ log.debug("Problem parsing SAN for {}", alias, e); >+ } >+ List<String> extendedKeyUsage; >+ try { >+ extendedKeyUsage = cert.getExtendedKeyUsage(); >+ if (extendedKeyUsage != null) { >+ for (String keyUsage : extendedKeyUsage) { >+ log.debug("Extended Key Usage {} ({})", EXTENDED_KEY_USAGES.getOrDefault(keyUsage, keyUsage), keyUsage); >+ } >+ } >+ } catch (CertificateParsingException e) { >+ log.debug("Can't get extendedKeyUsage for alias {}", alias, e); >+ } >+ } >+ } >+ > private X509Certificate[] toX509Certificates(Certificate[] chain) { > X509Certificate[] x509certs = new X509Certificate[chain.length]; > for (int i = 0; i < x509certs.length; i++) { >-- >2.25.1 > View Attachment As Diff View Attachment As Raw

This is ASF Bugzilla: the Apache Software Foundation bug system. In case of problems with the functioning of ASF Bugzilla, please contact bugzilla-admin@apache.org. Please Note: this e-mail address is only for reporting problems with ASF Bugzilla. Mail about any other subject will be silently ignored.

• • Home
  • | New
  • | Browse
  • | Search
  • |
    [?]
  • | Reports
  • | Help
  • | New Account
  • | Log In
    Remember [x]
  • | Forgot Password
    Login: [x]