https://bz.apache.org/bugzilla/show_bug.cgi?id=64831
Bug ID: 64831
Summary: Create a certificate alias listing/sampler
Product: JMeter
Version: 5.2
Hardware: PC
Status: NEW
Severity: enhancement
Priority: P2
Component: Main
Assignee: [email protected]
Reporter: [email protected]
Target Milestone: JMETER_5.3.1
While trying to use Windows-MY with JMeter one does not know the format of the
aliases generated unless you read the C/Java code of the MSCAPI module in the
JDK. Yes, I have looked into the code which format is used and an index is
appended if common names collide.
At the end you have to write a simple Java program:
> KeyStore ks = KeyStore.getInstance("Windows-MY");
> ks.load(null, null);
> Enumeration<String> aliases = ks.aliases();
>
> int i = 1;
> while(aliases.hasMoreElements()) {
> String alias = aliases.nextElement();
> System.out.printf("#%03d: %s%n", i++, alias);
> X509Certificate cert = (X509Certificate) ks.getCertificate(alias);
> System.out.println(cert.getNotAfter().toInstant());
> }
Output:
> #001: *.siemens.com
> 2022-11-23T16:34:58Z
> #002: Osipov Michael (1)
> 2021-10-16T08:01:04Z
> #003: Osipov Michael (2)
> 2021-10-16T08:17:34Z
> #004: Osipov Michael
> 2014-07-05T07:57:48Z
> #005: *.ad001.siemens.net
> 2022-09-16T23:01:13Z
> #006: DO_NOT_TRUST_FiddlerRoot-CE
> 2022-09-16T23:00:11Z
> #007: Osipov Michael (3)
> 2017-06-30T08:44:39Z
> #008: Osipov Michael (4)
> 2019-10-19T08:52:59Z
Or use KeyStore Explorer to open Windows-MY. Since a smartcard stores all old
certificates you cannot really guess the index. At the end it was "Osipov
Michael (1)"
Note that I always have two valid vertificates: Identify verification and email
encryption. Chosing the wrong gives an exception.
The enhancement request is to either create a new sampler of extend the debug
sampler will can print out aliases along with basic certificate information,
especially with extended key usages to identify the proper certificate. The
required OID for Client Cert Auth is 1.3.6.1.5.5.7.3.2.
Here is a selection of OIDs I do process:
> EXTENDED_KEY_USAGES.put("1.3.6.1.5.5.7.3.9",
> "Signing Online Certificate Status Protocol (OCSP) responses");
> EXTENDED_KEY_USAGES.put("1.3.6.1.4.1.311.20.2.2", "Smartcard logon to
> Microsoft Windows");
> EXTENDED_KEY_USAGES.put("1.3.6.1.4.1.311.10.3.4",
> "Can use encrypted file systems (EFS) (EFS_CRYPTO)");
> EXTENDED_KEY_USAGES.put("1.3.6.1.4.1.311.10.3.4.1",
> "Can use encrypted file systems (EFS) (EFS_RECOVERY)");
> EXTENDED_KEY_USAGES.put("1.3.6.1.5.5.7.3.1",
> "Transport Layer Security (TLS) World Wide Web (WWW) server
> authentication");
> EXTENDED_KEY_USAGES.put("1.3.6.1.5.5.7.3.2",
> "Transport Layer Security (TLS) World Wide Web (WWW) client
> authentication");
> EXTENDED_KEY_USAGES.put("1.3.6.1.5.5.7.3.3", "Signing of downloadable
> executable code");
> EXTENDED_KEY_USAGES.put("1.3.6.1.5.5.7.3.4", "Email protection");
> EXTENDED_KEY_USAGES.put("1.3.6.1.5.5.7.3.8", "Time stamping");
JMeter works with Windows-MY by setting the keyStoreType=Windows-MY at startup.
My PIN dialog pops up and Apache HTTPd accepts my cert from my smartcard.
--
You are receiving this mail because:
You are the assignee for the bug.
