Bug 54776 - Update the dependency on Bouncy Castle to 1.48
Summary: Update the dependency on Bouncy Castle to 1.48
Alias: None
Product: JMeter - Now in Github
Classification: Unclassified
Component: Main (show other bugs)
Version: 2.9
Hardware: All All
: P2 enhancement (vote)
Target Milestone: ---
Assignee: JMeter issues mailing list
Keywords: PatchAvailable
Depends on:
Reported: 2013-03-30 21:44 UTC by Emmanuel Bourg
Modified: 2013-03-31 22:28 UTC (History)
1 user (show)

Upgrade to Bouncy Castle 1.48 (3.51 KB, patch)
2013-03-30 21:44 UTC, Emmanuel Bourg
Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Emmanuel Bourg 2013-03-30 21:44:39 UTC
Created attachment 30122 [details]
Upgrade to Bouncy Castle 1.48

The recent versions of Bouncy Castle didn't preserve the binary compatibility and JMeter doesn't compile against them (it breaks starting with Bouncy Castle 1.46).

This is an issue for the Debian project because the Bouncy Castle package has to be updated to 1.48 in order to fix a security issue. This update is going to break the JMeter package.

Could you please update the dependency on Bouncy Castle? Here is the patch with the necessary changes.
Comment 1 Philippe Mouawad 2013-03-30 22:01:57 UTC
Thanks for patch, do you have some test plan that uses SMIMEAssertion to validate it is OK? 

Thank you
Comment 2 Emmanuel Bourg 2013-03-30 22:09:04 UTC
I haven't tested it specifically. The JMeter tests worked fine, but I don't know if they cover SMIMEAssertion.

I followed the porting guide posted by Bouncy Castle:


They recommend the use of the JcaX509CertSelectorConverter class to convert the SignerId.
Comment 3 Milamber 2013-03-30 23:58:34 UTC

Patch works fine with SMIME Assertion and BC 1.48. Thanks.

Philippe, to test it:

Get a SMIME (SSL) certificat (or create a self-signed):

I have trying with success with Comodo SSL email with my asf email.
I have generated the SSL email cert from my Firefox, and my certificate is now in Certificate Manager (FF Preferences, Advanced tab, Encryption, View Certificates, Your Certificates) To extract, select Comodo cert, button Backup to export in a pkcs12 file.
After, I have imported in my email client Thunderbird (same way that firefox, but click on import button)
Next, go to your email account settings, and select the email SSL certificate in Security pane for digital signing.

You can write a new email with signing (options > sign) to a another email (or yourself).

With JMeter (with bc jar), create a simple script :
Tread group
   |-- Mail Reader Sampler (with Store the message using SMIME (raw) checked) (pointing to a pop3/imap(s) account of the second email)
   |   |-- SMIME Assertion (check Verify signature, Check values (example Signer email address (the same in SSL cert)
   |-- View Results Tree

Run the test.
If all is right, the sampler is success (green) otherwise an error occurs with the assertion.
Comment 4 Milamber 2013-03-31 00:02:27 UTC
For archive a smime email sample.

Return-Path: <milamber@apache.org>
Received: from mwinf8503 (mwinf8503 [])
	 by mwinb7305 (Cyrus v2.3.13) with LMTPA;
	 Sun, 31 Mar 2013 00:29:56 +0100
X-Sieve: CMU Sieve 2.3
Received: from mail.apache.org ([])
	by mwinf8503 with ME
	id HzVu1l00J03wcJL01zVvGs; Sun, 31 Mar 2013 00:29:56 +0100
Received: (qmail 56946 invoked by uid 99); 30 Mar 2013 23:29:54 -0000
Received: from minotaur.apache.org (HELO minotaur.apache.org) (
    by apache.org (qpsmtpd/0.29) with ESMTP; Sat, 30 Mar 2013 23:29:54 +0000
Received: from localhost (HELO [X.X.X.X]) (
  (smtp-auth username milamber, mechanism plain)
  by minotaur.apache.org (qpsmtpd/0.29) with ESMTP; Sat, 30 Mar 2013 23:29:53 +0000
Message-ID: <5157757A.1040901@apache.org>
Date: Sat, 30 Mar 2013 23:30:02 +0000
From: Milamber <milamber@apache.org>
MIME-Version: 1.0
To: Milamber <milamberspace@gmail.com>
Subject: Test SMIME email
Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg=sha1; boundary="------------ms050107090107070502030102"

This is a cryptographically signed message in MIME format.

Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable


This is a test mail with sign.


Content-Type: application/pkcs7-signature; name="smime.p7s"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="smime.p7s"
Content-Description: S/MIME Cryptographic Signature

Comment 5 Milamber 2013-03-31 08:29:11 UTC

The patch needs to add 2 parenthesis around the new JcaX509CertSelectorConverter()

Iterator<?> certIt = certs.getCertificates((new JcaX509CertSelectorConverter()).getCertSelector(signer.getSID())).iterator();
Comment 6 Philippe Mouawad 2013-03-31 22:06:46 UTC
Date: Sun Mar 31 22:06:03 2013
New Revision: 1463065

URL: http://svn.apache.org/r1463065
Bug 54776 - Update the dependency on Bouncy Castle to 1.48
Bugzilla Id: 54776

    jmeter/trunk/lib/api/   (props changed)
Comment 7 Emmanuel Bourg 2013-03-31 22:28:39 UTC
Merci !
Comment 8 The ASF infrastructure team 2022-09-24 20:37:53 UTC
This issue has been migrated to GitHub: https://github.com/apache/jmeter/issues/3085