I am trying to use Apache JMeter 3.3 to load test an internal website. I followed the Recording tutorial mentioned on the Jmeter site (Apache JMeter HTTP(S) Test Script Recorder). I have set the following in the JMeter system.properties file to use a keystore where I have a preloaded certificate for the internal website.
javax.net.ssl.keyStore
javax.net.ssl.keyStorePassword
When I start the recorder, I get the following error in the log.
2018-02-06 21:18:57,036 INFO o.a.j.u.SSLManager: KeyStore created OK
2018-02-06 21:18:57,036 INFO o.a.j.u.SSLManager: Total of 1 aliases loaded OK from keystore
2018-02-06 21:19:02,620 INFO o.a.j.p.h.p.ProxyControl: [56429] Creating entry aus5.mozilla.org in C:\Software\Apache\JMeter\apache-jmeter-3.3\bin\proxyserver.jks
2018-02-06 21:19:08,735 ERROR o.a.j.p.h.p.Proxy: [56429] Problem with keystore
java.io.IOException: Command failed, code: 1
keytool error (likely untranslated): java.security.cert.CertificateException: Fail to parse input stream
at org.apache.jorphan.exec.KeyToolUtils.runNativeCommand(KeyToolUtils.java:338) ~[jorphan.jar:3.3 r1808647]
at org.apache.jorphan.exec.KeyToolUtils.keytool(KeyToolUtils.java:402) ~[jorphan.jar:3.3 r1808647]
at org.apache.jorphan.exec.KeyToolUtils.generateSignedCert(KeyToolUtils.java:299) ~[jorphan.jar:3.3 r1808647]
at org.apache.jorphan.exec.KeyToolUtils.generateHostCert(KeyToolUtils.java:276) ~[jorphan.jar:3.3 r1808647]
at org.apache.jmeter.protocol.http.proxy.ProxyControl.updateKeyStore(ProxyControl.java:1563) ~[ApacheJMeter_http.jar:3.3 r1808647]
at org.apache.jmeter.protocol.http.proxy.Proxy.getSSLSocketFactory(Proxy.java:333) [ApacheJMeter_http.jar:3.3 r1808647]
at org.apache.jmeter.protocol.http.proxy.Proxy.startSSL(Proxy.java:440) [ApacheJMeter_http.jar:3.3 r1808647]
at org.apache.jmeter.protocol.http.proxy.Proxy.run(Proxy.java:202) [ApacheJMeter_http.jar:3.3 r1808647]
2018-02-06 21:19:08,735 WARN o.a.j.p.h.p.Proxy: [56429] Unable to negotiate SSL transaction, no keystore?
2018-02-06 21:19:08,735 ERROR o.a.j.p.h.p.Proxy: [56429] Exception when processing sample
java.io.IOException: Unable to negotiate SSL transaction, no keystore?
at org.apache.jmeter.protocol.http.proxy.Proxy.startSSL(Proxy.java:457) ~[ApacheJMeter_http.jar:3.3 r1808647]
at org.apache.jmeter.protocol.http.proxy.Proxy.run(Proxy.java:202) [ApacheJMeter_http.jar:3.3 r1808647]
2018-02-06 21:19:08,735 WARN o.a.j.p.h.p.Proxy: [56429] Exception while writing error
java.net.SocketException: Unrecognized Windows Sockets error: 0: socket write error
at java.net.SocketOutputStream.socketWrite(SocketOutputStream.java:120) ~[?:1.8.0-internal]
at java.net.SocketOutputStream.write(SocketOutputStream.java:143) ~[?:1.8.0-internal]
at java.io.DataOutputStream.writeBytes(DataOutputStream.java:287) ~[?:1.8.0-internal]
at org.apache.jmeter.protocol.http.proxy.Proxy.writeErrorToClient(Proxy.java:574) [ApacheJMeter_http.jar:3.3 r1808647]
at org.apache.jmeter.protocol.http.proxy.Proxy.run(Proxy.java:267) [ApacheJMeter_http.jar:3.3 r1808647]
2018-02-06 21:21:04,050 INFO o.a.j.r.ResultCollector: Shutdown hook started
2018-02-06 21:21:04,065 INFO o.a.j.r.ResultCollector: Shutdown hook ended
Please advise why this strange keystore error is coming up.
Most likely you have clashing configurations, JMeter's proxyserver.jks
normally doesn't require any additional setup in system.properties, default configuration should work just fine.
Just in case you need to amend JMeter's keystore configuration for any reason be aware that it is controlled via the following properties:
#---------------------------------------------------------------------------
# Test Script Recorder certificate configuration
#---------------------------------------------------------------------------
#proxy.cert.directory=<JMeter bin directory>
#proxy.cert.file=proxyserver.jks
#proxy.cert.type=JKS
#proxy.cert.keystorepass=password
#proxy.cert.keypassword=password
#proxy.cert.factory=SunX509
# define this property if you wish to use your own keystore
#proxy.cert.alias=<none>
# The default validity for certificates created by JMeter
#proxy.cert.validity=7
# Use dynamic key generation (if supported by JMeter/JVM)
# If false, will revert to using a single key with no certificate
#proxy.cert.dynamic_keys=true
The recommended way of overriding these properties is using user.properties file.
References:
Test Script Recorder certificate configuration
Configuring JMeter
Recording HTTPS Traffic with JMeter's Proxy Server
Related
I have a JBoss 7.4.0 installation running in domain mode on a RHEL 7 platform. The JDK version is java version "15.0.2" 2021-01-19
Java(TM) SE Runtime Environment (build 15.0.2+7-27)
I am using the Jboss documentation How to Configure Server Security, specifically section 2.5: Configuring SSL/TLS for the legacy core management authentication mechanism. I am setting up Two-Way SSL/TLS.
I create a keystore, generate key pairs, export and import certificates. The storetype is JCEKS. (I have also tried using PCKS12 and JKS, same issue)
When I try to start the JBoss server I see the following error:
06:47:41,216 INFO [org.jboss.modules] (main) JBoss Modules version 1.11.0.Final-redhat-00001
06:47:41,498 INFO [org.jboss.threads] (main) JBoss Threads version 2.4.0.Final-redhat-00001
06:47:41,514 INFO [org.jboss.as.process.Host Controller.status] (main) WFLYPC0018: Starting process 'Host Controller'
[Host Controller] 06:47:41,982 INFO [org.jboss.modules] (main) JBoss Modules version 1.11.0.Final-redhat-00001
...
[Host Controller] 06:47:43,848 WARN [org.jboss.as.domain.management.security] (MSC service thread 1-1) WFLYDM0111: Keystore /u01/redhat/jboss/domain_74/domain/configuration/application.keystore not found, it will be auto generated on first use with a self signed certificate for host localhost
[Host Controller] 06:47:43,851 INFO [org.jboss.remoting] (MSC service thread 1-3) JBoss Remoting version 5.0.20.SP1-redhat-00001
[Host Controller] 06:47:43,852 ERROR [org.jboss.msc.service.fail] (MSC service thread 1-1) MSC000001: Failed to start service org.wildfly.core.management.security.realm.CertificateRealm.key-manager: org.jboss.msc.service.StartException in service org.wildfly.core.management.security.realm.CertificateRealm.key-manager: Failed to start service
[Host Controller] at org.jboss.msc#1.4.12.Final-redhat-00001//org.jboss.msc.service.ServiceControllerImpl$StartTask.execute(ServiceControllerImpl.java:1731)
...
[Host Controller] Caused by: java.lang.IllegalStateException: org.jboss.msc.service.StartException in anonymous service: WFLYDM0018: Unable to start service
...
[Host Controller] Caused by: java.io.IOException: Invalid keystore format
So my understanding is the issue is with the keystore format, yet if I use another keystore format I get the same issue.
And, when I run the following command I get success:
./keytool -list -keystore $EAP_HOME/vault/h1vault.jceks
Enter keystore password:
Keystore type: JCEKS
Keystore provider: SunJCE
Your keystore contains 3 entries
h1server_alias, Sep 20, 2022, PrivateKeyEntry,
Certificate fingerprint (SHA-256): 58:58:36:82:EE:B5:88:BB:AF:59:F6:17:F2:9B:D3:29:D6:CC:DD:02:04:E5:3B:50:8A:70:AB:5C:85:59:DD:25
h1vault, Sep 20, 2022, SecretKeyEntry,
host2_alias, Sep 20, 2022, trustedCertEntry,
Certificate fingerprint (SHA-256): 62:07:76:CB:B7:B8:9C:89:6D:36:82:8B:5B:8A:E9:7E:8E:6A:23:8E:51:56:03:B9:F9:98:D3:DA:D4:53:B5:57
I would expect this command to fail if the keystore format was incorrect.
I have read all sorts of threads and so on about this but cannot find an answer.
Appreciate if anyone can suggest possible solutions.
Thanks
When I run run-nifi.bat it pops up for a split second but then auto closes. I don't really understand this, I just need it for a university class and it hadn't been properly explained, so I'm just trying on my own really.
I get this in my nifi-app.log:
2021-05-29 17:07:30,179 INFO [main] org.apache.nifi.NiFi Launching NiFi...
2021-05-29 17:07:30,450 INFO [main] org.apache.nifi.security.kms.CryptoUtils Determined default nifi.properties path to be 'D:\SYSTEM\Downloads\nifi-1.13.2-bin\nifi-1.13.2\.\conf\nifi.properties'
2021-05-29 17:07:30,454 INFO [main] o.a.nifi.properties.NiFiPropertiesLoader Loaded 188 properties from D:\SYSTEM\Downloads\nifi-1.13.2-bin\nifi-1.13.2\.\conf\nifi.properties
2021-05-29 17:07:30,465 INFO [main] org.apache.nifi.NiFi Loaded 188 properties
2021-05-29 17:07:30,705 INFO [main] org.apache.nifi.BootstrapListener Started Bootstrap Listener, Listening for incoming requests on port 63487
2021-05-29 17:07:30,711 ERROR [main] org.apache.nifi.NiFi Failure to launch NiFi due to java.net.ConnectException: Connection refused: connect
java.net.ConnectException: Connection refused: connect
at java.base/sun.nio.ch.Net.connect0(Native Method)
at java.base/sun.nio.ch.Net.connect(Net.java:576)
at java.base/sun.nio.ch.Net.connect(Net.java:565)
at java.base/sun.nio.ch.NioSocketImpl.connect(NioSocketImpl.java:588)
at java.base/java.net.SocksSocketImpl.connect(SocksSocketImpl.java:333)
at java.base/java.net.Socket.connect(Socket.java:645)
at java.base/java.net.Socket.connect(Socket.java:595)
at org.apache.nifi.BootstrapListener.sendCommand(BootstrapListener.java:102)
at org.apache.nifi.BootstrapListener.start(BootstrapListener.java:74)
at org.apache.nifi.NiFi.<init>(NiFi.java:102)
at org.apache.nifi.NiFi.<init>(NiFi.java:71)
at org.apache.nifi.NiFi.main(NiFi.java:303)
2021-05-29 17:07:30,712 INFO [Thread-0] org.apache.nifi.NiFi Initiating shutdown of Jetty web server...
2021-05-29 17:07:30,712 INFO [Thread-0] org.apache.nifi.NiFi Jetty web server shutdown completed (nicely or otherwise).
I've tried editing the web properties in the config files in case the default was wrong. Right now it's on, but the errors are the same:
nifi.web.http.host=localhost
nifi.web.http.port=9090
nifi.web.http.network.interface.default=
I have Windows 10 Home Edition.
NiFi requires Java 8 or Java 11 to run. So your environment variables should point to the correct directory with Java 8 or Java 11.
Have you tried setting the JAVA_HOME environment variable? I would recommend checking the config files and telling the configs where to find the Java installation
You might be missing URL ACL
Maybe you can try below command:
netsh http add urlacl url=http://computername:port/ user=username
Source: https://serverfault.com/a/246798/191420
Is there any way to generate script using web socket protocol?
I want do performance testing for one of my project. that project have multi protocols. like web http/html and web socket.
How can i generate the script for web socket protocol.
If i tried to generate script i were got below error
2019-03-27 16:49:24,712 WARN o.a.j.p.h.p.Proxy: [58109] Unable to negotiate SSL transaction, no keystore?
2019-03-27 16:49:24,728 ERROR o.a.j.p.h.p.Proxy: [58109] Exception when processing sample
java.io.IOException: Unable to negotiate SSL transaction, no keystore?
at org.apache.jmeter.protocol.http.proxy.Proxy.startSSL(Proxy.java:446) ~[ApacheJMeter_http.jar:4.0 r1823414]
at org.apache.jmeter.protocol.http.proxy.Proxy.run(Proxy.java:194) [ApacheJMeter_http.jar:4.0 r1823414]
2019-03-27 16:49:24,728 WARN o.a.j.p.h.p.Proxy: [58109] Exception while writing error
java.net.SocketException: Software caused connection abort: socket write error
at java.net.SocketOutputStream.socketWrite0(Native Method) ~[?:1.8.0_191]
at java.net.SocketOutputStream.socketWrite(Unknown Source) ~[?:1.8.0_191]
at java.net.SocketOutputStream.write(Unknown Source) ~[?:1.8.0_191]
at java.io.DataOutputStream.writeBytes(Unknown Source) ~[?:1.8.0_191]
at org.apache.jmeter.protocol.http.proxy.Proxy.writeErrorToClient(Proxy.java:561) [ApacheJMeter_http.jar:4.0 r1823414]
at org.apache.jmeter.protocol.http.proxy.Proxy.run(Proxy.java:258) [ApacheJMeter_http.jar:4.0 r1823414]
2019-03-27 16:49:24,728 INFO o.a.j.p.h.p.ProxyControl: [58110] Creating entry web.qa.np.1shift.io in D:\apache-jmeter-4.0\apache-jmeter-4.0\bin\proxyserver.jks
2019-03-27 16:49:25,566 ERROR o.a.j.p.h.p.Proxy: [58110] Problem with keystore
java.io.IOException: >> keytool error: java.lang.RuntimeException: java.io.IOException: DNSName components must begin with a letter
As per RFC-1034 domain names must begin with a letter so my expectation is that you're trying to record an IP address or a domain which starts with a digit or something weird.
There are following workarounds:
Use hosts file in order to give the host you're trying to record an alias which will not be in conflict with the aforementioned RFC-1034
Use JMeter Chrome Extension as an alternative to JMeter's HTTP(S) Test Script Recorder
In any case I don't think you will be able to record WebSocket protocol, although it is HTTP-based but it's a different beast which cannot be handled by JMeter's HTTP Request samplers, you will have to mimic WebSocket traffic using JMeter WebSocket Samplers by Peter Doornbosch
I have been trying to launch NiFi, but everytime I do so I get the following error:
2019-03-06 18:53:46,935 ERROR [main] org.apache.nifi.NiFi Failure to
launch NiFi due to java.lang.IllegalArgumentException:
java.security.NoSuchAlgorithmException: md5 MessageDigest not
available java.lang.IllegalArgumentException:
java.security.NoSuchAlgorithmException: md5 MessageDigest not
available
at org.apache.nifi.nar.NarUnpacker.calculateMd5sum(NarUnpacker.java:419)
at org.apache.nifi.nar.NarUnpacker.unpackNar(NarUnpacker.java:228)
at org.apache.nifi.nar.NarUnpacker.unpackNars(NarUnpacker.java:123)
at org.apache.nifi.NiFi.(NiFi.java:128)
at org.apache.nifi.NiFi.(NiFi.java:71)
at org.apache.nifi.NiFi.main(NiFi.java:296) Caused by: java.security.NoSuchAlgorithmException: md5 MessageDigest not
available
at sun.security.jca.GetInstance.getInstance(GetInstance.java:159)
at java.security.Security.getImpl(Security.java:695)
at java.security.MessageDigest.getInstance(MessageDigest.java:167)
at org.apache.nifi.nar.NarUnpacker.calculateMd5sum(NarUnpacker.java:407)
... 5 common frames omitted 2019-03-06 18:53:46,939 INFO [Thread-1] org.apache.nifi.NiFi Initiating shutdown of Jetty web
server... 2019-03-06 18:53:46,940 INFO [Thread-1] org.apache.nifi.NiFi
Jetty web server shutdown completed (nicely or otherwise).
I understand this is coming from "calculateMd5sum " function that calculates md5 sum of a specified file. However, I have made no changes to any of Nars neither have I added any custom nars. The same instance did launch before.
I have also tried to start afresh by extracting the setup again, however I face the same error. I fail to understand why the issue is coming up all of a sudden. Please help!
I got it.
My java home pointed to "C:\Program Files\Java\jdk1.8.0_65"
changed the path to "C:\Program Files (x86)\Java\jre1.8.0_121"
It works fine now.
Thanks #BryanBende
I am working on a project that re-uses https://github.com/vdenotaris/spring-boot-security-saml-sample to integrate with Azure AD as IDP.
The integration went pretty smoothly. The only thing I couldn't fix was metadata trust check.
According to https://docs.spring.io/autorepo/docs/spring-security-saml/1.0.x/reference/html/chapter-idp-guide.html
it's recommended to set metadataTrustCheck to false to skip signature validation
However, I'd like to ask if it's possible to use metadata trust check with Azure.
To recreate, set IDP metadata url to
https://login.microsoftonline.com/sample.onmicrosoft.com/FederationMetadata/2007-06/FederationMetadata.xml
set metadataTrustCheck to true for WebSecurityConfig#extendedMetadataProvider
and import login.microsoftonline.com SSL cert into samlKeystore.jks
2018-01-23 09:58:05.450 DEBUG 9924 --- [localhost-startStop-1] o.o.xml.signature.SignatureValidator : Signature validated with key from supplied credential
2018-01-23 09:58:05.451 DEBUG 9924 --- [localhost-startStop-1] o.o.x.s.impl.BaseSignatureTrustEngine : Signature validation using candidate credential was successful
2018-01-23 09:58:05.451 DEBUG 9924 --- [localhost-startStop-1] o.o.x.s.impl.BaseSignatureTrustEngine : Successfully verified signature using KeyInfo-derived credential
2018-01-23 09:58:05.452 DEBUG 9924 --- [localhost-startStop-1] o.o.x.s.impl.BaseSignatureTrustEngine : Attempting to establish trust of KeyInfo-derived credential
2018-01-23 09:58:05.452 DEBUG 9924 --- [localhost-startStop-1] o.x.s.x.BasicX509CredentialNameEvaluator : Supplied trusted names are null or empty, skipping name evaluation
2018-01-23 09:58:05.452 DEBUG 9924 --- [localhost-startStop-1] o.s.s.s.t.MetadataCredentialResolver : Attempting PKIX path validation on untrusted credential: [subjectName='CN=accounts.accesscontrol.windows.net']
2018-01-23 09:58:05.458 TRACE 9924 --- [localhost-startStop-1] o.s.s.s.t.MetadataCredentialResolver : Building certificate path using default security provider
2018-01-23 09:58:05.466 TRACE 9924 --- [localhost-startStop-1] o.s.s.s.t.MetadataCredentialResolver : PKIX path construction failed for untrusted credential: [subjectName='CN=accounts.accesscontrol.windows.net']
sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.provider.certpath.SunCertPathBuilder.build(Unknown Source) ~[na:1.8.0_161]
at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(Unknown Source) ~[na:1.8.0_161]
at java.security.cert.CertPathBuilder.build(Unknown Source) ~[na:1.8.0_161]
at org.springframework.security.saml.trust.CertPathPKIXTrustEvaluator.validate(CertPathPKIXTrustEvaluator.java:85) ~[spring-security-saml2-core-1.0.3.RELEASE.jar!/:1.0.3.RELEASE]
The issue doesn't happen with ssocircle metadata https://idp.ssocircle.com/idp-meta.xml
The certificate used to sign your metadata seems different from the one at login.microsoftonline.com which you imported.
See Signature trust establishment failed for SAML metadata entry