This is an automated email from the ASF dual-hosted git repository.
fschumacher pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/jmeter.git
The following commit(s) were added to refs/heads/master by this push:
new 75f5396 Log debug information about loaded certs from keystore
75f5396 is described below
commit 75f5396f80b3a6f6c8ca9a87dd25734b0e2df0f8
Author: Felix Schumacher <[email protected]>
AuthorDate: Sat Jan 2 14:07:00 2021 +0100
Log debug information about loaded certs from keystore
Bugzilla Id: 64831
---
.../jmeter/util/keystore/JmeterKeyStore.java | 110 +++++++++++++++++++++
xdocs/changes.xml | 1 +
2 files changed, 111 insertions(+)
diff --git
a/src/core/src/main/java/org/apache/jmeter/util/keystore/JmeterKeyStore.java
b/src/core/src/main/java/org/apache/jmeter/util/keystore/JmeterKeyStore.java
index 5a3afdf..a7b0407 100644
--- a/src/core/src/main/java/org/apache/jmeter/util/keystore/JmeterKeyStore.java
+++ b/src/core/src/main/java/org/apache/jmeter/util/keystore/JmeterKeyStore.java
@@ -27,16 +27,21 @@ import java.security.PrivateKey;
import java.security.UnrecoverableKeyException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
+import java.security.cert.CertificateParsingException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
+import java.util.Collection;
import java.util.Enumeration;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.Objects;
+import java.util.stream.Collectors;
+import org.apache.commons.codec.binary.Hex;
import org.apache.commons.lang3.StringUtils;
+import org.apache.commons.lang3.tuple.Pair;
import org.apache.jmeter.threads.JMeterContextService;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
@@ -113,6 +118,9 @@ public final class JmeterKeyStore {
this.certsByAlias = new HashMap<>();
PrivateKey privateKey = null;
+ if (log.isDebugEnabled()) {
+ logDetailsOnKeystore(store);
+ }
int index = 0;
Enumeration<String> aliases = store.aliases();
while (aliases.hasMoreElements()) {
@@ -148,6 +156,108 @@ public final class JmeterKeyStore {
this.names = aliasesList.toArray(new String[aliasesList.size()]);
}
+ private static final Map<String, String> EXTENDED_KEY_USAGES = new
HashMap<>();
+ static {
+ EXTENDED_KEY_USAGES.put("1.3.6.1.4.1.311.10.3.4", "Can use encrypted
file systems (EFS) (EFS_CRYPTO)");
+ EXTENDED_KEY_USAGES.put("1.3.6.1.4.1.311.10.3.4.1", "Can use encrypted
file systems (EFS) (EFS_RECOVERY)");
+ EXTENDED_KEY_USAGES.put("1.3.6.1.4.1.311.20.2.2", "Smartcard logon to
Microsoft Windows");
+ EXTENDED_KEY_USAGES.put("1.3.6.1.5.5.7.3.1",
+ "Transport Layer Security (TLS) World Wide Web (WWW) server
authentication");
+ EXTENDED_KEY_USAGES.put("1.3.6.1.5.5.7.3.2",
+ "Transport Layer Security (TLS) World Wide Web (WWW) client
authentication");
+ EXTENDED_KEY_USAGES.put("1.3.6.1.5.5.7.3.3", "Signing of downloadable
executable code");
+ EXTENDED_KEY_USAGES.put("1.3.6.1.5.5.7.3.4", "Email protection");
+ EXTENDED_KEY_USAGES.put("1.3.6.1.5.5.7.3.5", "IP security end system");
+ EXTENDED_KEY_USAGES.put("1.3.6.1.5.5.7.3.6", "IP security tunnel
termination");
+ EXTENDED_KEY_USAGES.put("1.3.6.1.5.5.7.3.7", "IP security user");
+ EXTENDED_KEY_USAGES.put("1.3.6.1.5.5.7.3.8", "Time stamping");
+ EXTENDED_KEY_USAGES.put("1.3.6.1.5.5.7.3.9", "Signing Online
Certificate Status Protocol (OCSP) responses");
+ EXTENDED_KEY_USAGES.put("2.5.29.37.0", "Any purpose");
+ }
+
+ private static final List<String> SAN_GENERAL_NAMES =
Arrays.asList("otherName", "rfc822Name", "dNSName", "x400Address",
+ "directoryName", "ediPartyName", "uniformResourceIdentifier",
"iPAddress", "registeredID");
+
+ private void logDetailsOnKeystore(KeyStore keystore) {
+ Enumeration<String> aliases;
+ try {
+ aliases = keystore.aliases();
+ } catch (KeyStoreException e) {
+ log.debug("Problem reading the aliases from the store {}",
keystore, e);
+ return;
+ }
+ int i = 1;
+ while(aliases.hasMoreElements()) {
+ String alias = aliases.nextElement();
+ log.debug("Certificate at index {} with alias {}", i++, alias);
+ X509Certificate cert;
+ try {
+ cert = (X509Certificate) keystore.getCertificate(alias);
+ } catch (KeyStoreException e) {
+ log.debug("Can't read certificate for alias {}", alias, e);
+ continue;
+ }
+ log.debug("Subject DN: {}", cert.getSubjectX500Principal());
+ log.debug("Issuer DN: {}", cert.getIssuerX500Principal());
+ log.debug("Not valid before: {}", cert.getNotBefore().toInstant());
+ log.debug("Not valid after: {}", cert.getNotAfter().toInstant());
+ try {
+ final Collection<List<?>> subjectAlternativeNames =
cert.getSubjectAlternativeNames();
+ if (!(subjectAlternativeNames == null ||
subjectAlternativeNames.isEmpty())) {
+ log.debug("SAN: {}",
decodeSanList(subjectAlternativeNames));
+ }
+ } catch (CertificateParsingException e) {
+ log.debug("Problem parsing SAN for alias {}", alias, e);
+ }
+ List<String> extendedKeyUsage;
+ try {
+ extendedKeyUsage = cert.getExtendedKeyUsage();
+ if (extendedKeyUsage != null) {
+ for (String keyUsage : extendedKeyUsage) {
+ log.debug("EKU: {} ({})",
EXTENDED_KEY_USAGES.getOrDefault(keyUsage, keyUsage),
+ keyUsage);
+ }
+ }
+ } catch (CertificateParsingException e) {
+ log.debug("Can't get EKU for alias {}", alias, e);
+ }
+ }
+ }
+
+ private String decodeSanList(Collection<List<?>> subjectAlternativeNames) {
+ List<Pair<String, String>> decodedEntries = new ArrayList<>();
+ for (List<?> entry : subjectAlternativeNames) {
+ Object indexData = entry.get(0);
+ Object data = entry.get(1);
+ if (indexData instanceof Integer) {
+ Integer generalNameIndex = (Integer) indexData;
+ String description =
sanGeneralNameIndexToName(generalNameIndex);
+ String valueString = sanDataToString(data);
+ decodedEntries.add(Pair.of(description, valueString));
+ }
+ }
+ return decodedEntries.stream()
+ .map(e -> e.getKey() + ": " + e.getValue())
+ .collect(Collectors.joining(", "));
+ }
+
+ private String sanDataToString(Object data) {
+ if (data instanceof String) {
+ return (String) data;
+ }
+ return Hex.encodeHexString((byte[]) data);
+ }
+
+ private String sanGeneralNameIndexToName(Integer index) {
+ String description;
+ if (index < SAN_GENERAL_NAMES.size()) {
+ description = SAN_GENERAL_NAMES.get(index);
+ } else {
+ description = "UNKNOWN_SAN_GENERAL_NAME";
+ }
+ return description;
+ }
+
private X509Certificate[] toX509Certificates(Certificate[] chain) {
X509Certificate[] x509certs = new X509Certificate[chain.length];
for (int i = 0; i < x509certs.length; i++) {
diff --git a/xdocs/changes.xml b/xdocs/changes.xml
index e4bbbe9..7547653 100644
--- a/xdocs/changes.xml
+++ b/xdocs/changes.xml
@@ -129,6 +129,7 @@ Summary
<li><pr>648</pr>Updated xmlgraphics-commons to 2.6 (from 2.3). Contributed
by Stefan Seide (stefan @ trilobyte.se.de)</li>
<li><pr>655</pr>Updated x-stream to 1.4.16 (from 1.4.15). Contributed by
Stefan Seide (stefan @ trilobyte.se.de)</li>
<li><pr>656</pr>Updated json-smart to 2.4.1 (from 2.3) and accessors-smart
to 1.3 (from 1.2). Contributed by Stefan Seide (stefan @ trilobyte.se.de)</li>
+ <li><bug>64831</bug>Log truststore entries in debug level for logger
<code>org.apache.jmeter.util.keystore.JmeterKeyStore</code></li>
</ul>
<!-- =================== Bug fixes =================== -->
