jmeter-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From fschumac...@apache.org
Subject [jmeter] branch master updated: Lower complexity by extracting logic into private methods
Date Tue, 01 Sep 2020 17:55:43 GMT
This is an automated email from the ASF dual-hosted git repository.

fschumacher pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/jmeter.git


The following commit(s) were added to refs/heads/master by this push:
     new 5cdcdbd  Lower complexity by extracting logic into private methods
5cdcdbd is described below

commit 5cdcdbd691660ac6b2aef601ff115db336272f56
Author: Felix Schumacher <felix.schumacher@internetallee.de>
AuthorDate: Tue Sep 1 19:54:45 2020 +0200

    Lower complexity by extracting logic into private methods
---
 .../apache/jmeter/assertions/SMIMEAssertion.java   | 195 ++++++++++++---------
 1 file changed, 111 insertions(+), 84 deletions(-)

diff --git a/src/components/src/main/java/org/apache/jmeter/assertions/SMIMEAssertion.java
b/src/components/src/main/java/org/apache/jmeter/assertions/SMIMEAssertion.java
index fffcf42..aeebd67 100644
--- a/src/components/src/main/java/org/apache/jmeter/assertions/SMIMEAssertion.java
+++ b/src/components/src/main/java/org/apache/jmeter/assertions/SMIMEAssertion.java
@@ -25,6 +25,8 @@ import java.io.InputStream;
 import java.math.BigInteger;
 import java.security.GeneralSecurityException;
 import java.security.Security;
+import java.security.cert.CertificateEncodingException;
+import java.security.cert.CertificateException;
 import java.security.cert.CertificateFactory;
 import java.security.cert.X509Certificate;
 import java.util.ArrayList;
@@ -163,76 +165,16 @@ class SMIMEAssertion {
                     X509CertificateHolder cert = (X509CertificateHolder) certIt.next();
 
                     if (testElement.isVerifySignature()) {
-
-                        SignerInformationVerifier verifier = null;
-                        try {
-                            verifier = new JcaSimpleSignerInfoVerifierBuilder().setProvider("BC")
-                                    .build(cert);
-                        } catch (OperatorCreationException e) {
-                            log.error("Can't create a provider.", e);
-                        }
-                        if (verifier == null || !signer.verify(verifier)) {
-                            res.setFailure(true);
-                            res.setFailureMessage("Signature is invalid");
-                        }
+                        verifySignature(signer, res, cert);
                     }
 
                     if (testElement.isSignerCheckConstraints()) {
                         StringBuilder failureMessage = new StringBuilder();
 
-                        String serial = testElement.getSignerSerial();
-                        if (!JOrphanUtils.isBlank(serial)) {
-                            BigInteger serialNbr = readSerialNumber(serial);
-                            if (!serialNbr.equals(cert.getSerialNumber())) {
-                                res.setFailure(true);
-                                failureMessage
-                                        .append("Serial number ")
-                                        .append(serialNbr)
-                                        .append(" does not match serial from signer certificate:
")
-                                        .append(cert.getSerialNumber()).append("\n");
-                            }
-                        }
-
-                        String email = testElement.getSignerEmail();
-                        if (!JOrphanUtils.isBlank(email)) {
-                            List<String> emailFromCert = getEmailFromCert(cert);
-                            if (!emailFromCert.contains(email)) {
-                                res.setFailure(true);
-                                failureMessage
-                                        .append("Email address \"")
-                                        .append(email)
-                                        .append("\" not present in signer certificate\n");
-                            }
-
-                        }
-
-                        String subject = testElement.getSignerDn();
-                        if (subject.length() > 0) {
-                            final X500Name certPrincipal = cert.getSubject();
-                            log.debug("DN from cert: {}", certPrincipal);
-                            X500Name principal = new X500Name(subject);
-                            log.debug("DN from assertion: {}", principal);
-                            if (!principal.equals(certPrincipal)) {
-                                res.setFailure(true);
-                                failureMessage
-                                        .append("Distinguished name of signer certificate
does not match \"")
-                                        .append(subject).append("\"\n");
-                            }
-                        }
-
-                        String issuer = testElement.getIssuerDn();
-                        if (issuer.length() > 0) {
-                            final X500Name issuerX500Name = cert.getIssuer();
-                            log.debug("IssuerDN from cert: {}", issuerX500Name);
-                            X500Name principal = new X500Name(issuer);
-                            log.debug("IssuerDN from assertion: {}", principal);
-                            if (!principal.equals(issuerX500Name)) {
-                                res.setFailure(true);
-                                failureMessage
-                                        .append("Issuer distinguished name of signer certificate
does not match \"")
-                                        .append(subject).append("\"\n");
-                            }
-                        }
+                        checkSerial(testElement, res, cert, failureMessage);
+                        checkEmail(testElement, res, cert, failureMessage);
+                        checkSubject(testElement, res, cert, failureMessage);
+                        checkIssuer(testElement, res, cert, failureMessage);
 
                         if (failureMessage.length() > 0) {
                             res.setFailureMessage(failureMessage.toString());
@@ -240,25 +182,7 @@ class SMIMEAssertion {
                     }
 
                     if (testElement.isSignerCheckByFile()) {
-                        CertificateFactory cf = CertificateFactory
-                                .getInstance("X.509");
-                        try (InputStream fis = new FileInputStream(testElement.getSignerCertFile());
-                                InputStream bis = new BufferedInputStream(fis)){
-                            X509CertificateHolder certFromFile = new JcaX509CertificateHolder((X509Certificate)
cf.generateCertificate(bis));
-                            if (!certFromFile.equals(cert)) {
-                                res.setFailure(true);
-                                res.setFailureMessage("Signer certificate does not match
certificate "
-                                                + testElement.getSignerCertFile());
-                            }
-                        } catch (IOException e) {
-                            if (log.isDebugEnabled()) {
-                                log.debug("Could not read cert file {}", testElement.getSignerCertFile(),
e);
-                            }
-                            res.setFailure(true);
-                            res.setFailureMessage("Could not read certificate file " + testElement.getSignerCertFile());
-                        }
-
-
+                        checkSignerByFile(testElement, res, cert);
                     }
 
                 } else {
@@ -282,6 +206,109 @@ class SMIMEAssertion {
         return res;
     }
 
+    private static void verifySignature(SignerInformation signer, AssertionResult res, X509CertificateHolder
cert)
+            throws CertificateException, CMSException {
+        SignerInformationVerifier verifier = null;
+        try {
+            verifier = new JcaSimpleSignerInfoVerifierBuilder().setProvider("BC")
+                    .build(cert);
+        } catch (OperatorCreationException e) {
+            log.error("Can't create a provider.", e);
+        }
+        if (verifier == null || !signer.verify(verifier)) {
+            res.setFailure(true);
+            res.setFailureMessage("Signature is invalid");
+        }
+    }
+
+    private static void checkSignerByFile(SMIMEAssertionTestElement testElement, AssertionResult
res,
+            X509CertificateHolder cert) throws CertificateException, CertificateEncodingException
{
+        CertificateFactory cf = CertificateFactory
+                .getInstance("X.509");
+        try (InputStream fis = new FileInputStream(testElement.getSignerCertFile());
+                InputStream bis = new BufferedInputStream(fis)){
+            X509CertificateHolder certFromFile = new JcaX509CertificateHolder((X509Certificate)
cf.generateCertificate(bis));
+            if (!certFromFile.equals(cert)) {
+                res.setFailure(true);
+                res.setFailureMessage("Signer certificate does not match certificate "
+                                + testElement.getSignerCertFile());
+            }
+        } catch (IOException e) {
+            if (log.isDebugEnabled()) {
+                log.debug("Could not read cert file {}", testElement.getSignerCertFile(),
e);
+            }
+            res.setFailure(true);
+            res.setFailureMessage("Could not read certificate file " + testElement.getSignerCertFile());
+        }
+    }
+
+    private static void checkIssuer(SMIMEAssertionTestElement testElement, AssertionResult
res,
+            X509CertificateHolder cert, StringBuilder failureMessage) {
+        String issuer = testElement.getIssuerDn();
+        if (issuer.length() > 0) {
+            String subject = testElement.getSignerDn();
+            final X500Name issuerX500Name = cert.getIssuer();
+            log.debug("IssuerDN from cert: {}", issuerX500Name);
+            X500Name principal = new X500Name(issuer);
+            log.debug("IssuerDN from assertion: {}", principal);
+            if (!principal.equals(issuerX500Name)) {
+                res.setFailure(true);
+                failureMessage
+                        .append("Issuer distinguished name of signer certificate does not
match \"")
+                        .append(subject).append("\"\n");
+            }
+        }
+    }
+
+    private static void checkSubject(SMIMEAssertionTestElement testElement, AssertionResult
res,
+            X509CertificateHolder cert, StringBuilder failureMessage) {
+        String subject = testElement.getSignerDn();
+        if (subject.length() > 0) {
+            final X500Name certPrincipal = cert.getSubject();
+            log.debug("DN from cert: {}", certPrincipal);
+            X500Name principal = new X500Name(subject);
+            log.debug("DN from assertion: {}", principal);
+            if (!principal.equals(certPrincipal)) {
+                res.setFailure(true);
+                failureMessage
+                        .append("Distinguished name of signer certificate does not match
\"")
+                        .append(subject).append("\"\n");
+            }
+        }
+    }
+
+    private static void checkEmail(SMIMEAssertionTestElement testElement, AssertionResult
res,
+            X509CertificateHolder cert, StringBuilder failureMessage) {
+        String email = testElement.getSignerEmail();
+        if (!JOrphanUtils.isBlank(email)) {
+            List<String> emailFromCert = getEmailFromCert(cert);
+            if (!emailFromCert.contains(email)) {
+                res.setFailure(true);
+                failureMessage
+                        .append("Email address \"")
+                        .append(email)
+                        .append("\" not present in signer certificate\n");
+            }
+
+        }
+    }
+
+    private static void checkSerial(SMIMEAssertionTestElement testElement, AssertionResult
res,
+            X509CertificateHolder cert, StringBuilder failureMessage) {
+        String serial = testElement.getSignerSerial();
+        if (!JOrphanUtils.isBlank(serial)) {
+            BigInteger serialNbr = readSerialNumber(serial);
+            if (!serialNbr.equals(cert.getSerialNumber())) {
+                res.setFailure(true);
+                failureMessage
+                        .append("Serial number ")
+                        .append(serialNbr)
+                        .append(" does not match serial from signer certificate: ")
+                        .append(cert.getSerialNumber()).append("\n");
+            }
+        }
+    }
+
     /**
      * extracts a MIME message from the SampleResult
      */


Mime
View raw message