Bug 58303

Summary: Clean up use of deprecated api from bouncycastle
Product: JMeter Reporter: Felix Schumacher <felix.schumacher>
Component: MainAssignee: JMeter issues mailing list <issues>
Severity: normal    
Priority: P2    
Version: 2.13   
Target Milestone: ---   
Hardware: All   
OS: All   
Attachments: Change code to newer api of bouncycastle
Correct usage of bc api
Change code to newer api of bouncycastle

Description Felix Schumacher 2015-08-30 14:16:42 UTC
Created attachment 33054 [details]
Change code to newer api of bouncycastle

SMIMEAssertion uses deprecated api of bouncycastle.

The added patch tries to rework the code and removes the deprecations.
Comment 1 Felix Schumacher 2015-10-04 20:51:26 UTC
Created attachment 33161 [details]
Correct usage of bc api

The old change did not work correctly. This one tries to fix it up, by really using a certificate holder and extracting the email values from the RDNs.
Comment 2 Felix Schumacher 2015-10-08 19:02:42 UTC
Created attachment 33178 [details]
Change code to newer api of bouncycastle

I think I have found all occurrences of the old vs new api. The unit tests work in eclipse, but not with ant, yet.
Comment 3 Felix Schumacher 2015-10-12 19:55:01 UTC
When I used the test case with the old implementation, I found two further issues.

First, the emailAddress (E) component would not be able to be parsed by the jdk X500Principal(String) constructor. I had to add a keywordMap with the name and oid pair to the constructor, to be able to parse cn=name, E=email@example.org, ...

Second, the DN from the cert is constructed (probably by bouncycastle) in reverse order. Staying with the DN from above, it would be ..., E=email@example.org, cn=name

I will commit the patch, that adds the keywordMap to the constructor, as I think this is a general problem and it will not change the overall behaviour of the code.

The second problem is less of a concern, since the newer api will ignore the order of the DN components.
Comment 4 Felix Schumacher 2015-10-12 20:23:45 UTC
Date: Mon Oct 12 19:58:56 2015
New Revision: 1708212

URL: http://svn.apache.org/viewvc?rev=1708212&view=rev
Add a keywordMap parameter when using the constructor of X500Principal.

This is necessary for DNs which have emailAddress components, which
where not parsed correctly by the jdk.

For better debug logs both compared components will be logged now, when
comparing the issuerDN/certDN with given ones for the assertion.

Bugzilla Id: 58303


Date: Mon Oct 12 20:10:37 2015
New Revision: 1708223

URL: http://svn.apache.org/viewvc?rev=1708223&view=rev
Add test cases for SMIMEAssertion.

Bugzilla Id: 58303


Date: Mon Oct 12 20:19:11 2015
New Revision: 1708224

URL: http://svn.apache.org/viewvc?rev=1708224&view=rev
Change usage of bouncycastle api in SMIMEAssertion to get rid of the deprecation warnings.

Bugzilla Id: 58303