Bug 58303 - Clean up use of deprecated api from bouncycastle
Summary: Clean up use of deprecated api from bouncycastle
Status: RESOLVED FIXED
Alias: None
Product: JMeter
Classification: Unclassified
Component: Main (show other bugs)
Version: 2.13
Hardware: All All
: P2 normal (vote)
Target Milestone: ---
Assignee: JMeter issues mailing list
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2015-08-30 14:16 UTC by Felix Schumacher
Modified: 2015-10-12 20:23 UTC (History)
0 users



Attachments
Change code to newer api of bouncycastle (4.80 KB, patch)
2015-08-30 14:16 UTC, Felix Schumacher
Details | Diff
Correct usage of bc api (6.21 KB, patch)
2015-10-04 20:51 UTC, Felix Schumacher
Details | Diff
Change code to newer api of bouncycastle (20.92 KB, patch)
2015-10-08 19:02 UTC, Felix Schumacher
Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Felix Schumacher 2015-08-30 14:16:42 UTC
Created attachment 33054 [details]
Change code to newer api of bouncycastle

SMIMEAssertion uses deprecated api of bouncycastle.

The added patch tries to rework the code and removes the deprecations.
Comment 1 Felix Schumacher 2015-10-04 20:51:26 UTC
Created attachment 33161 [details]
Correct usage of bc api

The old change did not work correctly. This one tries to fix it up, by really using a certificate holder and extracting the email values from the RDNs.
Comment 2 Felix Schumacher 2015-10-08 19:02:42 UTC
Created attachment 33178 [details]
Change code to newer api of bouncycastle

I think I have found all occurrences of the old vs new api. The unit tests work in eclipse, but not with ant, yet.
Comment 3 Felix Schumacher 2015-10-12 19:55:01 UTC
When I used the test case with the old implementation, I found two further issues.

First, the emailAddress (E) component would not be able to be parsed by the jdk X500Principal(String) constructor. I had to add a keywordMap with the name and oid pair to the constructor, to be able to parse cn=name, E=email@example.org, ...

Second, the DN from the cert is constructed (probably by bouncycastle) in reverse order. Staying with the DN from above, it would be ..., E=email@example.org, cn=name

I will commit the patch, that adds the keywordMap to the constructor, as I think this is a general problem and it will not change the overall behaviour of the code.

The second problem is less of a concern, since the newer api will ignore the order of the DN components.
Comment 4 Felix Schumacher 2015-10-12 20:23:45 UTC
Date: Mon Oct 12 19:58:56 2015
New Revision: 1708212

URL: http://svn.apache.org/viewvc?rev=1708212&view=rev
Log:
Add a keywordMap parameter when using the constructor of X500Principal.

This is necessary for DNs which have emailAddress components, which
where not parsed correctly by the jdk.

For better debug logs both compared components will be logged now, when
comparing the issuerDN/certDN with given ones for the assertion.

Bugzilla Id: 58303

Modified:
    jmeter/trunk/src/components/org/apache/jmeter/assertions/SMIMEAssertion.java

Date: Mon Oct 12 20:10:37 2015
New Revision: 1708223

URL: http://svn.apache.org/viewvc?rev=1708223&view=rev
Log:
Add test cases for SMIMEAssertion.

Bugzilla Id: 58303

Added:
    jmeter/trunk/test/resources/org/
    jmeter/trunk/test/resources/org/apache/
    jmeter/trunk/test/resources/org/apache/jmeter/
    jmeter/trunk/test/resources/org/apache/jmeter/assertions/
    jmeter/trunk/test/resources/org/apache/jmeter/assertions/email.pem
    jmeter/trunk/test/resources/org/apache/jmeter/assertions/signed_email.eml
    jmeter/trunk/test/src/org/apache/jmeter/assertions/SMIMEAssertionTest.java

Date: Mon Oct 12 20:19:11 2015
New Revision: 1708224

URL: http://svn.apache.org/viewvc?rev=1708224&view=rev
Log:
Change usage of bouncycastle api in SMIMEAssertion to get rid of the deprecation warnings.

Bugzilla Id: 58303

Modified:
    jmeter/trunk/src/components/org/apache/jmeter/assertions/SMIMEAssertion.java
    jmeter/trunk/xdocs/changes.xml