jmeter-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From fschumac...@apache.org
Subject svn commit: r1708224 - in /jmeter/trunk: src/components/org/apache/jmeter/assertions/SMIMEAssertion.java xdocs/changes.xml
Date Mon, 12 Oct 2015 20:19:12 GMT
Author: fschumacher
Date: Mon Oct 12 20:19:11 2015
New Revision: 1708224

URL: http://svn.apache.org/viewvc?rev=1708224&view=rev
Log:
Change usage of bouncycastle api in SMIMEAssertion to get rid of the deprecation warnings.

Bugzilla Id: 58303

Modified:
    jmeter/trunk/src/components/org/apache/jmeter/assertions/SMIMEAssertion.java
    jmeter/trunk/xdocs/changes.xml

Modified: jmeter/trunk/src/components/org/apache/jmeter/assertions/SMIMEAssertion.java
URL: http://svn.apache.org/viewvc/jmeter/trunk/src/components/org/apache/jmeter/assertions/SMIMEAssertion.java?rev=1708224&r1=1708223&r2=1708224&view=diff
==============================================================================
--- jmeter/trunk/src/components/org/apache/jmeter/assertions/SMIMEAssertion.java (original)
+++ jmeter/trunk/src/components/org/apache/jmeter/assertions/SMIMEAssertion.java Mon Oct 12
20:19:11 2015
@@ -27,43 +27,45 @@ import java.io.InputStream;
 import java.math.BigInteger;
 import java.security.GeneralSecurityException;
 import java.security.Security;
-import java.security.cert.CertStore;
 import java.security.cert.CertificateException;
 import java.security.cert.CertificateFactory;
 import java.security.cert.X509Certificate;
 import java.util.ArrayList;
-import java.util.Collection;
-import java.util.HashMap;
 import java.util.Iterator;
 import java.util.List;
-import java.util.Map;
 import java.util.Properties;
-import java.util.Vector;
 
 import javax.mail.MessagingException;
 import javax.mail.Session;
 import javax.mail.internet.MimeMessage;
 import javax.mail.internet.MimeMultipart;
-import javax.security.auth.x500.X500Principal;
 
 import org.apache.commons.io.IOUtils;
 import org.apache.jmeter.samplers.SampleResult;
 import org.apache.jorphan.logging.LoggingManager;
 import org.apache.jorphan.util.JOrphanUtils;
 import org.apache.log.Logger;
+import org.bouncycastle.asn1.x500.AttributeTypeAndValue;
+import org.bouncycastle.asn1.x500.RDN;
+import org.bouncycastle.asn1.x500.X500Name;
+import org.bouncycastle.asn1.x500.style.BCStyle;
+import org.bouncycastle.asn1.x500.style.IETFUtils;
+import org.bouncycastle.asn1.x509.Extension;
 import org.bouncycastle.asn1.x509.GeneralName;
-import org.bouncycastle.asn1.x509.X509Name;
+import org.bouncycastle.asn1.x509.GeneralNames;
+import org.bouncycastle.cert.X509CertificateHolder;
+import org.bouncycastle.cert.jcajce.JcaX509CertificateHolder;
 import org.bouncycastle.cms.CMSException;
 import org.bouncycastle.cms.SignerInformation;
 import org.bouncycastle.cms.SignerInformationStore;
-import org.bouncycastle.cms.jcajce.JcaX509CertSelectorConverter;
-import org.bouncycastle.jce.PrincipalUtil;
-import org.bouncycastle.jce.X509Principal;
+import org.bouncycastle.cms.SignerInformationVerifier;
+import org.bouncycastle.cms.jcajce.JcaSimpleSignerInfoVerifierBuilder;
 import org.bouncycastle.jce.provider.BouncyCastleProvider;
 import org.bouncycastle.mail.smime.SMIMEException;
 import org.bouncycastle.mail.smime.SMIMESignedParser;
+import org.bouncycastle.operator.OperatorCreationException;
 import org.bouncycastle.operator.bc.BcDigestCalculatorProvider;
-import org.bouncycastle.x509.extension.X509ExtensionUtil;
+import org.bouncycastle.util.Store;
 
 /**
  * Helper class which isolates the BouncyCastle code.
@@ -72,12 +74,6 @@ class SMIMEAssertion {
 
     // Use the name of the test element, otherwise cannot enable/disable debug from the GUI
     private static final Logger log = LoggingManager.getLoggerForShortName(SMIMEAssertionTestElement.class.getName());
-    
-    private static Map<String, String> keywordMap = new HashMap<>();
-    static {
-        keywordMap.put("E", "1.2.840.113549.1.9.1");
-        keywordMap.put("EMAILADDRESS", "1.2.840.113549.1.9.1");
-    }
 
     SMIMEAssertion() {
         super();
@@ -156,23 +152,29 @@ class SMIMEAssertion {
         AssertionResult res = new AssertionResult(name);
 
         try {
-            CertStore certs = s.getCertificatesAndCRLs("Collection", "BC"); // $NON-NLS-1$
 // $NON-NLS-2$
+            Store certs = s.getCertificates();
             SignerInformationStore signers = s.getSignerInfos();
             Iterator<?> signerIt = signers.getSigners().iterator();
 
             if (signerIt.hasNext()) {
 
                 SignerInformation signer = (SignerInformation) signerIt.next();
-                Iterator<?> certIt = certs.getCertificates(
-                        (new JcaX509CertSelectorConverter()).getCertSelector(signer.getSID())).iterator();
+                Iterator<?> certIt = certs.getMatches(signer.getSID()).iterator();
 
                 if (certIt.hasNext()) {
                     // the signer certificate
-                    X509Certificate cert = (X509Certificate) certIt.next();
+                    X509CertificateHolder cert = (X509CertificateHolder) certIt.next();
 
                     if (testElement.isVerifySignature()) {
 
-                        if (!signer.verify(cert.getPublicKey(), "BC")) { // $NON-NLS-1$
+                        SignerInformationVerifier verifier = null;
+                        try {
+                            verifier = new JcaSimpleSignerInfoVerifierBuilder().setProvider("BC")
+                                    .build(cert);
+                        } catch (OperatorCreationException e) {
+                            log.error("Can't create a provider", e);
+                        }
+                        if (verifier == null || !signer.verify(verifier)) {
                             res.setFailure(true);
                             res.setFailureMessage("Signature is invalid");
                         }
@@ -209,29 +211,29 @@ class SMIMEAssertion {
 
                         String subject = testElement.getSignerDn();
                         if (subject.length() > 0) {
-                            final X500Principal certPrincipal = cert.getSubjectX500Principal();
-                            log.debug(certPrincipal.getName(X500Principal.CANONICAL));
-                            X500Principal principal = new X500Principal(subject, keywordMap);
-                            log.debug(principal.getName(X500Principal.CANONICAL));
+                            final X500Name certPrincipal = cert.getSubject();
+                            log.debug("DN from cert: " + certPrincipal.toString());
+                            X500Name principal = new X500Name(subject);
+                            log.debug("DN from assertion: " + principal.toString());
                             if (!principal.equals(certPrincipal)) {
                                 res.setFailure(true);
                                 failureMessage
                                         .append("Distinguished name of signer certificate
does not match \"")
-                                        .append(principal).append("\" != \"").append(certPrincipal).append("\"\n");
+                                        .append(subject).append("\"\n");
                             }
                         }
 
                         String issuer = testElement.getIssuerDn();
                         if (issuer.length() > 0) {
-                            final X500Principal issuerX500Principal = cert.getIssuerX500Principal();
-                            log.debug(issuerX500Principal.getName(X500Principal.CANONICAL));
-                            X500Principal principal = new X500Principal(issuer, keywordMap);
-                            log.debug(principal.getName(X500Principal.CANONICAL));
-                            if (!principal.equals(issuerX500Principal)) {
+                            final X500Name issuerX500Name = cert.getIssuer();
+                            log.debug("IssuerDN from cert: " + issuerX500Name.toString());
+                            X500Name principal = new X500Name(issuer);
+                            log.debug("IssuerDN from assertion: " + principal);
+                            if (!principal.equals(issuerX500Name)) {
                                 res.setFailure(true);
                                 failureMessage
                                         .append("Issuer distinguished name of signer certificate
does not match \"")
-                                        .append(principal).append("\" != \"").append(issuerX500Principal).append("\"\n");
+                                        .append(subject).append("\"\n");
                             }
                         }
 
@@ -243,11 +245,11 @@ class SMIMEAssertion {
                     if (testElement.isSignerCheckByFile()) {
                         CertificateFactory cf = CertificateFactory
                                 .getInstance("X.509");
-                        X509Certificate certFromFile;
+                        X509CertificateHolder certFromFile;
                         InputStream inStream = null;
                         try {
                             inStream = new BufferedInputStream(new FileInputStream(testElement.getSignerCertFile()));
-                            certFromFile = (X509Certificate) cf.generateCertificate(inStream);
+                            certFromFile = new JcaX509CertificateHolder((X509Certificate)
cf.generateCertificate(inStream));
                         } finally {
                             IOUtils.closeQuietly(inStream);
                         }
@@ -325,28 +327,32 @@ class SMIMEAssertion {
     /**
      * Extract email addresses from a certificate
      * 
-     * @param cert the X509 certificate
+     * @param cert the X509 certificate holder
      * @return a List of all email addresses found
      * @throws CertificateException
      */
-    private static List<String> getEmailFromCert(X509Certificate cert)
+    private static List<String> getEmailFromCert(X509CertificateHolder cert)
             throws CertificateException {
         List<String> res = new ArrayList<>();
 
-        X509Principal subject = PrincipalUtil.getSubjectX509Principal(cert);
-        Vector<?> addresses = subject.getValues(X509Name.EmailAddress);
-        for (Object address: addresses) {
-            res.add((String) address);
+        X500Name subject = cert.getSubject();
+        for (RDN emails : subject.getRDNs(BCStyle.EmailAddress)) {
+            for (AttributeTypeAndValue emailAttr: emails.getTypesAndValues()) {
+                log.debug("Add email from RDN: " + IETFUtils.valueToString(emailAttr.getValue()));
+                res.add(IETFUtils.valueToString(emailAttr.getValue()));
+            }
         }
 
-        Collection<?> subjectAltNames =
-            X509ExtensionUtil.getSubjectAlternativeNames(cert);
-        for (Object altNameObj : subjectAltNames) {
-            List<?> altName = (List<?>) altNameObj;
-            Integer type = (Integer) altName.get(0);
-            if (type.intValue() == GeneralName.rfc822Name) {
-                String address = (String) altName.get(1);
-                res.add(address);
+        Extension subjectAlternativeNames = cert
+                .getExtension(Extension.subjectAlternativeName);
+        if (subjectAlternativeNames != null) {
+            for (GeneralName name : GeneralNames.getInstance(
+                    subjectAlternativeNames.getParsedValue()).getNames()) {
+                if (name.getTagNo() == GeneralName.rfc822Name) {
+                    String email = IETFUtils.valueToString(name.getName());
+                    log.debug("Add email from subjectAlternativeName: " + email);
+                    res.add(email);
+                }
             }
         }
 

Modified: jmeter/trunk/xdocs/changes.xml
URL: http://svn.apache.org/viewvc/jmeter/trunk/xdocs/changes.xml?rev=1708224&r1=1708223&r2=1708224&view=diff
==============================================================================
--- jmeter/trunk/xdocs/changes.xml (original)
+++ jmeter/trunk/xdocs/changes.xml Mon Oct 12 20:19:11 2015
@@ -109,6 +109,7 @@ Summary
 
 <h3>Timers, Assertions, Config, Pre- &amp; Post-Processors</h3>
 <ul>
+  <li><bug>58303</bug>Change usage of bouncycastle api in SMIMEAssertion
to get rid of deprecation warnings.</li>
 </ul>
 
 <h3>Functions</h3>



Mime
View raw message