Currently, in JsseSSLManager the alias selection is managed soley by the incrementing key index value. The user cannot override the selection of a specific client alias for a thread in ThreadGroup. This makes testing Mutual SSL auth impossible to do if each thread must be assigned a specific client alias. One potential approach is to handle this is to allow the user to define a hint variable in the thread and parse that in WrappedX509KeyManager.chooseClientAlias() as such: > diff JsseSSLManager.java JsseSSLManager.java.proposed 42a43 > import org.apache.jmeter.threads.JMeterContextService; 397c398,407 < String alias = this.store.getAlias(); --- > > // Give the user a choice to select the alias by reading an alias hint from > // a thread local variable > String aliasHint = > JMeterContextService.getContext().getVariables(). > get("jmeter.keystore.alias.hint"); > String alias = aliasHint; > if (alias == null) { > alias = this.store.getAlias(); > } A better, long term approach is to improve KeyStoreConfiguration to allow a thread local variable to specify the alias for the cert key but this requires the SSLManager to not be a singleton or to process thread local variables as above. Note that chooseClientAlias() has a comment currently that suggests allowing the user to choose the client alias is already on the TODO list: TODO? - does not actually allow the user to choose an alias at present
Created attachment 31134 [details] Patch proposal that implements this feature Hello, Please find attached a patch that implements the described feature. Note by the way it fixes the following: - When certificates are not found, IllegalArgumentException or IllegalStateException are thrown making debug much easier - SSLManager#getKeyStore has been synchronized to avoid synchronization issues if Preload is set to false and performance issues due to as many loads as there are threads in worst case As always, we grant full rights to use, modify, do anything project wants to do with classes as per our signed CLA.
Created attachment 31135 [details] Screenshot showing KeystoreConfig
Created attachment 31136 [details] Plan showing how to use feature
Date: Thu Dec 19 20:56:21 2013 New Revision: 1552423 URL: http://svn.apache.org/r1552423 Log: Bug 54977 - Ability to choose the client alias for the cert key in JsseSslManager such that Mutual SSL auth testing can be made more flexible Bugzilla Id: 54977 Modified: jmeter/trunk/docs/images/screenshots/keystore_config.png jmeter/trunk/src/components/org/apache/jmeter/config/KeystoreConfig.java jmeter/trunk/src/components/org/apache/jmeter/config/KeystoreConfigBeanInfo.java jmeter/trunk/src/components/org/apache/jmeter/config/KeystoreConfigResources.properties jmeter/trunk/src/components/org/apache/jmeter/config/KeystoreConfigResources_fr.properties jmeter/trunk/src/core/org/apache/jmeter/util/JsseSSLManager.java jmeter/trunk/src/core/org/apache/jmeter/util/SSLManager.java jmeter/trunk/src/core/org/apache/jmeter/util/keystore/JmeterKeyStore.java jmeter/trunk/xdocs/changes.xml jmeter/trunk/xdocs/images/screenshots/keystore_config.png jmeter/trunk/xdocs/usermanual/component_reference.xml
Thanks for patch , applied with minor changes on message labels. PS : Next time, wait for a JMeter commiter to put the commit mail message and mark bug as resolved.
This issue has been migrated to GitHub: https://github.com/apache/jmeter/issues/3123