Load Keystore from Beanshell in Jmeter - jmeter

I'm trying to load a Keystore with multiple certificates from a Beanshell.
Here is my code :
import org.apache.jmeter.util.SSLManager;
setStrictJava(true);
String COMMON_PATH = vars.get("COMMON_PATH");
String KEY = "******";
String PATH = COMMON_PATH + "/keystore.jks";
System.setProperty("javax.net.ssl.keyStore",PATH);
System.setProperty("javax.net.ssl.keyStorePassword",KEY);
System.setProperty("https.use.cached.ssl.context","false");
SSLManager.getInstance().reset();
This code works but it only loads the first certificate of the Keystore .. which annoys me. How can I load the Keystore with every certificate?
Damien

The correct way of dealing with multiple SSL certificates residing in the keystore is using Keystore Configuration element like it's described in the How to Use Multiple Certificates When Load Testing Secure Websites article.
Also be aware that you can put your keystore path and password to the system.properties file so you won't have to go for scripting.
If you for any reason want to do this programmatically consider switching to JSR223 Test Elements and Groovy language

Related

Store and retreive RSA private key in Windows

I have a pretty simple scenario/requirement:
Generate RSA private/public key pair through OpenSSL or any online RSA key pair generator
Save the private key to the windows internal store (so it does not lay around as just a file somewhere
Create a PowerShell script, that looks into the store, locates the key, and uses it.
(basically, I will have a PS script, to which I send a 3rd party tool already encrypted password, and I expect that PS script to decrypt that password using a locally stored private key and use it on-the-fly)
This so far showed an unreachable goal, because:
I haven't found a way, how to import .pem file with the key
.cer file apparently does not contain the key
the only way (so far what I have found) how to import the key is conversion to .pfx file, which can be imported, BUT
.pfx file cannot be read as plain text - there seems to be no reasonable way from Powershell to locate the key and read it for usage in decryption
there is a module PSPKI, but it seems to accept the file and not the stored/installed certificate/key.
So anyone has any idea, how can I import a simple private key to Windows for later read-out from PowerShell for further usage?
Thank you!
Have a look at this class to load the PFX: https://learn.microsoft.com/en-us/dotnet/api/system.security.cryptography.x509certificates.x509certificate2?view=net-7.0
$cert = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2("c:\my.pfx", "password");
Next step is to open the store. After you checked which one fits best (machine or user) you can use X509Store to read and write there. Do not forget the Open method. When a certificate with private key (off) is added the key ist stored and the file can be deleted.

How to check and read my Master Key generated using DP API

The query is regarding the DP API functionality.
I am using DP API Protect and Unprotect method to encrypt my string with a secret entropy. As per the information available on internet , a Master key is generated by DP API initially which is stored at Appdata\roaming\Microsoft\protect[SID]\"mymasterkeyfile" .
On program execution , SID folder is generated on my system but I am not able to find master key file. I Don't know why?
I am new to this so not able to understand the issue.
Any help appreciated,Thanks..
It's a (hidden) system file so adapt your folder settings to make these visible ( probably only to admins). In the Console (as admin) use dir /A:HS [folder] to see the files, which have long random names.

OpenSSL public key for Firefox extension signing

I'm trying to bring back an old extension I made for Firefox 1.5 written in JavaScript. One of the changes introduced in Firefox 3.0 was the need for extension updates secured via either HTTPS or PKI. Since I can't use an SSL solution on my website, I need to use the PKI solution.
So, first up is generating the private and public keys. I was able to create CA and client (code signing) certificates using OpenSSL by following this guide. So, how I have two key and certificate pairs: ca.crt, ca.key, code.crt and code.key.
Now, I have to put the public key into the install.rdf's <em:updateKey> field. I did this with the command openssl -in code.key -outform DER -pubout and copied the resulting output (sans the ^-----.* lines) into my install.rdf. Now, the public key generated in this way is base64-encoded and ends with a couple equals signs. I haven't seen any examples that actually have these trailing characters. Is that OK, or did I pass the wrong options to OpenSSL?
Aside from this, using uhura to sign my update.rdf seems fairly straight-forward, but again there are no trailing =='s, which seems odd from the output I got via the OpenSSL command above.
Any help would be greatly appreciated!
I was able to get this working using a localhost webserver configuration. The OpenSSL command is the correct one to use in this case and the trailing padding is a coincidence, but it works when fetching updates.

Getting a web server certificate in ruby

I'm trying to write some ruby code to grab the Common Name (CN) value from a web server's SSL certificate but there doesn't seem to be any simple way to do this in ruby.
Well, I would beg to differ. It's documented well enough but not too many examples are available, which makes it a bit, but not too complicated :)
require 'openssl'
raw_cert = File.read (path_to_your_cert) # if your cert is in PEM or DER format
OR
raw_cert = OpenSSL::PKCS12.new(File.read(path_to_your_cert), your_pwd) # If you want to read a .p12 cert
cert = OpenSSL::X509::Certificate.new(raw_cert)
cert.subject
=> **************/CN=<Your Common Name>/***************
So you can parse cert.subject to find out the common name you need.
You can read more in-depth on SSL certs at http://ruby-doc.org/stdlib-2.0/libdoc/openssl/rdoc/OpenSSL/X509/Certificate.html

Initializing NSS using Certificate DB

I am writing a NPAPI plugin, from which i need to access firefox certificate store.
I have included the Gecko SDK and i want to initialize NSS with the default certificate DB.
I am unable to find on how to obtain the certificate DB path programmatically.
I found out the answer. It can be done only using xpcom library. But alternatively, the solution which i use currently is, i read the profile.ini from "%APPDATA%/fozilla/firefox". This file contains the profile directory path for all the profiles created. Also the current profile that is active will contain a property "default=1" . In this way the default path for the certificate DB could be obtained

Resources