Bug 54776 - Update the dependency on Bouncy Castle to 1.48
Update the dependency on Bouncy Castle to 1.48
Status: RESOLVED FIXED
Product: JMeter
Classification: Unclassified
Component: Main
2.9
All All
: P2 enhancement (vote)
: ---
Assigned To: JMeter issues mailing list
: PatchAvailable
Depends on:
Blocks:
  Show dependency tree
 
Reported: 2013-03-30 21:44 UTC by Emmanuel Bourg
Modified: 2013-03-31 22:28 UTC (History)
1 user (show)



Attachments
Upgrade to Bouncy Castle 1.48 (3.51 KB, patch)
2013-03-30 21:44 UTC, Emmanuel Bourg
Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Emmanuel Bourg 2013-03-30 21:44:39 UTC
Created attachment 30122 [details]
Upgrade to Bouncy Castle 1.48

The recent versions of Bouncy Castle didn't preserve the binary compatibility and JMeter doesn't compile against them (it breaks starting with Bouncy Castle 1.46).

This is an issue for the Debian project because the Bouncy Castle package has to be updated to 1.48 in order to fix a security issue. This update is going to break the JMeter package.

Could you please update the dependency on Bouncy Castle? Here is the patch with the necessary changes.
Comment 1 Philippe Mouawad 2013-03-30 22:01:57 UTC
Hello,
Thanks for patch, do you have some test plan that uses SMIMEAssertion to validate it is OK? 

Thank you
Regards
Comment 2 Emmanuel Bourg 2013-03-30 22:09:04 UTC
I haven't tested it specifically. The JMeter tests worked fine, but I don't know if they cover SMIMEAssertion.

I followed the porting guide posted by Bouncy Castle:

http://www.bouncycastle.org/wiki/display/JA1/Porting+from+earlier+BC+releases+to+1.47+and+later

They recommend the use of the JcaX509CertSelectorConverter class to convert the SignerId.
Comment 3 Milamber 2013-03-30 23:58:34 UTC
Hello,

Patch works fine with SMIME Assertion and BC 1.48. Thanks.

Philippe, to test it:

Get a SMIME (SSL) certificat (or create a self-signed):
http://kb.mozillazine.org/Getting_an_SMIME_certificate

I have trying with success with Comodo SSL email with my asf email.
I have generated the SSL email cert from my Firefox, and my certificate is now in Certificate Manager (FF Preferences, Advanced tab, Encryption, View Certificates, Your Certificates) To extract, select Comodo cert, button Backup to export in a pkcs12 file.
After, I have imported in my email client Thunderbird (same way that firefox, but click on import button)
Next, go to your email account settings, and select the email SSL certificate in Security pane for digital signing.

You can write a new email with signing (options > sign) to a another email (or yourself).

With JMeter (with bc jar), create a simple script :
Tread group
   |-- Mail Reader Sampler (with Store the message using SMIME (raw) checked) (pointing to a pop3/imap(s) account of the second email)
   |   |-- SMIME Assertion (check Verify signature, Check values (example Signer email address (the same in SSL cert)
   |-- View Results Tree


Run the test.
If all is right, the sampler is success (green) otherwise an error occurs with the assertion.
Comment 4 Milamber 2013-03-31 00:02:27 UTC
For archive a smime email sample.


Return-Path: <milamber@apache.org>
Received: from mwinf8503 (mwinf8503 [10.99.54.133])
	 by mwinb7305 (Cyrus v2.3.13) with LMTPA;
	 Sun, 31 Mar 2013 00:29:56 +0100
X-Sieve: CMU Sieve 2.3
Received: from mail.apache.org ([140.211.11.3])
	by mwinf8503 with ME
	id HzVu1l00J03wcJL01zVvGs; Sun, 31 Mar 2013 00:29:56 +0100
Received: (qmail 56946 invoked by uid 99); 30 Mar 2013 23:29:54 -0000
Received: from minotaur.apache.org (HELO minotaur.apache.org) (140.211.11.9)
    by apache.org (qpsmtpd/0.29) with ESMTP; Sat, 30 Mar 2013 23:29:54 +0000
Received: from localhost (HELO [X.X.X.X]) (127.0.0.1)
  (smtp-auth username milamber, mechanism plain)
  by minotaur.apache.org (qpsmtpd/0.29) with ESMTP; Sat, 30 Mar 2013 23:29:53 +0000
Message-ID: <5157757A.1040901@apache.org>
Date: Sat, 30 Mar 2013 23:30:02 +0000
From: Milamber <milamber@apache.org>
MIME-Version: 1.0
To: Milamber <milamberspace@gmail.com>
Subject: Test SMIME email
Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg=sha1; boundary="------------ms050107090107070502030102"

This is a cryptographically signed message in MIME format.

--------------ms050107090107070502030102
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable

Hello,

This is a test mail with sign.

Bye


--------------ms050107090107070502030102
Content-Type: application/pkcs7-signature; name="smime.p7s"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="smime.p7s"
Content-Description: S/MIME Cryptographic Signature

MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIIKSjCC
BRowggQCoAMCAQICEG0Z6qcZT2ozIuYiMnqqcd4wDQYJKoZIhvcNAQEFBQAwga4xCzAJBgNV
[...]
yAgnpeY462QvO1hgSjlxtFzVAIJpLLFQJgcHoPgg90abZMn9HLDEgmaxsHQa8d10CvDBvE1J
hWXJRksRBoU4YLSPddTmn/2j8GftNjDQyNVjWV0oiY7pnNlpqWpHb2QNbFZ9ZNetwtLpHD9w
npQ2ATgbVHUkokYsX8mcywAAAAAAAA==
--------------ms050107090107070502030102--
Comment 5 Milamber 2013-03-31 08:29:11 UTC

The patch needs to add 2 parenthesis around the new JcaX509CertSelectorConverter()

Iterator<?> certIt = certs.getCertificates((new JcaX509CertSelectorConverter()).getCertSelector(signer.getSID())).iterator();
Comment 6 Philippe Mouawad 2013-03-31 22:06:46 UTC
Date: Sun Mar 31 22:06:03 2013
New Revision: 1463065

URL: http://svn.apache.org/r1463065
Log:
Bug 54776 - Update the dependency on Bouncy Castle to 1.48
Bugzilla Id: 54776

Modified:
    jmeter/trunk/build.properties
    jmeter/trunk/build.xml
    jmeter/trunk/eclipse.classpath
    jmeter/trunk/lib/api/   (props changed)
    jmeter/trunk/res/maven/ApacheJMeter_parent.pom
    jmeter/trunk/src/components/org/apache/jmeter/assertions/SMIMEAssertion.java
    jmeter/trunk/xdocs/changes.xml
Comment 7 Emmanuel Bourg 2013-03-31 22:28:39 UTC
Merci !