apache
jmeter 5 cannot use key store with http sample while jmeter 4 can
leiyang (Bug 65440): I want to send https request with client certificate.
I use key store configuraton with my pkcs12 key.
In jmeter 5.4.1 with jdk 11, i can see in the log key successfully loaded, but https request does not use the key at all.
I tried same steps and configurations in jmeter 4.0,it worked.
I've attached both jmeter version plans.
I have posted all detailed information in stackoverflow question:
https://stackoverflow.com/questions/68288877/jmeter-5-set-client-tls-certificate-not-work
Created attachment jmeter4.jmx: jmeter4, working
jmeter4.jmx
<?xml version="1.0" encoding="UTF-8"?>
<jmeterTestPlan version="1.2" properties="4.0" jmeter="4.0 r1823414">
<hashTree>
<TestPlan guiclass="TestPlanGui" testclass="TestPlan" testname="Test Plan" enabled="true">
<stringProp name="TestPlan.comments"></stringProp>
<boolProp name="TestPlan.functional_mode">false</boolProp>
<boolProp name="TestPlan.tearDown_on_shutdown">true</boolProp>
<boolProp name="TestPlan.serialize_threadgroups">false</boolProp>
<elementProp name="TestPlan.user_defined_variables" elementType="Arguments" guiclass="ArgumentsPanel" testclass="Arguments" testname="User Defined Variables" enabled="true">
<collectionProp name="Arguments.arguments"/>
</elementProp>
<stringProp name="TestPlan.user_define_classpath"></stringProp>
</TestPlan>
<hashTree>
<Arguments guiclass="ArgumentsPanel" testclass="Arguments" testname="User Defined Variables" enabled="true">
<collectionProp name="Arguments.arguments">
<elementProp name="cert" elementType="Argument">
<stringProp name="Argument.name">cert</stringProp>
<stringProp name="Argument.value">per-tool001</stringProp>
<stringProp name="Argument.metadata">=</stringProp>
</elementProp>
</collectionProp>
</Arguments>
<hashTree/>
<KeystoreConfig guiclass="TestBeanGUI" testclass="KeystoreConfig" testname="Keystore Configuration" enabled="true">
<stringProp name="clientCertAliasVarName">cert</stringProp>
<stringProp name="endIndex">2</stringProp>
<stringProp name="preload">True</stringProp>
<stringProp name="startIndex">0</stringProp>
</KeystoreConfig>
<hashTree/>
<ThreadGroup guiclass="ThreadGroupGui" testclass="ThreadGroup" testname="Thread Group" enabled="true">
<stringProp name="ThreadGroup.on_sample_error">continue</stringProp>
<elementProp name="ThreadGroup.main_controller" elementType="LoopController" guiclass="LoopControlPanel" testclass="LoopController" testname="Loop Controller" enabled="true">
<boolProp name="LoopController.continue_forever">false</boolProp>
<stringProp name="LoopController.loops">2</stringProp>
</elementProp>
<stringProp name="ThreadGroup.num_threads">1</stringProp>
<stringProp name="ThreadGroup.ramp_time">1</stringProp>
<boolProp name="ThreadGroup.scheduler">false</boolProp>
<stringProp name="ThreadGroup.duration"></stringProp>
<stringProp name="ThreadGroup.delay"></stringProp>
</ThreadGroup>
<hashTree>
<HTTPSamplerProxy guiclass="HttpTestSampleGui" testclass="HTTPSamplerProxy" testname="HTTP Request lei" enabled="false">
<elementProp name="HTTPsampler.Arguments" elementType="Arguments" guiclass="HTTPArgumentsPanel" testclass="Arguments" testname="User Defined Variables" enabled="true">
<collectionProp name="Arguments.arguments">
<elementProp name="location" elementType="HTTPArgument">
<boolProp name="HTTPArgument.always_encode">false</boolProp>
<stringProp name="Argument.value">${cert}</stringProp>
<stringProp name="Argument.metadata">=</stringProp>
<boolProp name="HTTPArgument.use_equals">true</boolProp>
<stringProp name="Argument.name">location</stringProp>
</elementProp>
</collectionProp>
</elementProp>
<stringProp name="HTTPSampler.domain">leiyang.icu</stringProp>
<stringProp name="HTTPSampler.port">5001</stringProp>
<stringProp name="HTTPSampler.protocol">https</stringProp>
<stringProp name="HTTPSampler.contentEncoding"></stringProp>
<stringProp name="HTTPSampler.path">/home</stringProp>
<stringProp name="HTTPSampler.method">POST</stringProp>
<boolProp name="HTTPSampler.follow_redirects">true</boolProp>
<boolProp name="HTTPSampler.auto_redirects">false</boolProp>
<boolProp name="HTTPSampler.use_keepalive">false</boolProp>
<boolProp name="HTTPSampler.DO_MULTIPART_POST">false</boolProp>
<stringProp name="HTTPSampler.embedded_url_re"></stringProp>
<stringProp name="HTTPSampler.connect_timeout"></stringProp>
<stringProp name="HTTPSampler.response_timeout"></stringProp>
</HTTPSamplerProxy>
<hashTree/>
<HTTPSamplerProxy guiclass="HttpTestSampleGui" testclass="HTTPSamplerProxy" testname="HTTP Request oauth" enabled="true">
<elementProp name="HTTPsampler.Arguments" elementType="Arguments" guiclass="HTTPArgumentsPanel" testclass="Arguments" testname="User Defined Variables" enabled="true">
<collectionProp name="Arguments.arguments">
<elementProp name="grant_type" elementType="HTTPArgument">
<boolProp name="HTTPArgument.always_encode">false</boolProp>
<stringProp name="Argument.value">client_credentials</stringProp>
<stringProp name="Argument.metadata">=</stringProp>
<boolProp name="HTTPArgument.use_equals">true</boolProp>
<stringProp name="Argument.name">grant_type</stringProp>
</elementProp>
<elementProp name="client_id" elementType="HTTPArgument">
<boolProp name="HTTPArgument.always_encode">false</boolProp>
<stringProp name="Argument.value">per-tool001</stringProp>
<stringProp name="Argument.metadata">=</stringProp>
<boolProp name="HTTPArgument.use_equals">true</boolProp>
<stringProp name="Argument.name">client_id</stringProp>
</elementProp>
<elementProp name="scope" elementType="HTTPArgument">
<boolProp name="HTTPArgument.always_encode">false</boolProp>
<stringProp name="Argument.value">access:ark</stringProp>
<stringProp name="Argument.metadata">=</stringProp>
<boolProp name="HTTPArgument.use_equals">true</boolProp>
<stringProp name="Argument.name">scope</stringProp>
</elementProp>
</collectionProp>
</elementProp>
<stringProp name="HTTPSampler.domain">oauth-qa-arkauth-dev.onecloud.cerenceapi.com</stringProp>
<stringProp name="HTTPSampler.port">443</stringProp>
<stringProp name="HTTPSampler.protocol">https</stringProp>
<stringProp name="HTTPSampler.contentEncoding"></stringProp>
<stringProp name="HTTPSampler.path">/oauth2/mtls/token</stringProp>
<stringProp name="HTTPSampler.method">POST</stringProp>
<boolProp name="HTTPSampler.follow_redirects">true</boolProp>
<boolProp name="HTTPSampler.auto_redirects">false</boolProp>
<boolProp name="HTTPSampler.use_keepalive">false</boolProp>
<boolProp name="HTTPSampler.DO_MULTIPART_POST">false</boolProp>
<stringProp name="HTTPSampler.embedded_url_re"></stringProp>
<stringProp name="HTTPSampler.connect_timeout"></stringProp>
<stringProp name="HTTPSampler.response_timeout"></stringProp>
</HTTPSamplerProxy>
<hashTree/>
</hashTree>
<ResultCollector guiclass="ViewResultsFullVisualizer" testclass="ResultCollector" testname="View Results Tree" enabled="true">
<boolProp name="ResultCollector.error_logging">false</boolProp>
<objProp>
<name>saveConfig</name>
<value class="SampleSaveConfiguration">
<time>true</time>
<latency>true</latency>
<timestamp>true</timestamp>
<success>true</success>
<label>true</label>
<code>true</code>
<message>true</message>
<threadName>true</threadName>
<dataType>true</dataType>
<encoding>false</encoding>
<assertions>true</assertions>
<subresults>true</subresults>
<responseData>false</responseData>
<samplerData>false</samplerData>
<xml>false</xml>
<fieldNames>true</fieldNames>
<responseHeaders>false</responseHeaders>
<requestHeaders>false</requestHeaders>
<responseDataOnError>false</responseDataOnError>
<saveAssertionResultsFailureMessage>true</saveAssertionResultsFailureMessage>
<assertionsResultsToSave>0</assertionsResultsToSave>
<bytes>true</bytes>
<sentBytes>true</sentBytes>
<threadCounts>true</threadCounts>
<idleTime>true</idleTime>
<connectTime>true</connectTime>
</value>
</objProp>
<stringProp name="filename"></stringProp>
</ResultCollector>
<hashTree/>
</hashTree>
</hashTree>
</jmeterTestPlan>
Severity: normal OS: All
@FSchumacher (migrated from Bugzilla): Have you tried the old plan with a newer JMeter (but with old Java 8)?
Can you post jmeter.log files for the two runs? Maybe even with more logging enabled for http traffic and keystore logic?
Are you sure, that that you are using the same keystore for both runs? Can you post a listing of the keystore?
Sourabh Nigam (migrated from Bugzilla): Yes, Issue is still there in Jmeter 5.4.3, I am using .keystore which contain 10 alias, on Jmeter 4.x all keys I can able to access but on Jmeter 5.x.x accessing only 1 key.
Please fix ASAP or alternative I need to change in jmeter config.
thanks
@FSchumacher (migrated from Bugzilla): Can you provide the output of "keytool -list -keystore <the keystore file> -v"?
Sourabh Nigam (migrated from Bugzilla): Alias name: alias1 Creation date: 30-Nov-2021 Entry type: PrivateKeyEntry Certificate chain length: 3 Certificate[1]: Owner: UID=alias1 Issuer: O=Unipagos, OU=Users, CN=UserCA Serial number: 3f5e701294fbefa3 Valid from: Tue Nov 30 14:14:38 IST 2021 until: Sat Nov 30 14:14:38 IST 2024 Certificate fingerprints: SHA1: 3B:3F:BC:B8:7B:C3:29:52:77:E1:A1:D5:DB SHA256: 15:87:51:E3:D4::77:A4:0E:64:4B:4A:A8:82:D6:F6:A7:87:4E:A5:76:E7:B6:18:B5 Signature algorithm name: SHA256withECDSA Subject Public Key Algorithm: 256-bit EC key Version:
Sourabh Nigam (migrated from Bugzilla): Alias name: alias1 Creation date: 30-Nov-2021 Entry type: PrivateKeyEntry Certificate chain length: 3 Certificate[1]: Owner: UID=alias1 Issuer: O=Unipagos, OU=Users, CN=UserCA Serial number: 3f5e701294fbefa3 Valid from: Tue Nov 30 14:14:38 IST 2021 until: Sat Nov 30 14:14:38 IST 2024 Certificate fingerprints: SHA1: 3B:3F:BC:B8:7B:C3:29:52:77:E1:A1:D5:DB SHA256: 15:87:51:E3:D4::77:A4:0E:64:4B:4A:A8:82:D6:F6:A7:87:4E:A5:76:E7:B6:18:B5 Signature algorithm name: SHA256withECDSA Subject Public Key Algorithm: 256-bit EC key Version: 3
@FSchumacher (migrated from Bugzilla): Can you (still) provide jmeter.log (best with more logging eabled).
Also you stated that the keystore contained 10 keys, but your listing shows only one.
Do you test against the same server? Is it accepting elliptic curve keys?
@FSchumacher (migrated from Bugzilla): And could you check, whether you are hit by https://github.com/apache/jmeter/issues/5561 ?