View | Details | Raw Unified | Return to bug 58303
Collapse All | Expand All

(-)a/src/components/org/apache/jmeter/assertions/SMIMEAssertion.java (-26 / +19 lines)
Lines 31-36 import java.security.cert.CertificateException; Link Here
31
import java.security.cert.CertificateFactory;
31
import java.security.cert.CertificateFactory;
32
import java.security.cert.X509Certificate;
32
import java.security.cert.X509Certificate;
33
import java.util.ArrayList;
33
import java.util.ArrayList;
34
import java.util.Arrays;
34
import java.util.Collection;
35
import java.util.Collection;
35
import java.util.Iterator;
36
import java.util.Iterator;
36
import java.util.List;
37
import java.util.List;
Lines 47-57 import org.apache.jmeter.samplers.SampleResult; Link Here
47
import org.apache.jorphan.logging.LoggingManager;
48
import org.apache.jorphan.logging.LoggingManager;
48
import org.apache.jorphan.util.JOrphanUtils;
49
import org.apache.jorphan.util.JOrphanUtils;
49
import org.apache.log.Logger;
50
import org.apache.log.Logger;
51
import org.bouncycastle.asn1.x500.AttributeTypeAndValue;
50
import org.bouncycastle.asn1.x500.RDN;
52
import org.bouncycastle.asn1.x500.RDN;
51
import org.bouncycastle.asn1.x500.X500Name;
53
import org.bouncycastle.asn1.x500.X500Name;
52
import org.bouncycastle.asn1.x500.style.BCStyle;
54
import org.bouncycastle.asn1.x500.style.BCStyle;
53
import org.bouncycastle.asn1.x509.GeneralName;
55
import org.bouncycastle.asn1.x500.style.IETFUtils;
54
import org.bouncycastle.cert.jcajce.JcaX509CertificateHolder;
56
import org.bouncycastle.cert.X509CertificateHolder;
55
import org.bouncycastle.cms.CMSException;
57
import org.bouncycastle.cms.CMSException;
56
import org.bouncycastle.cms.SignerInformation;
58
import org.bouncycastle.cms.SignerInformation;
57
import org.bouncycastle.cms.SignerInformationStore;
59
import org.bouncycastle.cms.SignerInformationStore;
Lines 63-69 import org.bouncycastle.mail.smime.SMIMESignedParser; Link Here
63
import org.bouncycastle.operator.OperatorCreationException;
65
import org.bouncycastle.operator.OperatorCreationException;
64
import org.bouncycastle.operator.bc.BcDigestCalculatorProvider;
66
import org.bouncycastle.operator.bc.BcDigestCalculatorProvider;
65
import org.bouncycastle.util.Store;
67
import org.bouncycastle.util.Store;
66
import org.bouncycastle.x509.extension.X509ExtensionUtil;
67
68
68
/**
69
/**
69
 * Helper class which isolates the BouncyCastle code.
70
 * Helper class which isolates the BouncyCastle code.
Lines 161-173 class SMIMEAssertion { Link Here
161
162
162
                if (certIt.hasNext()) {
163
                if (certIt.hasNext()) {
163
                    // the signer certificate
164
                    // the signer certificate
164
                    X509Certificate cert = (X509Certificate) certIt.next();
165
                    X509CertificateHolder cert = (X509CertificateHolder) certIt.next();
165
166
166
                    if (testElement.isVerifySignature()) {
167
                    if (testElement.isVerifySignature()) {
167
168
168
                        SignerInformationVerifier verifier = null;
169
                        SignerInformationVerifier verifier = null;
169
                        try {
170
                        try {
170
                            verifier = new JcaSimpleSignerInfoVerifierBuilder().setProvider("BC").build(cert.getPublicKey());
171
                            verifier = new JcaSimpleSignerInfoVerifierBuilder().setProvider("BC")
172
                                    .build(cert);
171
                        } catch (OperatorCreationException e) {
173
                        } catch (OperatorCreationException e) {
172
                            log.error("Can't create a provider", e);
174
                            log.error("Can't create a provider", e);
173
                        }
175
                        }
Lines 208-215 class SMIMEAssertion { Link Here
208
210
209
                        String subject = testElement.getSignerDn();
211
                        String subject = testElement.getSignerDn();
210
                        if (subject.length() > 0) {
212
                        if (subject.length() > 0) {
211
                            final X500Principal certPrincipal = cert.getSubjectX500Principal();
213
                            final X500Name certPrincipal = cert.getSubject();
212
                            log.debug(certPrincipal.getName(X500Principal.CANONICAL));
214
                            log.debug(certPrincipal.toString());
213
                            X500Principal principal = new X500Principal(subject);
215
                            X500Principal principal = new X500Principal(subject);
214
                            log.debug(principal.getName(X500Principal.CANONICAL));
216
                            log.debug(principal.getName(X500Principal.CANONICAL));
215
                            if (!principal.equals(certPrincipal)) {
217
                            if (!principal.equals(certPrincipal)) {
Lines 222-232 class SMIMEAssertion { Link Here
222
224
223
                        String issuer = testElement.getIssuerDn();
225
                        String issuer = testElement.getIssuerDn();
224
                        if (issuer.length() > 0) {
226
                        if (issuer.length() > 0) {
225
                            final X500Principal issuerX500Principal = cert.getIssuerX500Principal();
227
                            final X500Name issuerX500Name = cert.getIssuer();
226
                            log.debug(issuerX500Principal.getName(X500Principal.CANONICAL));
228
                            log.debug(issuerX500Name.toString());
227
                            X500Principal principal = new X500Principal(issuer);
229
                            X500Principal principal = new X500Principal(issuer);
228
                            log.debug(principal.getName(X500Principal.CANONICAL));
230
                            log.debug(principal.getName(X500Principal.CANONICAL));
229
                            if (!principal.equals(issuerX500Principal)) {
231
                            if (!principal.equals(issuerX500Name.toString())) {
230
                                res.setFailure(true);
232
                                res.setFailure(true);
231
                                failureMessage
233
                                failureMessage
232
                                        .append("Issuer distinguished name of signer certificate does not match \"")
234
                                        .append("Issuer distinguished name of signer certificate does not match \"")
Lines 324-350 class SMIMEAssertion { Link Here
324
    /**
326
    /**
325
     * Extract email addresses from a certificate
327
     * Extract email addresses from a certificate
326
     * 
328
     * 
327
     * @param cert the X509 certificate
329
     * @param cert the X509 certificate holder
328
     * @return a List of all email addresses found
330
     * @return a List of all email addresses found
329
     * @throws CertificateException
331
     * @throws CertificateException
330
     */
332
     */
331
    private static List<String> getEmailFromCert(X509Certificate cert)
333
    private static List<String> getEmailFromCert(X509CertificateHolder cert)
332
            throws CertificateException {
334
            throws CertificateException {
333
        List<String> res = new ArrayList<>();
335
        List<String> res = new ArrayList<>();
334
336
335
        X500Name subject = new JcaX509CertificateHolder(cert).getSubject();
337
        X500Name subject = cert.getSubject();
336
        for (RDN email : subject.getRDNs(BCStyle.EmailAddress)) {
338
        for (RDN emails : subject.getRDNs(BCStyle.EmailAddress)) {
337
            res.add(email.toString());
339
            for (AttributeTypeAndValue emailAttr: emails.getTypesAndValues()) {
338
        }
340
                log.debug("Add email: " + IETFUtils.valueToString(emailAttr.getValue()));
339
341
                res.add(IETFUtils.valueToString(emailAttr.getValue()));
340
        Collection<?> subjectAltNames =
341
            X509ExtensionUtil.getSubjectAlternativeNames(cert);
342
        for (Object altNameObj : subjectAltNames) {
343
            List<?> altName = (List<?>) altNameObj;
344
            Integer type = (Integer) altName.get(0);
345
            if (type.intValue() == GeneralName.rfc822Name) {
346
                String address = (String) altName.get(1);
347
                res.add(address);
348
            }
342
            }
349
        }
343
        }
350
344
351
- 

Return to bug 58303