[
Date Prev][
Date Next][
Thread Prev][
Thread Next][
Date Index][
Thread Index]
[
List Home]
Re: [jgit-dev] Could jgit be packaged with Bouncy Castle?
|
On 24/09/2013 00:02, Matthias Sohn wrote:
On Mon, Sep 23, 2013 at 10:30 PM, James Yonan <james@xxxxxxxxxxx
<mailto:james@xxxxxxxxxxx>> wrote:
PBEWithMD5AndDES is woefully inadequate these days, and getting jgit
to see a separately installed Bouncy Castle provider is tricky
without editing system config files.
It would be great if Bouncy Castle could be packaged into the jgit
standalone binary.
I need to find time to fix
https://bugs.eclipse.org/bugs/show_bug.cgi?id=391302
Which bouncycastle library to you need ? We have an IP approval to use
bcpg-jdk15on and bcprov-jdk15on in version 1.47 but due to bug 391302
they are not yet available in Orbit.
Latest stable would be great. Not too particular, just looking for
reasonable strong crypto options such as
PBEWITHSHA256AND256BITAES-CBC-BC for using S3 as a backing store.
BTW, is it even possible for an end user to build jgit command line tool
+ bouncy castle together via maven without any special code signing
authority? I attempted it and had all sorts of problems such as:
* java.lang.SecurityException: Invalid signature file digest for
Manifest main attributes -- apparently an issue with maven shade plugin
interacting badly with BC signature
* Tried excluding the sigs from maven shade plugin with
<configuration>
<filters>
<filter>
<artifact>*:*</artifact>
<excludes>
<exclude>META-INF/*.SF</exclude>
<exclude>META-INF/*.DSA</exclude>
<exclude>META-INF/*.RSA</exclude>
</excludes>
</filter>
</filters>
</configuration>
This fixed the "Invalid signature file digest for Manifest main
attributes", however jgit could still not see the BC ciphers.
* The only way I was able to make it work was by linking to BC .jar at
runtime. I used this snippet in pom.xml, set JGIT_CLASSPATH, and did
Security.addProvider(new BouncyCastleProvider()) in main().
<dependency>
<groupId>org.bouncycastle</groupId>
<artifactId>bcprov-jdk16</artifactId>
<version>1.46</version>
<scope>provided</scope>
</dependency>
This is okay for now, but still an integrated build would be great that
supports BC out of the box.
James