bloritsch 01/11/01 12:35:52
Modified: bin jmeter.properties
src/org/apache/jmeter/util IaikSSLManager.java
JsseSSLManager.java SSLManager.java
src/org/apache/jmeter/util/keystore JmeterKeyStore.java
Log:
Current state of SSL Management infrastructure
Revision Changes Path
1.32 +3 -1 jakarta-jmeter/bin/jmeter.properties
Index: jmeter.properties
===================================================================
RCS file: /home/cvs/jakarta-jmeter/bin/jmeter.properties,v
retrieving revision 1.31
retrieving revision 1.32
diff -u -r1.31 -r1.32
--- jmeter.properties 2001/10/29 22:03:13 1.31
+++ jmeter.properties 2001/11/01 20:35:52 1.32
@@ -20,8 +20,10 @@
#And the package name where Stream Handlers can be found
#These provided defaults can be uncommented, and they will work if you are using
#Sun's JSSE implementation.
-#ssl.provider=com.sun.net.ssl.internal.ssl.Provider
+ssl.provider=com.sun.net.ssl.internal.ssl.Provider
#ssl.pkgs=com.sun.net.ssl.internal.www.protocol
+#ssl.provider=iaik.security.jsse.provider.IAIKJSSEProvider
+javax.net.ssl.trustStore=/Documents and Settings/bloritsch/Desktop/giacomo/cacerts
#Alternative protocol of the ssl provider for IAIK JCE + iSaSiLk
#ssl.pkgs=iaik.protocol
1.8 +57 -28 jakarta-jmeter/src/org/apache/jmeter/util/IaikSSLManager.java
Index: IaikSSLManager.java
===================================================================
RCS file: /home/cvs/jakarta-jmeter/src/org/apache/jmeter/util/IaikSSLManager.java,v
retrieving revision 1.7
retrieving revision 1.8
diff -u -r1.7 -r1.8
--- IaikSSLManager.java 2001/11/01 16:30:26 1.7
+++ IaikSSLManager.java 2001/11/01 20:35:52 1.8
@@ -55,15 +55,17 @@
package org.apache.jmeter.util;
import iaik.protocol.https.HttpsURLConnection;
-import iaik.security.ssl.KeyAndCert;
import iaik.security.ssl.SSLClientContext;
-import iaik.security.ssl.SSLContext;
+import iaik.security.ssl.ClientTrustDecider;
+import iaik.security.ssl.SSLCertificate;
import org.apache.jmeter.gui.GuiPackage;
import org.apache.jmeter.util.keystore.JmeterKeyStore;
import java.net.HttpURLConnection;
import java.security.KeyStore;
import java.security.PrivateKey;
+import java.security.Principal;
+import java.security.Provider;
import java.security.cert.X509Certificate;
/**
@@ -74,35 +76,59 @@
* make a decision, it will pop open a dialog asking you for more information.
*
* @author <a href="[EMAIL PROTECTED]">Berin Loritsch</a>
- * @version CVS $Revision: 1.7 $ $Date: 2001/11/01 16:30:26 $
+ * @version CVS $Revision: 1.8 $ $Date: 2001/11/01 20:35:52 $
*/
public class IaikSSLManager extends SSLManager {
- private SSLContext context;
- private KeyAndCert identity;
+ private SSLClientContext context;
- public void setContext(HttpURLConnection conn) {
- if (conn instanceof HttpsURLConnection) {
- HttpsURLConnection secureConn = (HttpsURLConnection) conn;
- secureConn.setSSLContext(this.context);
+ protected static class AlwaysTrustDecider implements ClientTrustDecider {
+ protected X509Certificate[] certs;
+
+ public AlwaysTrustDecider(KeyStore store) {
+ try {
+ java.util.Enumeration enum = store.aliases();
+ java.util.ArrayList list = new java.util.ArrayList(store.size());
+ while (enum.hasMoreElements())
+ {
+ String alias = (String) enum.nextElement();
+ System.out.print("AlwaysTrustDecider alias: " + alias);
+
+ if (store.isCertificateEntry(alias)) {
+ list.add(store.getCertificate(alias));
+ System.out.println(" INSTALLED");
+ } else {
+ System.out.println(" SKIPPED");
+ }
+ }
+ this.certs = (X509Certificate[]) list.toArray(new X509Certificate[]
{});
+ } catch (Exception e) {
+ this.certs = null;
+ }
}
- }
- /**
- * Opens and initializes the KeyStore. If the password for the KeyStore is
- * not set, this method will prompt you to enter it. Unfortunately, there is
- * no PasswordEntryField available from JOptionPane.
- */
- private KeyAndCert getKeyAndCert() {
- if (null == this.identity) {
- JmeterKeyStore keyStore = this.getKeyStore();
- X509Certificate[] certs = keyStore.getCertificateChain();
- PrivateKey key = keyStore.getPrivateKey();
- System.out.println("Alias: " + keyStore.getAlias());
+ public boolean isTrustedPeer(SSLCertificate cert) {
+ System.out.println("AlwaysTrustDecider: isTrusted???\n" +
cert.toString());
+ return true;
+ }
- this.identity = new KeyAndCert(certs, key);
+ public PrivateKey getPrivateKey() {
+ System.out.println("AlwaysTrustDecider: getPrivateKey");
+ return null;
}
- return this.identity;
+ public SSLCertificate getCertificate(byte[] cert, Principal[] p1, String
p2) {
+ System.out.println("AlwaysTrustDecider: getCertificate");
+ try {
+ X509Certificate newCert = new iaik.x509.X509Certificate(cert);
+ return new
SSLCertificate(iaik.x509.ChainVerifier.orderCertificateChain(newCert, this.certs));
+ } catch (Exception e) {}
+ return null;
+ }
+ }
+
+ public void setContext(HttpURLConnection conn) {
+ HttpsURLConnection secureConn = (HttpsURLConnection) conn;
+ secureConn.setSSLContext(this.context);
}
/**
@@ -110,18 +136,21 @@
* this object. Create the SSLContext, and wrap all the X509KeyManagers with
* our X509KeyManager so that we can choose our alias.
*/
- protected IaikSSLManager() {
+ public IaikSSLManager(Provider provider) {
this.setProvider(new iaik.security.provider.IAIK());
this.setProvider(new sun.security.provider.Sun());
- SSLClientContext clientContext = new SSLClientContext();
+ this.context = new SSLClientContext();
if ("all".equalsIgnoreCase(JMeterUtils.getPropDefault("javax.net.debug",
"none"))) {
- clientContext.setDebugStream(System.err);
+ this.context.setDebugStream(System.err);
}
- clientContext.addClientCredentials(this.getKeyAndCert());
+ JmeterKeyStore keyStore = this.getKeyStore();
+ this.context.setTrustDecider(new AlwaysTrustDecider(this.getTrustStore()));
+ this.context.addClientCredentials(keyStore.getCertificateChain(),
+ keyStore.getPrivateKey());
- this.context = clientContext;
+ System.out.println(keyStore.getClass().toString());
System.out.println("IaikSSLManager installed");
}
}
1.8 +100 -30 jakarta-jmeter/src/org/apache/jmeter/util/JsseSSLManager.java
Index: JsseSSLManager.java
===================================================================
RCS file: /home/cvs/jakarta-jmeter/src/org/apache/jmeter/util/JsseSSLManager.java,v
retrieving revision 1.7
retrieving revision 1.8
diff -u -r1.7 -r1.8
--- JsseSSLManager.java 2001/11/01 16:27:58 1.7
+++ JsseSSLManager.java 2001/11/01 20:35:52 1.8
@@ -76,27 +76,97 @@
* make a decision, it will pop open a dialog asking you for more information.
*
* @author <a href="[EMAIL PROTECTED]">Berin Loritsch</a>
- * @version CVS $Revision: 1.7 $ $Date: 2001/11/01 16:27:58 $
+ * @version CVS $Revision: 1.8 $ $Date: 2001/11/01 20:35:52 $
*/
public class JsseSSLManager extends SSLManager {
/** Cache the SecureRandom instance because it takes a long time to create */
private SecureRandom rand;
/** Cache the Context so we can retrieve it from other places */
private SSLContext context = null;
+ private Provider pro = null;
+ protected static class AlwaysTrustManager implements X509TrustManager {
+ protected X509Certificate[] certs;
+
+ public AlwaysTrustManager(KeyStore store) {
+ try {
+ java.util.Enumeration enum = store.aliases();
+ java.util.ArrayList list = new java.util.ArrayList(store.size());
+ while (enum.hasMoreElements())
+ {
+ String alias = (String) enum.nextElement();
+ System.out.print("AlwaysTrustManager alias: " + alias);
+
+ if (store.isCertificateEntry(alias)) {
+ list.add(store.getCertificate(alias));
+ System.out.println(" INSTALLED");
+ } else {
+ System.out.println(" SKIPPED");
+ }
+ }
+ this.certs = (X509Certificate[]) list.toArray(new X509Certificate[]
{});
+ } catch (Exception e) {
+ this.certs = null;
+ }
+ }
+
+ public X509Certificate[] getAcceptedIssuers() {
+ System.out.println("Get accepted Issuers");
+ return certs;
+ }
+
+ public boolean isClientTrusted(X509Certificate[] chain) {
+ System.out.println("Is client trusted ???");
+ return true;
+ }
+
+ public boolean isServerTrusted(X509Certificate[] chain) {
+ System.out.println("Is server trusted ???");
+ return true;
+ }
+ }
+
/**
* Returns the SSLContext we are using. It is useful for obtaining the
SSLSocketFactory
* so that your created sockets are authenticated.
*/
private SSLContext getContext() {
+ if (null == this.context) {
+ try {
+ this.context = SSLContext.getInstance("TLS", this.pro);
+ } catch (Exception e) {
+ try {
+ this.context = SSLContext.getInstance("TLS");
+ } catch (Exception ee) {}
+ }
+
+ try {
+ KeyManagerFactory managerFactory =
KeyManagerFactory.getInstance("SunX509");
+ JmeterKeyStore keys = this.getKeyStore();
+ managerFactory.init(null, this.defaultpw.toCharArray());
+ KeyManager[] managers = managerFactory.getKeyManagers();
+ System.out.println(keys.getClass().toString());
+
+ for (int i = 0; i < managers.length; i++) {
+ if (managers[i] instanceof X509KeyManager) {
+ X509KeyManager manager = (X509KeyManager) managers[i];
+ managers[i] = new WrappedX509KeyManager(manager, keys);
+ }
+ }
+
+ TrustManager[] trusts = new TrustManager[] {new
AlwaysTrustManager(this.getTrustStore())};
+ context.init(managers, trusts, this.rand);
+
HttpsURLConnection.setDefaultSSLSocketFactory(context.getSocketFactory());
+ } catch (Exception e) {
+ }
+ }
+
return this.context;
}
public void setContext(HttpURLConnection conn) {
- if (conn instanceof HttpsURLConnection) {
- HttpsURLConnection secureConn = (HttpsURLConnection) conn;
- secureConn.setSSLSocketFactory(this.getContext().getSocketFactory());
- }
+ HttpsURLConnection secureConn = (HttpsURLConnection) conn;
+ secureConn.setSSLSocketFactory(this.getContext().getSocketFactory());
}
/**
@@ -104,7 +174,17 @@
* this object. Create the SSLContext, and wrap all the X509KeyManagers with
* our X509KeyManager so that we can choose our alias.
*/
- protected JsseSSLManager() {
+ public JsseSSLManager(Provider provider) {
+ setProvider(provider);
+ try {
+ Class iaikProvider =
SSLManager.class.getClassLoader().loadClass("iaik.security.jsse.provider.IAIKJSSEProvider");
+ setProvider((Provider) iaikProvider.newInstance());
+ } catch (Exception e) {}
+ try {
+ Class sunProvider =
SSLManager.class.getClassLoader().loadClass("com.sun.net.ssl.internal.ssl.Provider");
+ setProvider((Provider) sunProvider.newInstance());
+ } catch (Exception e) {}
+
if (null == this.rand) {
this.rand = new SecureRandom();
}
@@ -113,33 +193,14 @@
System.setProperty("javax.net.debug", "all");
}
+ this.getContext();
System.out.println("JsseSSLManager installed");
}
-
- protected void setProvider(Provider sslProvider) {
- super.setProvider(sslProvider);
-
- try {
- this.context = SSLContext.getInstance("TLS", sslProvider);
- KeyManagerFactory managerFactory =
KeyManagerFactory.getInstance("SunX509");
- JmeterKeyStore keys = this.getKeyStore();
- managerFactory.init(null, this.defaultpw.toCharArray());
- KeyManager[] managers = managerFactory.getKeyManagers();
- TrustManagerFactory trustFactory =
TrustManagerFactory.getInstance("SunX509");
- KeyStore certs = this.getTrustStore();
- trustFactory.init(certs);
- TrustManager[] trusts = trustFactory.getTrustManagers();
-
- for (int i = 0; i < managers.length; i++) {
- if (managers[i] instanceof X509KeyManager) {
- X509KeyManager manager = (X509KeyManager) managers[i];
- managers[i] = new WrappedX509KeyManager(manager, keys);
- }
- }
- context.init(managers, trusts, this.rand);
-
HttpsURLConnection.setDefaultSSLSocketFactory(context.getSocketFactory());
- } catch (Exception e) {
+ protected final void setProvider(Provider p) {
+ super.setProvider(p);
+ if (null == this.pro) {
+ this.pro = p;
}
}
@@ -189,6 +250,8 @@
* @param issuers The CA certificates we are narrowing our selection on.
*/
public String[] getClientAliases(String keyType, Principal[] issuers) {
+ System.out.println("WrappedX509Manager: getClientAliases: ");
+ System.out.println(new String[] {this.store.getAlias()});
return new String[] {this.store.getAlias()};
}
@@ -200,6 +263,8 @@
* @param issuers The CA certificates we are narrowing our selection on.
*/
public String chooseServerAlias(String keyType, Principal[] issuers) {
+ System.out.println("WrappedX509Manager: chooseServerAlias: " +
+ this.manager.chooseServerAlias(keyType, issuers));
return this.manager.chooseServerAlias(keyType, issuers);
}
@@ -211,6 +276,8 @@
* @param issuers The CA certificates we are narrowing our selection on.
*/
public String[] getServerAliases(String keyType, Principal[] issuers) {
+ System.out.println("WrappedX509Manager: getServerAliases: ");
+ System.out.println(this.manager.getServerAliases(keyType, issuers));
return this.manager.getServerAliases(keyType, issuers);
}
@@ -220,6 +287,8 @@
* @param alias The client alias
*/
public X509Certificate[] getCertificateChain(String alias) {
+ System.out.println("WrappedX509Manager: getCertificateChain(" + alias +
")");
+ System.out.println(this.store.getCertificateChain());
return this.store.getCertificateChain();
}
@@ -229,6 +298,7 @@
* @param alias The client alias
*/
public PrivateKey getPrivateKey(String alias) {
+ System.out.println("WrappedX509Manager: getPrivateKey: " +
this.store.getPrivateKey());
return this.store.getPrivateKey();
}
}
1.11 +16 -27 jakarta-jmeter/src/org/apache/jmeter/util/SSLManager.java
Index: SSLManager.java
===================================================================
RCS file: /home/cvs/jakarta-jmeter/src/org/apache/jmeter/util/SSLManager.java,v
retrieving revision 1.10
retrieving revision 1.11
diff -u -r1.10 -r1.11
--- SSLManager.java 2001/11/01 16:27:58 1.10
+++ SSLManager.java 2001/11/01 20:35:52 1.11
@@ -54,6 +54,7 @@
*/
package org.apache.jmeter.util;
+import java.lang.reflect.Constructor;
import java.io.File;
import java.io.FileInputStream;
import java.security.Provider;
@@ -73,7 +74,7 @@
* make a decision, it will pop open a dialog asking you for more information.
*
* @author <a href="[EMAIL PROTECTED]">Berin Loritsch</a>
- * @version CVS $Revision: 1.10 $ $Date: 2001/11/01 16:27:58 $
+ * @version CVS $Revision: 1.11 $ $Date: 2001/11/01 20:35:52 $
*/
public abstract class SSLManager {
/** Singleton instance of the manager */
@@ -173,9 +174,10 @@
}
} catch (Exception e) {
}
- }
+ System.out.println("JmeterKeyStore Location: " + fileName);
System.out.println("JmeterKeyStore type: " +
this.keyStore.getClass().toString());
+ }
return this.keyStore;
}
@@ -185,18 +187,13 @@
*/
protected KeyStore getTrustStore() {
if (null == this.trustStore) {
- String fileName =
JMeterUtils.getPropDefault("javax.net.ssl.trustStore", null);
+ String fileName =
JMeterUtils.getPropDefault("javax.net.ssl.trustStore", "");
System.setProperty("javax.net.ssl.trustStore", fileName);
try {
if (fileName.endsWith(".iaik")) {
this.trustStore = KeyStore.getInstance("IAIKKeyStore", "IAIK");
- }
- if (fileName.endsWith(".p12") || fileName.endsWith(".P12")) {
- this.trustStore = KeyStore.getInstance("pkcs12");
- System.out.println("KeyStore Type: PKCS 12");
- System.setProperty("javax.net.ssl.keyStoreType", "pkcs12");
- } else {
+ } else {
this.trustStore = KeyStore.getInstance("JKS");
System.out.println("KeyStore Type: JKS");
}
@@ -214,15 +211,18 @@
if (initStore.exists()) {
try {
- this.trustStore.load(new FileInputStream(initStore),
"changeit".toCharArray());
+ this.trustStore.load(new FileInputStream(initStore), null);
} catch (Exception e) {
throw new RuntimeException("Can't load KeyStore!!! " +
e.getMessage());
}
} else {
- this.trustStore.load(null, "changeit".toCharArray());
+ this.trustStore.load(null, null);
}
} catch (Exception e) {
}
+
+ System.out.println("TrustStore Location: " + fileName);
+ System.out.println("TrustStore type: " +
this.keyStore.getClass().toString());
}
return this.trustStore;
@@ -249,9 +249,9 @@
}
try {
- Class clazz =
SSLManager.class.getClassLoader().loadClass(classname);
- SSLManager.manager = (SSLManager) clazz.newInstance();
- SSLManager.manager.setProvider(SSLManager.sslProvider);
+ Class clazz = Class.forName(classname);
+ Constructor con = clazz.getConstructor(new Class[]
{Provider.class});
+ SSLManager.manager = (SSLManager) con.newInstance(new Object[]
{SSLManager.sslProvider});
} catch (Exception e) {
e.printStackTrace(System.err);
SSLManager.isSSLSupported = false;
@@ -275,20 +275,9 @@
{
try {
SSLManager.sslProvider =
(Provider)Class.forName(JMeterUtils.getPropDefault("ssl.provider",null)).newInstance();
- } catch (Exception ssl) {
- try {
- Class iaikProvider =
SSLManager.class.getClassLoader().loadClass("iaik.security.jsse.provider.IAIKJSSEProvider");
- SSLManager.sslProvider = (Provider) iaikProvider.newInstance();
- //System.setProperty("java.protocol.handler.pkgs", "iaik.protocol");
- } catch (Exception e) {
- try {
- Class sunProvider =
SSLManager.class.getClassLoader().loadClass("com.sun.net.ssl.internal.ssl.Provider");
- SSLManager.sslProvider = (Provider) sunProvider.newInstance();
- } catch (Exception noSSL) {
- SSLManager.isSSLSupported = false;
- SSLManager.sslProvider = null;
- }
- }
+ } catch (Exception noSSL) {
+ SSLManager.isSSLSupported = false;
+ SSLManager.sslProvider = null;
}
try {
1.3 +6 -2
jakarta-jmeter/src/org/apache/jmeter/util/keystore/JmeterKeyStore.java
Index: JmeterKeyStore.java
===================================================================
RCS file:
/home/cvs/jakarta-jmeter/src/org/apache/jmeter/util/keystore/JmeterKeyStore.java,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -r1.2 -r1.3
--- JmeterKeyStore.java 2001/10/31 18:42:35 1.2
+++ JmeterKeyStore.java 2001/11/01 20:35:52 1.3
@@ -64,7 +64,7 @@
* Use this Keystore for JMeter specific KeyStores.
*
* @author <a href="[EMAIL PROTECTED]">Berin Loritsch</a>
- * @version CVS $Revision: 1.2 $ $Date: 2001/10/31 18:42:35 $
+ * @version CVS $Revision: 1.3 $ $Date: 2001/11/01 20:35:52 $
*/
public abstract class JmeterKeyStore {
@@ -98,6 +98,10 @@
} catch (Exception e) {}
}
- return new DefaultKeyStore(type);
+ Class keyStore = Class.forName
+ ("org.apache.jmeter.util.keystore.DefaultKeyStore");
+ Constructor con = keyStore.getConstructor(
+ new Class[] {String.class});
+ return (JmeterKeyStore) con.newInstance(new Object[] {type});
}
}
--
To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
