You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@jmeter.apache.org by fs...@apache.org on 2020/09/01 17:55:43 UTC
[jmeter] branch master updated: Lower complexity by extracting
logic into private methods
This is an automated email from the ASF dual-hosted git repository.
fschumacher pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/jmeter.git
The following commit(s) were added to refs/heads/master by this push:
new 5cdcdbd Lower complexity by extracting logic into private methods
5cdcdbd is described below
commit 5cdcdbd691660ac6b2aef601ff115db336272f56
Author: Felix Schumacher <fe...@internetallee.de>
AuthorDate: Tue Sep 1 19:54:45 2020 +0200
Lower complexity by extracting logic into private methods
---
.../apache/jmeter/assertions/SMIMEAssertion.java | 195 ++++++++++++---------
1 file changed, 111 insertions(+), 84 deletions(-)
diff --git a/src/components/src/main/java/org/apache/jmeter/assertions/SMIMEAssertion.java b/src/components/src/main/java/org/apache/jmeter/assertions/SMIMEAssertion.java
index fffcf42..aeebd67 100644
--- a/src/components/src/main/java/org/apache/jmeter/assertions/SMIMEAssertion.java
+++ b/src/components/src/main/java/org/apache/jmeter/assertions/SMIMEAssertion.java
@@ -25,6 +25,8 @@ import java.io.InputStream;
import java.math.BigInteger;
import java.security.GeneralSecurityException;
import java.security.Security;
+import java.security.cert.CertificateEncodingException;
+import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
@@ -163,76 +165,16 @@ class SMIMEAssertion {
X509CertificateHolder cert = (X509CertificateHolder) certIt.next();
if (testElement.isVerifySignature()) {
-
- SignerInformationVerifier verifier = null;
- try {
- verifier = new JcaSimpleSignerInfoVerifierBuilder().setProvider("BC")
- .build(cert);
- } catch (OperatorCreationException e) {
- log.error("Can't create a provider.", e);
- }
- if (verifier == null || !signer.verify(verifier)) {
- res.setFailure(true);
- res.setFailureMessage("Signature is invalid");
- }
+ verifySignature(signer, res, cert);
}
if (testElement.isSignerCheckConstraints()) {
StringBuilder failureMessage = new StringBuilder();
- String serial = testElement.getSignerSerial();
- if (!JOrphanUtils.isBlank(serial)) {
- BigInteger serialNbr = readSerialNumber(serial);
- if (!serialNbr.equals(cert.getSerialNumber())) {
- res.setFailure(true);
- failureMessage
- .append("Serial number ")
- .append(serialNbr)
- .append(" does not match serial from signer certificate: ")
- .append(cert.getSerialNumber()).append("\n");
- }
- }
-
- String email = testElement.getSignerEmail();
- if (!JOrphanUtils.isBlank(email)) {
- List<String> emailFromCert = getEmailFromCert(cert);
- if (!emailFromCert.contains(email)) {
- res.setFailure(true);
- failureMessage
- .append("Email address \"")
- .append(email)
- .append("\" not present in signer certificate\n");
- }
-
- }
-
- String subject = testElement.getSignerDn();
- if (subject.length() > 0) {
- final X500Name certPrincipal = cert.getSubject();
- log.debug("DN from cert: {}", certPrincipal);
- X500Name principal = new X500Name(subject);
- log.debug("DN from assertion: {}", principal);
- if (!principal.equals(certPrincipal)) {
- res.setFailure(true);
- failureMessage
- .append("Distinguished name of signer certificate does not match \"")
- .append(subject).append("\"\n");
- }
- }
-
- String issuer = testElement.getIssuerDn();
- if (issuer.length() > 0) {
- final X500Name issuerX500Name = cert.getIssuer();
- log.debug("IssuerDN from cert: {}", issuerX500Name);
- X500Name principal = new X500Name(issuer);
- log.debug("IssuerDN from assertion: {}", principal);
- if (!principal.equals(issuerX500Name)) {
- res.setFailure(true);
- failureMessage
- .append("Issuer distinguished name of signer certificate does not match \"")
- .append(subject).append("\"\n");
- }
- }
+ checkSerial(testElement, res, cert, failureMessage);
+ checkEmail(testElement, res, cert, failureMessage);
+ checkSubject(testElement, res, cert, failureMessage);
+ checkIssuer(testElement, res, cert, failureMessage);
if (failureMessage.length() > 0) {
res.setFailureMessage(failureMessage.toString());
@@ -240,25 +182,7 @@ class SMIMEAssertion {
}
if (testElement.isSignerCheckByFile()) {
- CertificateFactory cf = CertificateFactory
- .getInstance("X.509");
- try (InputStream fis = new FileInputStream(testElement.getSignerCertFile());
- InputStream bis = new BufferedInputStream(fis)){
- X509CertificateHolder certFromFile = new JcaX509CertificateHolder((X509Certificate) cf.generateCertificate(bis));
- if (!certFromFile.equals(cert)) {
- res.setFailure(true);
- res.setFailureMessage("Signer certificate does not match certificate "
- + testElement.getSignerCertFile());
- }
- } catch (IOException e) {
- if (log.isDebugEnabled()) {
- log.debug("Could not read cert file {}", testElement.getSignerCertFile(), e);
- }
- res.setFailure(true);
- res.setFailureMessage("Could not read certificate file " + testElement.getSignerCertFile());
- }
-
-
+ checkSignerByFile(testElement, res, cert);
}
} else {
@@ -282,6 +206,109 @@ class SMIMEAssertion {
return res;
}
+ private static void verifySignature(SignerInformation signer, AssertionResult res, X509CertificateHolder cert)
+ throws CertificateException, CMSException {
+ SignerInformationVerifier verifier = null;
+ try {
+ verifier = new JcaSimpleSignerInfoVerifierBuilder().setProvider("BC")
+ .build(cert);
+ } catch (OperatorCreationException e) {
+ log.error("Can't create a provider.", e);
+ }
+ if (verifier == null || !signer.verify(verifier)) {
+ res.setFailure(true);
+ res.setFailureMessage("Signature is invalid");
+ }
+ }
+
+ private static void checkSignerByFile(SMIMEAssertionTestElement testElement, AssertionResult res,
+ X509CertificateHolder cert) throws CertificateException, CertificateEncodingException {
+ CertificateFactory cf = CertificateFactory
+ .getInstance("X.509");
+ try (InputStream fis = new FileInputStream(testElement.getSignerCertFile());
+ InputStream bis = new BufferedInputStream(fis)){
+ X509CertificateHolder certFromFile = new JcaX509CertificateHolder((X509Certificate) cf.generateCertificate(bis));
+ if (!certFromFile.equals(cert)) {
+ res.setFailure(true);
+ res.setFailureMessage("Signer certificate does not match certificate "
+ + testElement.getSignerCertFile());
+ }
+ } catch (IOException e) {
+ if (log.isDebugEnabled()) {
+ log.debug("Could not read cert file {}", testElement.getSignerCertFile(), e);
+ }
+ res.setFailure(true);
+ res.setFailureMessage("Could not read certificate file " + testElement.getSignerCertFile());
+ }
+ }
+
+ private static void checkIssuer(SMIMEAssertionTestElement testElement, AssertionResult res,
+ X509CertificateHolder cert, StringBuilder failureMessage) {
+ String issuer = testElement.getIssuerDn();
+ if (issuer.length() > 0) {
+ String subject = testElement.getSignerDn();
+ final X500Name issuerX500Name = cert.getIssuer();
+ log.debug("IssuerDN from cert: {}", issuerX500Name);
+ X500Name principal = new X500Name(issuer);
+ log.debug("IssuerDN from assertion: {}", principal);
+ if (!principal.equals(issuerX500Name)) {
+ res.setFailure(true);
+ failureMessage
+ .append("Issuer distinguished name of signer certificate does not match \"")
+ .append(subject).append("\"\n");
+ }
+ }
+ }
+
+ private static void checkSubject(SMIMEAssertionTestElement testElement, AssertionResult res,
+ X509CertificateHolder cert, StringBuilder failureMessage) {
+ String subject = testElement.getSignerDn();
+ if (subject.length() > 0) {
+ final X500Name certPrincipal = cert.getSubject();
+ log.debug("DN from cert: {}", certPrincipal);
+ X500Name principal = new X500Name(subject);
+ log.debug("DN from assertion: {}", principal);
+ if (!principal.equals(certPrincipal)) {
+ res.setFailure(true);
+ failureMessage
+ .append("Distinguished name of signer certificate does not match \"")
+ .append(subject).append("\"\n");
+ }
+ }
+ }
+
+ private static void checkEmail(SMIMEAssertionTestElement testElement, AssertionResult res,
+ X509CertificateHolder cert, StringBuilder failureMessage) {
+ String email = testElement.getSignerEmail();
+ if (!JOrphanUtils.isBlank(email)) {
+ List<String> emailFromCert = getEmailFromCert(cert);
+ if (!emailFromCert.contains(email)) {
+ res.setFailure(true);
+ failureMessage
+ .append("Email address \"")
+ .append(email)
+ .append("\" not present in signer certificate\n");
+ }
+
+ }
+ }
+
+ private static void checkSerial(SMIMEAssertionTestElement testElement, AssertionResult res,
+ X509CertificateHolder cert, StringBuilder failureMessage) {
+ String serial = testElement.getSignerSerial();
+ if (!JOrphanUtils.isBlank(serial)) {
+ BigInteger serialNbr = readSerialNumber(serial);
+ if (!serialNbr.equals(cert.getSerialNumber())) {
+ res.setFailure(true);
+ failureMessage
+ .append("Serial number ")
+ .append(serialNbr)
+ .append(" does not match serial from signer certificate: ")
+ .append(cert.getSerialNumber()).append("\n");
+ }
+ }
+ }
+
/**
* extracts a MIME message from the SampleResult
*/