> Change names of variables and capitalization of Log messages as suggested byĬhanges work for me except for the last remaining comments. > Log debug information about loaded certificates (In reply to Felix Schumacher from comment #9) I just have found another EKU OID on my smartcard: Any Purpose (2.5.29.37.0).Įxcept for the comments above, I have tried this with a soft store as well as my smartcard. Log.debug("certitifate at index )", EXTENDED_KEY_USAGES.getOrDefault(keyUsage, keyUsage), keyUsage) Īdd a colon after 'Usage'. It will merly print a number and an alias. > Could you explain, what you mean by comment 1)? > The information about the SAN can (and should) be enhanced. Do you see a way to store this kind of information when the keystore is first loaded by JMeter? This would of course require the keystore to be static, means JMeter won't notice changes until re-reads it or restarts, but that's would be acceptable. Sometimes I do invoke debug sampler to see JMeter internal information w/o any other sampler involved. Hmm, while storing into a variable seems reasonable, it still requires to invoke a real sampler to have this kind of information. OK, let's leave the debug sampler stupid. > information that is currently logged into a variable, which then would be > therefore not my preferred sampler to extend :) but. > The debug sampler has currently no knowledge of the keystore and is (In reply to Felix Schumacher from comment #4) Maybe the debug sampler could be extended for this? Many enterprise certs like mine will contain MS UserPrincipalName (1.3.6.1.4.1.311.20.2.3) which Java does not know. In case of otherName it would be very helpful to dumb the ASN.1 blob with Apache Kerby ASN.1. So a switch on the first member of the nested list to a string literal would be helpful. (Javadoc: an immutable Collection of subject alternative names (or null))ģ: Printing SAN as-is isn't really helpful. This give virtually no context about the printed information. I would also rearrage the log statements for consistency too: I understand that this is the easiest way to implement, but from a user's POV not useful. It would require additional effort to configure some fake sampler or configure a log file. To have this printed you need some sampler accessing it and since one has to be in debug mode HttpClient logs so much that those log statements are long gone from the pane buffer in JMeter. Just tried, this doesn't scale at all, unfortunately. My PIN dialog pops up and Apache HTTPd accepts my cert from my smartcard. JMeter works with Windows-MY by setting the keyStoreType=Windows-MY at startup. > EXTENDED_KEY_USAGES.put("1.3.6.1.5.5.7.3.3", "Signing of downloadable executable code") > "Transport Layer Security (TLS) World Wide Web (WWW) client authentication") > "Transport Layer Security (TLS) World Wide Web (WWW) server authentication") > "Can use encrypted file systems (EFS) (EFS_RECOVERY)") > "Can use encrypted file systems (EFS) (EFS_CRYPTO)") > "Signing Online Certificate Status Protocol (OCSP) responses") Here is a selection of OIDs I do process: The required OID for Client Cert Auth is 1.3.6.1.5.5.7.3.2. The enhancement request is to either create a new sampler of extend the debug sampler will can print out aliases along with basic certificate information, especially with extended key usages to identify the proper certificate. KEYSTORE EXPLORER SHOWING NULL CERTIFICATE VERIFICATIONNote that I always have two valid vertificates: Identify verification and email encryption. Since a smartcard stores all old certificates you cannot really guess the index. Or use KeyStore Explorer to open Windows-MY. > X509Certificate cert = (X509Certificate) ks.getCertificate(alias) > KeyStore ks = KeyStore.getInstance("Windows-MY") KEYSTORE EXPLORER SHOWING NULL CERTIFICATE CODEYes, I have looked into the code which format is used and an index is appended if common names collide.Īt the end you have to write a simple Java program: While trying to use Windows-MY with JMeter one does not know the format of the aliases generated unless you read the C/Java code of the MSCAPI module in the JDK.
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |