Back to previous view
VOMS service written in Java (VOMS-84)

[VOMS-407] Understand use of multiple certificates in grinder Created: 11/Sep/13  Updated: 27/May/21  Resolved: 23/Sep/13

Status: Closed
Project: VOMS
Component/s: None
Affects Version/s: None
Fix Version/s: None
Security Level: Public (Visbile by non-authn users.)

Type: Sub-task Priority: Major
Reporter: Valerio Venturi [X] (Inactive) Assignee: Unassigned
Resolution: Fixed Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified


 Comments   
Comment by Andrea Ceccanti [ 23/Sep/13 ]

Use one keystore per certificate. Ensure that keystore password equals key password and that the password length is >= 6.

Comment by Andrea Ceccanti [ 23/Sep/13 ]

It's simpler to have one keystore per certificate.
I've already created some certificates store in keystore in the IGI test ca.

Comment by Enrico Vianello [ 11/Sep/13 ]

Now, the next step is writing a test script that works with a keystore that contains the igi-test CA certificates.

Comment by Enrico Vianello [ 11/Sep/13 ]

source: grinder.sourceforge.net

Picking a certificate from a key store

Here's an example script that provides its own X509KeyManager implementation which controls which client certificate to use. The example is hard coded to always use the certificate with the alias myalias.

from com.sun.net.ssl import KeyManagerFactory,X509KeyManager
from java.io import FileInputStream
from java.security import KeyStore
from jarray import array
 
class MyManager(X509KeyManager):
    def __init__(self, keyStoreFile, keyStorePassword):
        keyStore = KeyStore.getInstance("jks")
        keyStore.load(FileInputStream(keyStoreFile), keyStorePassword)
 
        keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm())
        keyManagerFactory.init(keyStore, keyStorePassword)
 
        # Assume we have one key manager.
        self._delegate = keyManagerFactory.keyManagers[0]
 
    def __getattr__(self, a):
        """Some Python magic to pass on all invocations of methods we
        don't define on to our delegate."""
 
        if self.__dict__.has_key(a): return self.__dict__[a]
        else: return getattr(self._delegate, a)
 
    def chooseClientAlias(self, keyTypes, issuers):
        return "myalias"
 
myManager = MyManager("keystore.jks", "password")
myManagerArray = array((myManager,), X509KeyManager)
 
class TestRunner:
    def __call__(self):
        grinder.SSLControl.setKeyManagers(myManagerArray)
        # ...
Generated at Thu May 07 19:07:23 CEST 2026 using Jira 11.3.2#11030003-sha1:bd741f0b02a315de9bddd49d71ae8ffde8b13b6c.