[Bug 53911] New: JmeterKeystore does not allow for key down the list of certificate

[bugzilla]

https://issues.apache.org/bugzilla/show_bug.cgi?id=53911

          Priority: P2
            Bug ID: 53911
          Assignee: issues@jmeter.apache.org
           Summary: JmeterKeystore does not allow for key down the list of
                    certificate
          Severity: regression
    Classification: Unclassified
          Reporter: testers...@gmail.com
          Hardware: Macintosh
            Status: NEW
           Version: 2.7
         Component: Main
           Product: JMeter

When the keyStore contains trustedCertEntry entries alongside the
PrivateKeyEntry and the PrivateKeyEntry is not the 1st entry in the keyStore,
Jmeter 2.7's JmeterKeystore.load cannot find the key. It throws an exception
which accompanying message reads "No key(s) found".

The reason lies in the implementation of the load method. Its skeleton when
scanning the aliases is:

         if (null != is){ // is is the InputStream
            PrivateKey _key = null;
            int index = 0;
            Enumeration<String> aliases = store.aliases();
            while (aliases.hasMoreElements()) {
                String alias = aliases.nextElement();
                if (store.isKeyEntry(alias)) {
                    if ((index >= startIndex && index <= endIndex)) {
                        _key = (PrivateKey) store.getKey(alias,...);
                        if (null == _key) {
                            throw new Exception(...);
                        }
                        ...
                        v_names.add(alias);
                        ...
                    }
                }
                index++;
            }

            if (null == _key) { // Defect: source of problem
               throw new Exception("No key(s) found");
            }
        }
        int v_size = v_names.size();
        ...

So:
- The location test of _key itself would be a problem because _key would always
be the last entry read in the keyStore, which might not be the private key.
- But the fact that startIndex and endIndex are 0 (default initialisation
values of implicitly initialised arguments, see SSLManager.java) implies that
the private key would be found only if it was the 1st entry in the keystore. I
didn't find any hint that this is a JSSE requirement.

Assuming that only 1 key can be loaded (another source file states that no
provision has been made to allow the user to specify one key amongst many) I
think that:
- the "if ((index >= startIndex && index <= endIndex))" condition gets in the
way;
- the validation that a key does exist in the keystore would be better done by
asserting that "v_size != 0".

Note that JMeter 2.4 was loading the keystore along the lines I'm suggesting,
which is no surprise since I located the problem by investigating how JMeter
2.4 was getting it right when 2.7 was failing (on the same keystore).

-- 
You are receiving this mail because:
You are the assignee for the bug.