Created attachment 30122 [details] Upgrade to Bouncy Castle 1.48 The recent versions of Bouncy Castle didn't preserve the binary compatibility and JMeter doesn't compile against them (it breaks starting with Bouncy Castle 1.46). This is an issue for the Debian project because the Bouncy Castle package has to be updated to 1.48 in order to fix a security issue. This update is going to break the JMeter package. Could you please update the dependency on Bouncy Castle? Here is the patch with the necessary changes.
Hello, Thanks for patch, do you have some test plan that uses SMIMEAssertion to validate it is OK? Thank you Regards
I haven't tested it specifically. The JMeter tests worked fine, but I don't know if they cover SMIMEAssertion. I followed the porting guide posted by Bouncy Castle: http://www.bouncycastle.org/wiki/display/JA1/Porting+from+earlier+BC+releases+to+1.47+and+later They recommend the use of the JcaX509CertSelectorConverter class to convert the SignerId.
Hello, Patch works fine with SMIME Assertion and BC 1.48. Thanks. Philippe, to test it: Get a SMIME (SSL) certificat (or create a self-signed): http://kb.mozillazine.org/Getting_an_SMIME_certificate I have trying with success with Comodo SSL email with my asf email. I have generated the SSL email cert from my Firefox, and my certificate is now in Certificate Manager (FF Preferences, Advanced tab, Encryption, View Certificates, Your Certificates) To extract, select Comodo cert, button Backup to export in a pkcs12 file. After, I have imported in my email client Thunderbird (same way that firefox, but click on import button) Next, go to your email account settings, and select the email SSL certificate in Security pane for digital signing. You can write a new email with signing (options > sign) to a another email (or yourself). With JMeter (with bc jar), create a simple script : Tread group |-- Mail Reader Sampler (with Store the message using SMIME (raw) checked) (pointing to a pop3/imap(s) account of the second email) | |-- SMIME Assertion (check Verify signature, Check values (example Signer email address (the same in SSL cert) |-- View Results Tree Run the test. If all is right, the sampler is success (green) otherwise an error occurs with the assertion.
For archive a smime email sample. Return-Path: <milamber@apache.org> Received: from mwinf8503 (mwinf8503 [10.99.54.133]) by mwinb7305 (Cyrus v2.3.13) with LMTPA; Sun, 31 Mar 2013 00:29:56 +0100 X-Sieve: CMU Sieve 2.3 Received: from mail.apache.org ([140.211.11.3]) by mwinf8503 with ME id HzVu1l00J03wcJL01zVvGs; Sun, 31 Mar 2013 00:29:56 +0100 Received: (qmail 56946 invoked by uid 99); 30 Mar 2013 23:29:54 -0000 Received: from minotaur.apache.org (HELO minotaur.apache.org) (140.211.11.9) by apache.org (qpsmtpd/0.29) with ESMTP; Sat, 30 Mar 2013 23:29:54 +0000 Received: from localhost (HELO [X.X.X.X]) (127.0.0.1) (smtp-auth username milamber, mechanism plain) by minotaur.apache.org (qpsmtpd/0.29) with ESMTP; Sat, 30 Mar 2013 23:29:53 +0000 Message-ID: <5157757A.1040901@apache.org> Date: Sat, 30 Mar 2013 23:30:02 +0000 From: Milamber <milamber@apache.org> MIME-Version: 1.0 To: Milamber <milamberspace@gmail.com> Subject: Test SMIME email Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg=sha1; boundary="------------ms050107090107070502030102" This is a cryptographically signed message in MIME format. --------------ms050107090107070502030102 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Hello, This is a test mail with sign. Bye --------------ms050107090107070502030102 Content-Type: application/pkcs7-signature; name="smime.p7s" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="smime.p7s" Content-Description: S/MIME Cryptographic Signature MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIIKSjCC BRowggQCoAMCAQICEG0Z6qcZT2ozIuYiMnqqcd4wDQYJKoZIhvcNAQEFBQAwga4xCzAJBgNV [...] yAgnpeY462QvO1hgSjlxtFzVAIJpLLFQJgcHoPgg90abZMn9HLDEgmaxsHQa8d10CvDBvE1J hWXJRksRBoU4YLSPddTmn/2j8GftNjDQyNVjWV0oiY7pnNlpqWpHb2QNbFZ9ZNetwtLpHD9w npQ2ATgbVHUkokYsX8mcywAAAAAAAA== --------------ms050107090107070502030102--
The patch needs to add 2 parenthesis around the new JcaX509CertSelectorConverter() Iterator<?> certIt = certs.getCertificates((new JcaX509CertSelectorConverter()).getCertSelector(signer.getSID())).iterator();
Date: Sun Mar 31 22:06:03 2013 New Revision: 1463065 URL: http://svn.apache.org/r1463065 Log: Bug 54776 - Update the dependency on Bouncy Castle to 1.48 Bugzilla Id: 54776 Modified: jmeter/trunk/build.properties jmeter/trunk/build.xml jmeter/trunk/eclipse.classpath jmeter/trunk/lib/api/ (props changed) jmeter/trunk/res/maven/ApacheJMeter_parent.pom jmeter/trunk/src/components/org/apache/jmeter/assertions/SMIMEAssertion.java jmeter/trunk/xdocs/changes.xml
Merci !
This issue has been migrated to GitHub: https://github.com/apache/jmeter/issues/3085