Author: fschumacher
Date: Sat Nov 24 15:40:02 2018
New Revision: 1847368
URL: http://svn.apache.org/viewvc?rev=1847368&view=rev
Log:
Use different cn and type of SAN extension when we are generating
certificates based on IP addresses.
Bugzilla Id: 62940
Modified:
jmeter/trunk/src/jorphan/org/apache/jorphan/exec/KeyToolUtils.java
jmeter/trunk/test/src/org/apache/jorphan/exec/TestKeyToolUtils.java
jmeter/trunk/xdocs/changes.xml
Modified:
jmeter/trunk/src/jorphan/org/apache/jorphan/exec/KeyToolUtils.java
URL:
http://svn.apache.org/viewvc/jmeter/trunk/src/jorphan/org/apache/jorphan/exec/KeyToolUtils.java?rev=1847368&r1=1847367&r2=1847368&view=diff
==============================================================================
--- jmeter/trunk/src/jorphan/org/apache/jorphan/exec/KeyToolUtils.java
(original)
+++ jmeter/trunk/src/jorphan/org/apache/jorphan/exec/KeyToolUtils.java Sat
Nov 24 15:40:02 2018
@@ -30,6 +30,7 @@ import java.util.List;
import org.apache.commons.io.FileUtils;
import org.apache.commons.lang3.SystemUtils;
+import org.apache.commons.lang3.math.NumberUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
@@ -281,8 +282,8 @@ public class KeyToolUtils {
private static void generateSignedCert(File keystore, String password,
int validity, String alias, String subject) throws
IOException {
- String dname = "cn=" + subject + ", o=JMeter Proxy (TEMPORARY
TRUST ONLY)";
- String ext = "san=dns:" + subject;
+ String dname = "cn=" + guardSubjectName(subject) + ", o=JMeter
Proxy (TEMPORARY TRUST ONLY)";
+ String ext = "san=" + chooseExtension(subject);
KeyToolUtils.genkeypair(keystore, alias, password, validity,
dname, ext);
//rem generate cert for DOMAIN using CA and import it
@@ -302,6 +303,34 @@ public class KeyToolUtils {
}
/**
+ * The subject name of an certificate must not start with a number or
else the keytool will bark.
+ * To mitigate this prefix the argument with a word, if it starts
with a number.
+ *
+ * @param subject name of the host or an IP address
+ * @return a string that is safe to use as subject name
+ */
+ private static String guardSubjectName(String subject) {
+ if (NumberUtils.isDigits(subject.substring(0,1))) {
+ return "ip" + subject;
+ }
+ return subject;
+ }
+
+ /**
+ * The SAN (subject alternative name) includes the IP address or
hostname of the service, but the types
+ * are different for IP address and hostname.
+ *
+ * @param subject name of the host or its IP address
+ * @return prefixed extension
+ */
+ private static String chooseExtension(String subject) {
+ if (NumberUtils.isDigits(subject.substring(0,1))) {
+ return "ip:" + subject;
+ }
+ return "dns:" + subject;
+ }
+
+ /**
* List the contents of a keystore
*
* @param keystore
Modified:
jmeter/trunk/test/src/org/apache/jorphan/exec/TestKeyToolUtils.java
URL:
http://svn.apache.org/viewvc/jmeter/trunk/test/src/org/apache/jorphan/exec/TestKeyToolUtils.java?rev=1847368&r1=1847367&r2=1847368&view=diff
==============================================================================
--- jmeter/trunk/test/src/org/apache/jorphan/exec/TestKeyToolUtils.java
(original)
+++ jmeter/trunk/test/src/org/apache/jorphan/exec/TestKeyToolUtils.java
Sat Nov 24 15:40:02 2018
@@ -24,14 +24,35 @@ package org.apache.jorphan.exec;
import static org.junit.Assert.fail;
+import java.io.File;
import java.io.IOException;
import java.util.ArrayList;
import java.util.List;
+import org.apache.commons.lang3.RandomStringUtils;
+import org.junit.After;
+import org.junit.Before;
import org.junit.Test;
public class TestKeyToolUtils {
+ private File keystore;
+ private String password = RandomStringUtils.randomAlphabetic(32);
+ private int validity = 1;
+
+ @Before
+ public void setup() throws IOException {
+ keystore = File.createTempFile("dummy-keystore", "jks");
+ keystore.deleteOnExit();
+ KeyToolUtils.generateProxyCA(keystore, password , validity );
+ }
+
+ @After
+ public void cleanup() {
+ if (keystore.exists()) {
+ keystore.delete();
+ }
+ }
/*
* Check the assumption that a missing executable will generate
@@ -51,4 +72,15 @@ public class TestKeyToolUtils {
} catch (IOException expected) {
}
}
+
+ @Test
+ public void testIPBasedCert() throws Exception {
+ KeyToolUtils.generateHostCert(keystore, password, "10.1.2.3",
validity);
+ }
+
+ @Test
+ public void testDNSNameBasedCert() throws Exception {
+ KeyToolUtils.generateHostCert(keystore, password,
"www.example.invalid", validity);
+ }
+
}
Modified: jmeter/trunk/xdocs/changes.xml
URL:
http://svn.apache.org/viewvc/jmeter/trunk/xdocs/changes.xml?rev=1847368&r1=1847367&r2=1847368&view=diff
==============================================================================
--- jmeter/trunk/xdocs/changes.xml [utf-8] (original)
+++ jmeter/trunk/xdocs/changes.xml [utf-8] Sat Nov 24 15:40:02 2018
@@ -149,6 +149,7 @@ of previous time slot as a base. Startin
<li><bug>62785</bug><pr>400</pr>Incomplete search path applied to the
filenames used in the upload functionality of the HTTP sampler. Implemented
by Artem Fedorov (artem.fedorov at blazemeter.com) and contributed by
BlazeMeter.</li>
<li><bug>62842</bug>HTTP(S) Test Script Recorder: Brotli compression
is not supported leading to "<code>Content Encoding Error</code>"</li>
<li><bug>60424</bug>Hessian Burlap application: JMeter inserts
<code>0x0D</code> before <code>0x0A</code> automatically (http binary post
data)</li>
+ <li><bug>62940</bug>Use different <code>cn</code> and type of SAN
extension when we are generating certificates based on IP addresses.</li>
</ul>
<h3>Other Samplers</h3>
