Bug 54977 - Ability to choose the client alias for the cert key in JsseSslManager such that Mutual SSL auth testing can be made more flexible
Summary: Ability to choose the client alias for the cert key in JsseSslManager such th...
Alias: None
Product: JMeter - Now in Github
Classification: Unclassified
Component: Main (show other bugs)
Version: 2.9
Hardware: All All
: P2 enhancement (vote)
Target Milestone: ---
Assignee: JMeter issues mailing list
Depends on:
Reported: 2013-05-15 18:39 UTC by chrisryp
Modified: 2013-12-19 21:00 UTC (History)
2 users (show)

Patch proposal that implements this feature (18.09 KB, patch)
2013-12-19 20:30 UTC, UbikLoadPack support
Details | Diff
Screenshot showing KeystoreConfig (20.34 KB, image/png)
2013-12-19 20:31 UTC, UbikLoadPack support
Plan showing how to use feature (9.07 KB, application/xml)
2013-12-19 20:34 UTC, UbikLoadPack support

Note You need to log in before you can comment on or make changes to this bug.
Description chrisryp 2013-05-15 18:39:06 UTC
Currently, in JsseSSLManager the alias selection is managed soley by the incrementing key index value. The user cannot override the selection of a specific client alias for a thread in ThreadGroup. This makes testing Mutual SSL auth impossible to do if each thread must be assigned a specific client alias. One potential approach is to handle this is to allow the user to define a hint variable in the thread and parse that in WrappedX509KeyManager.chooseClientAlias() as such:

> diff JsseSSLManager.java JsseSSLManager.java.proposed 
> import org.apache.jmeter.threads.JMeterContextService;
<             String alias = this.store.getAlias();
>             // Give the user a choice to select the alias by reading an alias hint from
>             // a thread local variable
>             String aliasHint = 
>                     JMeterContextService.getContext().getVariables().
>                     get("jmeter.keystore.alias.hint");
>             String alias = aliasHint;
>             if (alias == null) {
>                 alias = this.store.getAlias();
>             }

A better, long term approach is to improve KeyStoreConfiguration to allow a thread local variable to specify the alias for the cert key but this requires the SSLManager to not be a singleton or to process thread local variables as above.

Note that chooseClientAlias() has a comment currently that suggests allowing the user to choose the client alias is already on the TODO list:
 TODO? - does not actually allow the user to choose an alias at present
Comment 1 UbikLoadPack support 2013-12-19 20:30:24 UTC
Created attachment 31134 [details]
Patch proposal that implements this feature

Please find attached a patch that implements the described feature.
Note by the way it fixes the following:
- When certificates are not found, IllegalArgumentException or IllegalStateException are thrown making debug much easier
- SSLManager#getKeyStore has been synchronized to avoid synchronization issues if Preload is set to false and performance issues due to as many loads as there are threads in worst case

As always, we grant full rights to use, modify, do anything project wants to do with classes as per our signed CLA.
Comment 2 UbikLoadPack support 2013-12-19 20:31:44 UTC
Created attachment 31135 [details]
Screenshot showing KeystoreConfig
Comment 3 UbikLoadPack support 2013-12-19 20:34:48 UTC
Created attachment 31136 [details]
Plan showing how to use feature
Comment 4 UbikLoadPack support 2013-12-19 20:57:11 UTC
Date: Thu Dec 19 20:56:21 2013
New Revision: 1552423

URL: http://svn.apache.org/r1552423
Bug 54977 - Ability to choose the client alias for the cert key in JsseSslManager such that Mutual SSL auth testing can be made more flexible
Bugzilla Id: 54977

Comment 5 Philippe Mouawad 2013-12-19 21:00:59 UTC
Thanks for patch , applied with minor changes on message labels.

PS : Next time, wait for a JMeter commiter to put the commit mail message and mark bug as resolved.
Comment 6 The ASF infrastructure team 2022-09-24 20:37:53 UTC
This issue has been migrated to GitHub: https://github.com/apache/jmeter/issues/3123