jmeter-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Felix Schumacher <felix.schumac...@internetallee.de>
Subject Re: svn commit: r1847368 - in /jmeter/trunk: src/jorphan/org/apache/jorphan/exec/KeyToolUtils.java test/src/org/apache/jorphan/exec/TestKeyToolUtils.java xdocs/changes.xml
Date Thu, 29 Nov 2018 18:45:31 GMT

Am 29.11.18 um 19:22 schrieb Philippe Mouawad:
> Hello Felix,
> Did you see this:
>
> https://travis-ci.org/apache/jmeter/jobs/460932992
Yes, I have seen it and am trying (without success) to reproduce it 
locally with OpenJDK 8 Update 191.
>
> I am not sure it's related to this commit but looks like.

It started showing up with that release. But It could be triggered by 
the addition of a test case that actually tests the creation of a CA 
certificate.

Have you any idea?

Regards,

  Felix

>
> Regards
>
> On Sat, Nov 24, 2018 at 4:40 PM <fschumacher@apache.org> wrote:
>
>> Author: fschumacher
>> Date: Sat Nov 24 15:40:02 2018
>> New Revision: 1847368
>>
>> URL: http://svn.apache.org/viewvc?rev=1847368&view=rev
>> Log:
>> Use different cn and type of SAN extension when we are generating
>> certificates based on IP addresses.
>>
>> Bugzilla Id: 62940
>>
>> Modified:
>>      jmeter/trunk/src/jorphan/org/apache/jorphan/exec/KeyToolUtils.java
>>      jmeter/trunk/test/src/org/apache/jorphan/exec/TestKeyToolUtils.java
>>      jmeter/trunk/xdocs/changes.xml
>>
>> Modified:
>> jmeter/trunk/src/jorphan/org/apache/jorphan/exec/KeyToolUtils.java
>> URL:
>> http://svn.apache.org/viewvc/jmeter/trunk/src/jorphan/org/apache/jorphan/exec/KeyToolUtils.java?rev=1847368&r1=1847367&r2=1847368&view=diff
>>
>> ==============================================================================
>> --- jmeter/trunk/src/jorphan/org/apache/jorphan/exec/KeyToolUtils.java
>> (original)
>> +++ jmeter/trunk/src/jorphan/org/apache/jorphan/exec/KeyToolUtils.java Sat
>> Nov 24 15:40:02 2018
>> @@ -30,6 +30,7 @@ import java.util.List;
>>
>>   import org.apache.commons.io.FileUtils;
>>   import org.apache.commons.lang3.SystemUtils;
>> +import org.apache.commons.lang3.math.NumberUtils;
>>   import org.slf4j.Logger;
>>   import org.slf4j.LoggerFactory;
>>
>> @@ -281,8 +282,8 @@ public class KeyToolUtils {
>>
>>       private static void generateSignedCert(File keystore, String password,
>>               int validity, String alias, String subject) throws
>> IOException {
>> -        String dname = "cn=" + subject + ", o=JMeter Proxy (TEMPORARY
>> TRUST ONLY)";
>> -        String ext = "san=dns:" + subject;
>> +        String dname = "cn=" + guardSubjectName(subject) + ", o=JMeter
>> Proxy (TEMPORARY TRUST ONLY)";
>> +        String ext = "san=" + chooseExtension(subject);
>>           KeyToolUtils.genkeypair(keystore, alias, password, validity,
>> dname, ext);
>>           //rem generate cert for DOMAIN using CA and import it
>>
>> @@ -302,6 +303,34 @@ public class KeyToolUtils {
>>       }
>>
>>       /**
>> +     * The subject name of an certificate must not start with a number or
>> else the keytool will bark.
>> +     * To mitigate this prefix the argument with a word, if it starts
>> with a number.
>> +     *
>> +     * @param subject name of the host or an IP address
>> +     * @return a string that is safe to use as subject name
>> +     */
>> +    private static String guardSubjectName(String subject) {
>> +        if (NumberUtils.isDigits(subject.substring(0,1))) {
>> +            return "ip" + subject;
>> +        }
>> +        return subject;
>> +    }
>> +
>> +    /**
>> +     * The SAN (subject alternative name) includes the IP address or
>> hostname of the service, but the types
>> +     * are different for IP address and hostname.
>> +     *
>> +     * @param subject name of the host or its IP address
>> +     * @return prefixed extension
>> +     */
>> +    private static String chooseExtension(String subject) {
>> +        if (NumberUtils.isDigits(subject.substring(0,1))) {
>> +            return "ip:" + subject;
>> +        }
>> +        return "dns:" + subject;
>> +    }
>> +
>> +    /**
>>        * List the contents of a keystore
>>        *
>>        * @param keystore
>>
>> Modified:
>> jmeter/trunk/test/src/org/apache/jorphan/exec/TestKeyToolUtils.java
>> URL:
>> http://svn.apache.org/viewvc/jmeter/trunk/test/src/org/apache/jorphan/exec/TestKeyToolUtils.java?rev=1847368&r1=1847367&r2=1847368&view=diff
>>
>> ==============================================================================
>> --- jmeter/trunk/test/src/org/apache/jorphan/exec/TestKeyToolUtils.java
>> (original)
>> +++ jmeter/trunk/test/src/org/apache/jorphan/exec/TestKeyToolUtils.java
>> Sat Nov 24 15:40:02 2018
>> @@ -24,14 +24,35 @@ package org.apache.jorphan.exec;
>>
>>   import static org.junit.Assert.fail;
>>
>> +import java.io.File;
>>   import java.io.IOException;
>>   import java.util.ArrayList;
>>   import java.util.List;
>>
>> +import org.apache.commons.lang3.RandomStringUtils;
>> +import org.junit.After;
>> +import org.junit.Before;
>>   import org.junit.Test;
>>
>>   public class TestKeyToolUtils {
>>
>> +    private File keystore;
>> +    private String password = RandomStringUtils.randomAlphabetic(32);
>> +    private int validity = 1;
>> +
>> +    @Before
>> +    public void setup() throws IOException {
>> +        keystore = File.createTempFile("dummy-keystore", "jks");
>> +        keystore.deleteOnExit();
>> +        KeyToolUtils.generateProxyCA(keystore, password , validity );
>> +    }
>> +
>> +    @After
>> +    public void cleanup() {
>> +        if (keystore.exists()) {
>> +            keystore.delete();
>> +        }
>> +    }
>>
>>       /*
>>        * Check the assumption that a missing executable will generate
>> @@ -51,4 +72,15 @@ public class TestKeyToolUtils {
>>           } catch (IOException expected) {
>>           }
>>       }
>> +
>> +    @Test
>> +    public void testIPBasedCert() throws Exception {
>> +        KeyToolUtils.generateHostCert(keystore, password, "10.1.2.3",
>> validity);
>> +    }
>> +
>> +    @Test
>> +    public void testDNSNameBasedCert() throws Exception {
>> +        KeyToolUtils.generateHostCert(keystore, password,
>> "www.example.invalid", validity);
>> +    }
>> +
>>   }
>>
>> Modified: jmeter/trunk/xdocs/changes.xml
>> URL:
>> http://svn.apache.org/viewvc/jmeter/trunk/xdocs/changes.xml?rev=1847368&r1=1847367&r2=1847368&view=diff
>>
>> ==============================================================================
>> --- jmeter/trunk/xdocs/changes.xml [utf-8] (original)
>> +++ jmeter/trunk/xdocs/changes.xml [utf-8] Sat Nov 24 15:40:02 2018
>> @@ -149,6 +149,7 @@ of previous time slot as a base. Startin
>>       <li><bug>62785</bug><pr>400</pr>Incomplete search
path applied to the
>> filenames used in the upload functionality of the HTTP sampler. Implemented
>> by Artem Fedorov (artem.fedorov at blazemeter.com) and contributed by
>> BlazeMeter.</li>
>>       <li><bug>62842</bug>HTTP(S) Test Script Recorder: Brotli
compression
>> is not supported leading to "<code>Content Encoding Error</code>"</li>
>>       <li><bug>60424</bug>Hessian Burlap application: JMeter inserts
>> <code>0x0D</code> before <code>0x0A</code> automatically
(http binary post
>> data)</li>
>> +    <li><bug>62940</bug>Use different <code>cn</code>
and type of SAN
>> extension when we are generating certificates based on IP addresses.</li>
>>   </ul>
>>
>>   <h3>Other Samplers</h3>
>>
>>
>>

Mime
View raw message