Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update the dependency on Bouncy Castle to 1.48 #3085

Closed
asfimport opened this issue Mar 30, 2013 · 7 comments
Closed

Update the dependency on Bouncy Castle to 1.48 #3085

asfimport opened this issue Mar 30, 2013 · 7 comments
Labels
enhancement keyword: PatchAvailable os: All P2

Comments

@asfimport
Copy link
Collaborator

Emmanuel Bourg (Bug 54776):
The recent versions of Bouncy Castle didn't preserve the binary compatibility and JMeter doesn't compile against them (it breaks starting with Bouncy Castle 1.46).

This is an issue for the Debian project because the Bouncy Castle package has to be updated to 1.48 in order to fix a security issue. This update is going to break the JMeter package.

Could you please update the dependency on Bouncy Castle? Here is the patch with the necessary changes.

Created attachment jmeter-bouncycastle-update.patch: Upgrade to Bouncy Castle 1.48

jmeter-bouncycastle-update.patch 
Index: build.properties
===================================================================
--- build.properties	(revision 1462828)
+++ build.properties	(working copy)
@@ -57,16 +57,21 @@
 beanshell.md5               = 02F72336919D06A8491E82346E10B4D5
 
 # Bouncy Castle jars (compile and test only - not distributed)
-bcmail.version              = 1.45
-bcmail.jar                  = bcmail-jdk15-${bcmail.version}.jar
-bcmail.loc                  = ${maven2.repo}/org/bouncycastle/bcmail-jdk15/${bcmail.version}
-bcmail.md5                  = 13321fc7eff7bcada7b4fedfb592025c
+bcmail.version              = 1.48
+bcmail.jar                  = bcmail-jdk15on-${bcmail.version}.jar
+bcmail.loc                  = ${maven2.repo}/org/bouncycastle/bcmail-jdk15on/${bcmail.version}
+bcmail.md5                  = d21564a05cec19caea793f6c63c79b59
 
-bcprov.version              = 1.45
-bcprov.jar                  = bcprov-jdk15-${bcprov.version}.jar
-bcprov.loc                  = ${maven2.repo}/org/bouncycastle/bcprov-jdk15/${bcprov.version}
-bcprov.md5                  = 2062f8e3d15748443ea60a94b266371c
+bcprov.version              = 1.48
+bcprov.jar                  = bcprov-jdk15on-${bcprov.version}.jar
+bcprov.loc                  = ${maven2.repo}/org/bouncycastle/bcprov-jdk15on/${bcprov.version}
+bcprov.md5                  = c08b58e03da7d469b0e7df6f4dd99712
 
+bcpkix.version              = 1.48
+bcpkix.jar                  = bcpkix-jdk15on-${bcpkix.version}.jar
+bcpkix.loc                  = ${maven2.repo}/org/bouncycastle/bcpkix-jdk15on/${bcpkix.version}
+bcpkix.md5                  = f8fc0496846f567ec951ac0a0e25ed00
+
 commons-codec.version       = 1.6
 commons-codec.jar           = commons-codec-${commons-codec.version}.jar
 commons-codec.loc           = ${maven2.repo}/commons-codec/commons-codec/${commons-codec.version}
Index: build.xml
===================================================================
--- build.xml	(revision 1462828)
+++ build.xml	(working copy)
@@ -2756,6 +2756,7 @@
         <process_jarfile jarname="avalon-framework"/>
         <process_jarfile jarname="bcmail" dest.dir="${lib.api}"/>
         <process_jarfile jarname="bcprov" dest.dir="${lib.api}"/>
+        <process_jarfile jarname="bcpkix" dest.dir="${lib.api}"/>
         <process_jarfile jarname="beanshell"/>
         <process_jarfile jarname="commons-codec"/>
         <process_jarfile jarname="commons-collections"/>
Index: src/components/org/apache/jmeter/assertions/SMIMEAssertion.java
===================================================================
--- src/components/org/apache/jmeter/assertions/SMIMEAssertion.java	(revision 1462828)
+++ src/components/org/apache/jmeter/assertions/SMIMEAssertion.java	(working copy)
@@ -52,6 +52,7 @@
 import org.bouncycastle.cms.CMSException;
 import org.bouncycastle.cms.SignerInformation;
 import org.bouncycastle.cms.SignerInformationStore;
+import org.bouncycastle.cms.jcajce.JcaX509CertSelectorConverter;
 import org.bouncycastle.jce.PrincipalUtil;
 import org.bouncycastle.jce.X509Principal;
 import org.bouncycastle.jce.provider.BouncyCastleProvider;
@@ -152,7 +153,7 @@
             if (signerIt.hasNext()) {
 
                 SignerInformation signer = (SignerInformation) signerIt.next();
-                Iterator<?> certIt = certs.getCertificates(signer.getSID()).iterator();
+                Iterator<?> certIt = certs.getCertificates(new JcaX509CertSelectorConverter().getCertSelector(signer.getSID())).iterator();
 
                 if (certIt.hasNext()) {
                     // the signer certificate

OS: All
@asfimport
Copy link
Collaborator Author

@pmouawad (migrated from Bugzilla):
Hello,
Thanks for patch, do you have some test plan that uses SMIMEAssertion to validate it is OK?

Thank you
Regards

@asfimport
Copy link
Collaborator Author

Emmanuel Bourg (migrated from Bugzilla):
I haven't tested it specifically. The JMeter tests worked fine, but I don't know if they cover SMIMEAssertion.

I followed the porting guide posted by Bouncy Castle:

http://www.bouncycastle.org/wiki/display/JA1/Porting+from+earlier+BC+releases+to+1.47+and+later

They recommend the use of the JcaX509CertSelectorConverter class to convert the SignerId.

@asfimport
Copy link
Collaborator Author

@milamberspace (migrated from Bugzilla):
Hello,

Patch works fine with SMIME Assertion and BC 1.48. Thanks.

Philippe, to test it:

Get a SMIME (SSL) certificat (or create a self-signed):
http://kb.mozillazine.org/Getting_an_SMIME_certificate

I have trying with success with Comodo SSL email with my asf email.
I have generated the SSL email cert from my Firefox, and my certificate is now in Certificate Manager (FF Preferences, Advanced tab, Encryption, View Certificates, Your Certificates) To extract, select Comodo cert, button Backup to export in a pkcs12 file.
After, I have imported in my email client Thunderbird (same way that firefox, but click on import button)
Next, go to your email account settings, and select the email SSL certificate in Security pane for digital signing.

You can write a new email with signing (options > sign) to a another email (or yourself).

With JMeter (with bc jar), create a simple script :
Tread group
|-- Mail Reader Sampler (with Store the message using SMIME (raw) checked) (pointing to a pop3/imap(s) account of the second email)
| |-- SMIME Assertion (check Verify signature, Check values (example Signer email address (the same in SSL cert)
|-- View Results Tree

Run the test.
If all is right, the sampler is success (green) otherwise an error occurs with the assertion.

@asfimport
Copy link
Collaborator Author

@milamberspace (migrated from Bugzilla):
For archive a smime email sample.

Return-Path: <milamber@apache.org>
Received: from mwinf8503 (mwinf8503 [10.99.54.133])
by mwinb7305 (Cyrus v2.3.13) with LMTPA;
Sun, 31 Mar 2013 00:29:56 +0100
X-Sieve: CMU Sieve 2.3
Received: from mail.apache.org ([140.211.11.3])
by mwinf8503 with ME
id HzVu1l00J03wcJL01zVvGs; Sun, 31 Mar 2013 00:29:56 +0100
Received: (qmail 56946 invoked by uid 99); 30 Mar 2013 23:29:54 -0000
Received: from minotaur.apache.org (HELO minotaur.apache.org) (140.211.11.9)
by apache.org (qpsmtpd/0.29) with ESMTP; Sat, 30 Mar 2013 23:29:54 +0000
Received: from localhost (HELO [X.X.X.X]) (127.0.0.1)
(smtp-auth username milamber, mechanism plain)
by minotaur.apache.org (qpsmtpd/0.29) with ESMTP; Sat, 30 Mar 2013 23:29:53 +0000
Message-ID: <5157757A.1040901@apache.org>
Date: Sat, 30 Mar 2013 23:30:02 +0000
From: Milamber <milamber@apache.org>
MIME-Version: 1.0
To: Milamber <milamberspace@gmail.com>
Subject: Test SMIME email
Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg=sha1; boundary="------------ms050107090107070502030102"

This is a cryptographically signed message in MIME format.

--------------ms050107090107070502030102
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable

Hello,

This is a test mail with sign.

Bye

--------------ms050107090107070502030102
Content-Type: application/pkcs7-signature; name="smime.p7s"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="smime.p7s"
Content-Description: S/MIME Cryptographic Signature

MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIIKSjCC
BRowggQCoAMCAQICEG0Z6qcZT2ozIuYiMnqqcd4wDQYJKoZIhvcNAQEFBQAwga4xCzAJBgNV
[...]
yAgnpeY462QvO1hgSjlxtFzVAIJpLLFQJgcHoPgg90abZMn9HLDEgmaxsHQa8d10CvDBvE1J
hWXJRksRBoU4YLSPddTmn/2j8GftNjDQyNVjWV0oiY7pnNlpqWpHb2QNbFZ9ZNetwtLpHD9w
npQ2ATgbVHUkokYsX8mcywAAAAAAAA==
--------------ms050107090107070502030102--

@asfimport
Copy link
Collaborator Author

@milamberspace (migrated from Bugzilla):

The patch needs to add 2 parenthesis around the new JcaX509CertSelectorConverter()

Iterator<?> certIt = certs.getCertificates((new JcaX509CertSelectorConverter()).getCertSelector(signer.getSID())).iterator();

@asfimport
Copy link
Collaborator Author

@pmouawad (migrated from Bugzilla):
Date: Sun Mar 31 22:06:03 2013
New Revision: 1463065

URL: http://svn.apache.org/r1463065
Log:
#3085 - Update the dependency on Bouncy Castle to 1.48
#3085

Modified:
jmeter/trunk/build.properties
jmeter/trunk/build.xml
jmeter/trunk/eclipse.classpath
jmeter/trunk/lib/api/ (props changed)
jmeter/trunk/res/maven/ApacheJMeter_parent.pom
jmeter/trunk/src/components/org/apache/jmeter/assertions/SMIMEAssertion.java
jmeter/trunk/xdocs/changes.xml

@asfimport
Copy link
Collaborator Author

Emmanuel Bourg (migrated from Bugzilla):
Merci !

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement keyword: PatchAvailable os: All P2
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@asfimport