Handle ssl on the assumption that server certificate is always valid.

mqtt_jmeter/src/main/java/net/xmeter/AcceptAllTrustManager.java

@@ -0,0 +1,25 @@
+package net.xmeter;
+
+import java.security.cert.CertificateException;
+import java.security.cert.X509Certificate;
+
+import javax.net.ssl.X509TrustManager;
+
+public class AcceptAllTrustManager implements X509TrustManager {
+
+	@Override
+	public void checkClientTrusted(X509Certificate[] chain, String authType) throws CertificateException {
+
+	}
+
+	@Override
+	public void checkServerTrusted(X509Certificate[] chain, String authType) throws CertificateException {
+
+	}
+
+	@Override
+	public X509Certificate[] getAcceptedIssuers() {
+		return null;
+	}
+
+}

mqtt_jmeter/src/main/java/net/xmeter/AcceptAllTrustManagerFactory.java

@@ -0,0 +1,61 @@
+package net.xmeter;
+
+import java.security.InvalidAlgorithmParameterException;
+import java.security.KeyStore;
+import java.security.KeyStoreException;
+import java.security.Provider;
+import java.security.cert.X509Certificate;
+
+import javax.net.ssl.ManagerFactoryParameters;
+import javax.net.ssl.TrustManager;
+import javax.net.ssl.TrustManagerFactory;
+import javax.net.ssl.TrustManagerFactorySpi;
+import javax.net.ssl.X509TrustManager;
+
+public class AcceptAllTrustManagerFactory extends TrustManagerFactory {
+
+	private static final Provider PROVIDER = new Provider("", 0.0, "") {
+		private static final long serialVersionUID = -2226165055935321223L;
+	};
+
+	private AcceptAllTrustManagerFactory() {
+		super(AcceptAllTrustManagerFactorySpi.getInstance(), PROVIDER, "");
+	}
+
+	public static final TrustManagerFactory getInstance() {
+		return new AcceptAllTrustManagerFactory();
+	}
+
+	static final class AcceptAllTrustManagerFactorySpi extends TrustManagerFactorySpi {
+
+		public static final AcceptAllTrustManagerFactorySpi getInstance() {
+			return new AcceptAllTrustManagerFactorySpi();
+		}
+
+		@Override
+		protected TrustManager[] engineGetTrustManagers() {
+			System.out.println("!! get trust managers (X509)");
+			return new TrustManager[] { new X509TrustManager() {
+				public X509Certificate[] getAcceptedIssuers() {
+					return null;
+				}
+
+				public void checkClientTrusted(X509Certificate[] certs, String authType) {
+				}
+
+				public void checkServerTrusted(X509Certificate[] certs, String authType) {
+				}
+			} };
+		}
+
+		@Override
+		protected void engineInit(KeyStore ks) throws KeyStoreException {
+		}
+
+		@Override
+		protected void engineInit(ManagerFactoryParameters spec) throws InvalidAlgorithmParameterException {
+		}
+
+	}
+
+}

mqtt_jmeter/src/main/java/net/xmeter/Util.java

@@ -5,16 +5,13 @@
 import java.io.InputStream;
 import java.security.KeyStore;
 import java.security.SecureRandom;
-import java.security.cert.X509Certificate;
 import java.util.UUID;
 import java.util.logging.Logger;
 
+import javax.net.ssl.KeyManagerFactory;
 import javax.net.ssl.SSLContext;
 import javax.net.ssl.TrustManager;
-import javax.net.ssl.X509TrustManager;
 
-import org.apache.http.conn.ssl.TrustSelfSignedStrategy;
-import org.apache.http.ssl.SSLContexts;
 import org.apache.jmeter.services.FileServer;
 
 import net.xmeter.samplers.AbstractMQTTSampler;
@@ -40,37 +37,32 @@ public static String generateClientId(String prefix) {
 
 	public static SSLContext getContext(AbstractMQTTSampler sampler) throws Exception {
 		if (!sampler.isDualSSLAuth()) {
+			logger.info("Configured with non-dual SSL.");
 			SSLContext sslContext = SSLContext.getInstance("TLSv1.2");
-			sslContext.init(null, new TrustManager[] { new X509TrustManager() {
-				public X509Certificate[] getAcceptedIssuers() {
-					return null;
-				}
-
-				public void checkClientTrusted(X509Certificate[] certs, String authType) {
-				}
-
-				public void checkServerTrusted(X509Certificate[] certs, String authType) {
-				}
-			} }, new SecureRandom());
+			sslContext.init(null, new TrustManager[] {new AcceptAllTrustManager()}, new SecureRandom());
 			return sslContext;
 		} else {
-			logger.info("Configured with dual SSL, trying to load key files.");
-			String KEYSTORE_PASS = sampler.getKeyStorePassword();
+			logger.info("Configured with dual SSL, trying to load client certification.");
+//			String KEYSTORE_PASS = sampler.getKeyStorePassword();
 			String CLIENTCERT_PASS = sampler.getClientCertPassword();
 
-			File theFile1 = getKeyStoreFile(sampler);
+//			File theFile1 = getKeyStoreFile(sampler);
 			File theFile2 = getClientCertFile(sampler);
 
-			try(InputStream is_cacert = new FileInputStream(theFile1); InputStream is_client = new FileInputStream(theFile2)) {
-				KeyStore tks = KeyStore.getInstance(KeyStore.getDefaultType()); // jks
-				tks.load(is_cacert, KEYSTORE_PASS.toCharArray());
+			try(/*InputStream is_cacert = new FileInputStream(theFile1);*/InputStream is_client = new FileInputStream(theFile2)) {
+//				KeyStore tks = KeyStore.getInstance(KeyStore.getDefaultType()); // jks
+//				tks.load(is_cacert, KEYSTORE_PASS.toCharArray());
 
 				KeyStore cks = KeyStore.getInstance("PKCS12");
 				cks.load(is_client, CLIENTCERT_PASS.toCharArray());
 
-				SSLContext sslContext = SSLContexts.custom().loadTrustMaterial(tks, new TrustSelfSignedStrategy()) // use it to customize
-						.loadKeyMaterial(cks, CLIENTCERT_PASS.toCharArray()) // load client certificate
-						.build();
+				SSLContext sslContext = SSLContext.getInstance("TLSv1.2");
+
+				final KeyManagerFactory kmfactory = KeyManagerFactory.getInstance(
+		                KeyManagerFactory.getDefaultAlgorithm());
+		        kmfactory.init(cks, CLIENTCERT_PASS.toCharArray());
+
+				sslContext.init(kmfactory.getKeyManagers(), new TrustManager[] {new AcceptAllTrustManager()}, new SecureRandom());
 				return sslContext;
 			}
 		}

mqtt_jmeter/src/main/java/net/xmeter/gui/CommonConnUI.java

@@ -45,15 +45,15 @@ public class CommonConnUI implements ChangeListener, ActionListener, Constants{
 	private JCheckBox dualAuth = new JCheckBox("Dual SSL authentication");
 	private JLabeledTextField wsPath = new JLabeledTextField("WS Path: ", 10);
 
-	private final JLabeledTextField tksFilePath = new JLabeledTextField("Trust Key Store(*.jks):       ", 25);
+//	private final JLabeledTextField tksFilePath = new JLabeledTextField("Trust Key Store(*.jks):       ", 25);
 	private final JLabeledTextField ccFilePath = new JLabeledTextField("Client Certification(*.p12):", 25);
 
-	private final JLabeledTextField tksPassword = new JLabeledTextField("Secret:", 10);
+//	private final JLabeledTextField tksPassword = new JLabeledTextField("Secret:", 10);
 	private final JLabeledTextField ccPassword = new JLabeledTextField("Secret:", 10);
 
-	private JButton tksBrowseButton;
+//	private JButton tksBrowseButton;
 	private JButton ccBrowseButton;
-	private static final String TKS_BROWSE = "tks_browse";
+//	private static final String TKS_BROWSE = "tks_browse";
 	private static final String CC_BROWSE = "cc_browse";
 
 	public final JLabeledTextField connNamePrefix = new JLabeledTextField("ClientId:", 8);
@@ -155,20 +155,20 @@ public JPanel createProtocolPanel() {
 		GridBagConstraints c = new GridBagConstraints();
 		c.anchor = GridBagConstraints.SOUTHWEST;
 
-		c.gridx = 0; c.gridy = 0; c.gridwidth = 2;
-		tksFilePath.setVisible(false);
-		panel.add(tksFilePath, c);
-
-		c.gridx = 2; c.gridy = 0; c.gridwidth = 1;
-		tksBrowseButton = new JButton(JMeterUtils.getResString("browse"));
-		tksBrowseButton.setActionCommand(TKS_BROWSE);
-		tksBrowseButton.addActionListener(this);
-		tksBrowseButton.setVisible(false);
-		panel.add(tksBrowseButton, c);
-
-		c.gridx = 3; c.gridy = 0; c.gridwidth = 2;
-		tksPassword.setVisible(false);
-		panel.add(tksPassword, c);
+//		c.gridx = 0; c.gridy = 0; c.gridwidth = 2;
+//		tksFilePath.setVisible(false);
+//		panel.add(tksFilePath, c);
+//
+//		c.gridx = 2; c.gridy = 0; c.gridwidth = 1;
+//		tksBrowseButton = new JButton(JMeterUtils.getResString("browse"));
+//		tksBrowseButton.setActionCommand(TKS_BROWSE);
+//		tksBrowseButton.addActionListener(this);
+//		tksBrowseButton.setVisible(false);
+//		panel.add(tksBrowseButton, c);
+//		
+//		c.gridx = 3; c.gridy = 0; c.gridwidth = 2;
+//		tksPassword.setVisible(false);
+//		panel.add(tksPassword, c);
 
 		//c.weightx = 0.0;
 		c.gridx = 0; c.gridy = 1; c.gridwidth = 2;
@@ -195,10 +195,11 @@ public JPanel createProtocolPanel() {
 	@Override
 	public void actionPerformed(ActionEvent e) {
 		String action = e.getActionCommand();
-		if(TKS_BROWSE.equals(action)) {
-			String path = browseAndGetFilePath();
-			tksFilePath.setText(path);
-		}else if(CC_BROWSE.equals(action)) {
+//		if(TKS_BROWSE.equals(action)) {
+//			String path = browseAndGetFilePath();
+//			tksFilePath.setText(path);
+//		}else 
+		if(CC_BROWSE.equals(action)) {
 			String path = browseAndGetFilePath();
 			ccFilePath.setText(path);
 		}
@@ -219,16 +220,16 @@ private String browseAndGetFilePath() {
 	public void stateChanged(ChangeEvent e) {
 		if(e.getSource() == dualAuth) {
 			if(dualAuth.isSelected()) {
-				tksFilePath.setVisible(true);
-				tksBrowseButton.setVisible(true);
-				tksPassword.setVisible(true);
+//				tksFilePath.setVisible(true);
+//				tksBrowseButton.setVisible(true);
+//				tksPassword.setVisible(true);
 				ccFilePath.setVisible(true);
 				ccBrowseButton.setVisible(true);
 				ccPassword.setVisible(true);
 			} else {
-				tksFilePath.setVisible(false);
-				tksBrowseButton.setVisible(false);
-				tksPassword.setVisible(false);
+//				tksFilePath.setVisible(false);
+//				tksBrowseButton.setVisible(false);
+//				tksPassword.setVisible(false);
 				ccFilePath.setVisible(false);
 				ccBrowseButton.setVisible(false);
 				ccPassword.setVisible(false);
@@ -286,8 +287,8 @@ public void configure(AbstractMQTTSampler sampler) {
 			dualAuth.setVisible(true);
 			dualAuth.setSelected(sampler.isDualSSLAuth());	
 		}
-		tksFilePath.setText(sampler.getKeyStoreFilePath());
-		tksPassword.setText(sampler.getKeyStorePassword());
+//		tksFilePath.setText(sampler.getKeyStoreFilePath());
+//		tksPassword.setText(sampler.getKeyStorePassword());
 		ccFilePath.setText(sampler.getClientCertFilePath());
 		ccPassword.setText(sampler.getClientCertPassword());
 
@@ -319,8 +320,8 @@ public void setupSamplerProperties(AbstractMQTTSampler sampler) {
 		sampler.setProtocol(protocols.getText());
 		sampler.setWsPath(wsPath.getText());
 		sampler.setDualSSLAuth(dualAuth.isSelected());
-		sampler.setKeyStoreFilePath(tksFilePath.getText());
-		sampler.setKeyStorePassword(tksPassword.getText());
+//		sampler.setKeyStoreFilePath(tksFilePath.getText());
+//		sampler.setKeyStorePassword(tksPassword.getText());
 		sampler.setClientCertFilePath(ccFilePath.getText());
 		sampler.setClientCertPassword(ccPassword.getText());
 
@@ -356,8 +357,8 @@ public void clearUI() {
 
 		dualAuth.setSelected(false);
 		wsPath.setText("");
-		tksFilePath.setText("");
-		tksPassword.setText("");
+//		tksFilePath.setText("");
+//		tksPassword.setText("");
 		ccFilePath.setText("");
 		ccPassword.setText("");
 

mqtt_jmeter/src/main/java/net/xmeter/samplers/mqtt/hivemq/HiveMQTTFactory.java

@@ -1,23 +1,26 @@
 package net.xmeter.samplers.mqtt.hivemq;
 
+import static net.xmeter.Constants.HIVEMQ_MQTT_CLIENT_NAME;
+
 import java.io.File;
 import java.util.Collections;
 import java.util.List;
 import java.util.logging.Logger;
 
+import javax.net.ssl.TrustManagerFactory;
+
 import com.hivemq.client.mqtt.MqttClientSslConfig;
 import com.hivemq.client.mqtt.MqttClientSslConfigBuilder;
 import com.hivemq.client.util.KeyStoreUtil;
 
+import net.xmeter.AcceptAllTrustManagerFactory;
 import net.xmeter.Util;
 import net.xmeter.samplers.AbstractMQTTSampler;
 import net.xmeter.samplers.mqtt.ConnectionParameters;
 import net.xmeter.samplers.mqtt.MQTTClient;
 import net.xmeter.samplers.mqtt.MQTTFactory;
 import net.xmeter.samplers.mqtt.MQTTSsl;
 
-import static net.xmeter.Constants.HIVEMQ_MQTT_CLIENT_NAME;
-
 class HiveMQTTFactory implements MQTTFactory {
     private static final Logger logger = Logger.getLogger(HiveMQTTFactory.class.getCanonicalName());
 
@@ -41,13 +44,20 @@ public MQTTSsl createSsl(AbstractMQTTSampler sampler) throws Exception {
         MqttClientSslConfigBuilder sslBuilder = MqttClientSslConfig.builder()
                 .protocols(Collections.singletonList("TLSv1.2"));
 
-        //TODO: cert file path is not handled
-        if (sampler.isDualSSLAuth()) {
-            logger.info("Configured with dual SSL, trying to load key store.");
-            File keyStoreFile = Util.getKeyStoreFile(sampler);
-            String keyStorePass = sampler.getKeyStorePassword();
-            String certPass = sampler.getClientCertPassword();
-            sslBuilder = sslBuilder.keyManagerFactory(KeyStoreUtil.keyManagerFromKeystore(keyStoreFile, keyStorePass, certPass));
+        //As the purpose is server performance testing, we make the assumption that 
+        //server side certificate is always valid.
+        if (!sampler.isDualSSLAuth()) {
+        		logger.info("Configured with non-dual SSL.");
+        		TrustManagerFactory acceptAllTmFactory = AcceptAllTrustManagerFactory.getInstance();
+        		sslBuilder = sslBuilder.trustManagerFactory(acceptAllTmFactory);
+        } else {
+        		logger.info("Configured with dual SSL, trying to load client certification.");
+//        		File keyStoreFile = Util.getKeyStoreFile(sampler);
+//        		String keyStorePass = sampler.getKeyStorePassword();
+        		File clientCertFile = Util.getClientCertFile(sampler);
+        		String clientPass = sampler.getClientCertPassword();
+        		sslBuilder = sslBuilder.keyManagerFactory(KeyStoreUtil.keyManagerFromKeystore(clientCertFile, clientPass, clientPass))
+        				.trustManagerFactory(AcceptAllTrustManagerFactory.getInstance());
         }
         return new HiveMQTTSsl(sslBuilder.build());
     }