https://bz.apache.org/bugzilla/show_bug.cgi?id=64776
Bug ID: 64776
Summary: Add the possibility to Install additional
SecurityProvider
Product: JMeter
Version: 5.3
Hardware: PC
Status: NEW
Severity: normal
Priority: P2
Component: Main
Assignee: [email protected]
Reporter: [email protected]
Target Milestone: JMETER_5.3.1
Created attachment 37476
--> https://bz.apache.org/bugzilla/attachment.cgi?id=37476&action=edit
My Solution of the Problem
Hello,
I need to test an HTTP Endpoint, that requires the use of eliptic-curve
algorithms (i.e. brainPool256r1), but these curves are not supported by the
jvm. To make this possible it is required to install additional security
proivders (in my case: BouncyCastleProvider and BouncyCastleJsseProvider).
My problem is: the BouncyCastleJsseProvider needs to be configured to use the
BouncyCastleProvider ( new BouncyCastleJsseProvider("BC") ).
I tried these ways, but this won't work:
1.) Adding these SecurityProvider to the java config file (java.security) -
here I can add a security provider, but I can't configure it.
2.) Create a plugin that installs these at Test-Start (via the
TestStateListener-Interface)
Than I tried this (and this is working):
I add the Security-Provider as soon a possible in the startup of JMeter -
direct in the Method: start() of org.apache.jmeter.JMeter (Module: core) - And
this is working.
But I do not know if this is the best place to add...
I attach you my version of the JMeter.java file.
My changes:
the two functions:
private void addSecurityProvider(Properties properties)
private void addSecurityProvider(String securityProviderConfig)
and the call of the first method in the start-method (line:560 - direct after
initializeProperties(parser))
The usage is:
With these changes you could add a security-provider by adding
jmeter-properties (security.provider and security.provider.x) to the command
line. The format of the property-value musst be: <full qualified
classname>:<position>:<config-string>
full qualified classname: The full qualifiedname of the SecurityProviderClass
position: The position of the SecurityProvider in the SecurityProviderList
(Security.insertProviderAt(provider,position)
conifg: if present the Constructor with one String argument will be called and
this will be given as argument. (As fallback the default constructor will be
used)
jmeter -J
security.provider.2="org.bouncycastle.jsse.provider.BouncyCastleJsseProvider:2:BC"
-J security.provider="org.bouncycastle.jce.provider.BouncyCastleProvider:1"
The provider will be installed in order of the propertynames
(security.provider,security.provider.1,security.provider.2,...)
--
You are receiving this mail because:
You are the assignee for the bug.
