bloritsch 01/10/24 10:11:39 Modified: src/org/apache/jmeter/util JsseSSLManager.java IaikSSLManager.java Log: Add support to print out debug messages. Revision Changes Path 1.3 +4 -2 jakarta-jmeter/src/org/apache/jmeter/util/JsseSSLManager.java Index: JsseSSLManager.java =================================================================== RCS file: /home/cvs/jakarta-jmeter/src/org/apache/jmeter/util/JsseSSLManager.java,v retrieving revision 1.2 retrieving revision 1.3 diff -u -r1.2 -r1.3 --- JsseSSLManager.java 2001/10/24 16:24:34 1.2 +++ JsseSSLManager.java 2001/10/24 17:11:39 1.3 @@ -76,7 +76,7 @@ * make a decision, it will pop open a dialog asking you for more information. * * @author <a href="[EMAIL PROTECTED]">Berin Loritsch</a> - * @version CVS $Revision: 1.2 $ $Date: 2001/10/24 16:24:34 $ + * @version CVS $Revision: 1.3 $ $Date: 2001/10/24 17:11:39 $ */ public class JsseSSLManager extends SSLManager { /** Cache the SecureRandom instance because it takes a long time to create */ @@ -234,7 +234,7 @@ this.rand = new SecureRandom(); } - if ("true".equalsIgnoreCase(JMeterUtils.getPropDefault("debug.ssl", "false"))) { + if ("all".equalsIgnoreCase(JMeterUtils.getPropDefault("javax.net.debug", "none"))) { System.setProperty("javax.net.debug", "all"); } @@ -260,6 +260,8 @@ HttpsURLConnection.setDefaultSSLSocketFactory(context.getSocketFactory()); } catch (Exception e) { } + + System.out.println("JsseSSLManager installed"); } /** 1.2 +75 -56 jakarta-jmeter/src/org/apache/jmeter/util/IaikSSLManager.java Index: IaikSSLManager.java =================================================================== RCS file: /home/cvs/jakarta-jmeter/src/org/apache/jmeter/util/IaikSSLManager.java,v retrieving revision 1.1 retrieving revision 1.2 diff -u -r1.1 -r1.2 --- IaikSSLManager.java 2001/10/24 15:46:55 1.1 +++ IaikSSLManager.java 2001/10/24 17:11:39 1.2 @@ -54,6 +54,12 @@ */ package org.apache.jmeter.util; +import iaik.pkcs.pkcs12.CertificateBag; +import iaik.pkcs.pkcs12.PKCS12; +import iaik.protocol.https.HttpsURLConnection; +import iaik.security.ssl.KeyAndCert; +import iaik.security.ssl.SSLClientContext; +import iaik.security.ssl.SSLContext; import org.apache.jmeter.gui.GuiPackage; import javax.swing.*; @@ -62,7 +68,11 @@ import java.net.HttpURLConnection; import java.security.KeyStore; import java.security.KeyStoreException; +import java.security.PrivateKey; import java.security.Provider; +import java.security.cert.Certificate; +import java.security.cert.X509Certificate; +import java.util.Enumeration; /** * The SSLManager handles the KeyStore information for JMeter. Basically, it @@ -72,14 +82,19 @@ * make a decision, it will pop open a dialog asking you for more information. * * @author <a href="[EMAIL PROTECTED]">Berin Loritsch</a> - * @version CVS $Revision: 1.1 $ $Date: 2001/10/24 15:46:55 $ + * @version CVS $Revision: 1.2 $ $Date: 2001/10/24 17:11:39 $ */ public class IaikSSLManager extends SSLManager { - private static KeyStore keyStore; - private static KeyStore trustStore; - private String defaultpw; + private SSLContext context; + private KeyAndCert identity; + private KeyStore trustStore; + private String defaultpw = JMeterUtils.getJMeterProperties().getProperty("javax.net.ssl.keyStorePassword"); public void setContext(HttpURLConnection conn) { + if (conn instanceof HttpsURLConnection) { + HttpsURLConnection secureConn = (HttpsURLConnection) conn; + secureConn.setSSLContext(this.context); + } } /** @@ -87,10 +102,12 @@ * not set, this method will prompt you to enter it. Unfortunately, there is * no PasswordEntryField available from JOptionPane. */ - private KeyStore getKeyStore() { + private KeyAndCert getKeyAndCert() { String password = this.defaultpw; + KeyStore keyStore = null; + PKCS12 pkcsKey = null; - if (null == this.keyStore) { + if (null == this.identity) { String defaultName = JMeterUtils.getJMeterProperties().getProperty("user.home") + File.separator + ".keystore"; String fileName = JMeterUtils.getJMeterProperties().getProperty("javax.net.ssl.keyStore", defaultName); @@ -98,11 +115,10 @@ try { if (fileName.endsWith(".p12") || fileName.endsWith(".P12")) { - this.keyStore = KeyStore.getInstance("pkcs12"); System.out.println("KeyStore Type: PKCS 12"); System.setProperty("javax.net.ssl.keyStoreType", "pkcs12"); } else { - this.keyStore = KeyStore.getInstance("JKS"); + keyStore = KeyStore.getInstance("JKS"); System.out.println("KeyStore Type: JKS"); } } catch (KeyStoreException e) { @@ -110,7 +126,7 @@ e, JMeterUtils.getResString("ssl_error_title"), JOptionPane.ERROR_MESSAGE); - this.keyStore = null; + keyStore = null; throw new RuntimeException("KeyStore Problem"); } @@ -138,66 +154,59 @@ if (initStore.exists()) { try { - this.keyStore.load(new FileInputStream(initStore), password.toCharArray()); + if (keyStore == null) { + pkcsKey = new PKCS12(new FileInputStream(initStore)); + pkcsKey.decrypt(password.toCharArray()); + } else { + keyStore.load(new FileInputStream(initStore), password.toCharArray()); + } } catch (Exception e) { throw new RuntimeException("Can't load KeyStore!!! " + e.getMessage()); } - } else { - this.keyStore.load(null, password.toCharArray()); - } - } catch (Exception e) { - } - } - - return this.keyStore; - } - - /** - * Opens and initializes the TrustStore. - */ - private KeyStore getTrustStore() { - if (null == this.trustStore) { - String fileName = JMeterUtils.getPropDefault("javax.net.ssl.trustStore", null); - System.setProperty("javax.net.ssl.trustStore", fileName); - - try { - if (fileName.endsWith(".iaik")) { - this.trustStore = KeyStore.getInstance("IAIKKeyStore", "IAIK"); - } - if (fileName.endsWith(".p12") || fileName.endsWith(".P12")) { - this.trustStore = KeyStore.getInstance("pkcs12"); - System.out.println("KeyStore Type: PKCS 12"); - System.setProperty("javax.net.ssl.keyStoreType", "pkcs12"); } else { - this.trustStore = KeyStore.getInstance("JKS"); - System.out.println("KeyStore Type: JKS"); + keyStore.load(null, password.toCharArray()); } } catch (Exception e) { - JOptionPane.showMessageDialog(GuiPackage.getInstance().getMainFrame(), - e, - JMeterUtils.getResString("ssl_error_title"), - JOptionPane.ERROR_MESSAGE); - this.trustStore = null; - throw new RuntimeException("TrustStore Problem"); } - try { - File initStore = new File(fileName); - - if (initStore.exists()) { - try { - this.trustStore.load(new FileInputStream(initStore), "changeit".toCharArray()); - } catch (Exception e) { - throw new RuntimeException("Can't load KeyStore!!! " + e.getMessage()); + X509Certificate[] certs = null; + PrivateKey key = null; + + if (keyStore == null) { + key = pkcsKey.getKeyBag().getPrivateKey(); + CertificateBag[] bags = pkcsKey.getCertificateBags(); + certs = new X509Certificate[bags.length]; + + for (int i = 0; i < bags.length; i++) { + certs[i] = bags[i].getCertificate(); + } + } else { + try { + Enumeration aliases = keyStore.aliases(); + while (aliases.hasMoreElements()) { + if (key != null) continue; + + String alias = (String) aliases.nextElement(); + + if (keyStore.isKeyEntry(alias)) { + key = (PrivateKey) keyStore.getKey(alias, password.toCharArray()); + Certificate[] keycerts = keyStore.getCertificateChain(alias); + certs = new X509Certificate[keycerts.length]; + + for (int i = 0; i < keycerts.length; i++) { + certs[i] = (X509Certificate) keycerts[i]; + } + } } - } else { - this.trustStore.load(null, "changeit".toCharArray()); + } catch (Exception e) { + e.printStackTrace(System.err); } - } catch (Exception e) { } + + this.identity = new KeyAndCert(certs, key); } - return this.trustStore; + return this.identity; } /** @@ -206,5 +215,15 @@ * our X509KeyManager so that we can choose our alias. */ protected IaikSSLManager(Provider sslProvider) { + SSLClientContext clientContext = new SSLClientContext(); + + if ("all".equalsIgnoreCase(JMeterUtils.getPropDefault("javax.net.debug", "none"))) { + clientContext.setDebugStream(System.err); + } + + clientContext.addClientCredentials(this.getKeyAndCert()); + + this.context = clientContext; + System.out.println("IaikSSLManager installed"); } }
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]