You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@santuario.apache.org by "jrihtarsic (via GitHub)" <gi...@apache.org> on 2024/03/22 10:48:54 UTC
[PR] [SANTUIARIO-614] Tests for the EC Brainpool key types [santuario-xml-security-java]
jrihtarsic opened a new pull request, #298:
URL: https://github.com/apache/santuario-xml-security-java/pull/298
The purpose of the contributions is to verify (and implement unit tests) for signing and encryption with the EC Brainpool key types.
For details see the PR #293 and [SANTUARIO-614](https://issues.apache.org/jira/browse/SANTUARIO-614)
The code is contributed on behalf of the European Commission’s edelivery project to support [eDelivery AS4 2.0 profile](https://ec.europa.eu/digital-building-blocks/sites/pages/viewpage.action?pageId=708412318).
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: dev-unsubscribe@santuario.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
Re: [PR] [SANTUIARIO-614] Tests for the EC Brainpool key types [santuario-xml-security-java]
Posted by "jrihtarsic (via GitHub)" <gi...@apache.org>.
jrihtarsic commented on PR #298:
URL: https://github.com/apache/santuario-xml-security-java/pull/298#issuecomment-2060774819
@coheigea, I am not sure if this helps, but I updated the instructions for generating certificates, now "the instruction" is using openssl because java/keytool doesn't support these EC key types anymore.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: dev-unsubscribe@santuario.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
Re: [PR] [SANTUIARIO-614] Tests for the EC Brainpool key types [santuario-xml-security-java]
Posted by "seanjmullan (via GitHub)" <gi...@apache.org>.
seanjmullan commented on code in PR #298:
URL: https://github.com/apache/santuario-xml-security-java/pull/298#discussion_r1589580667
##########
src/test/resources/org/apache/xml/security/samples/input/README.txt:
##########
Review Comment:
I think we should work towards a guideline where we don't accept any more binary files into the source tree, unless there is a very good reason. Binary files are difficult to review, don't fit well with source code repositories and for other reasons, should be discouraged. I have looked at the contents of the `ecbrainpool.p12` file and so I am ok with approving it this time. But for future tests, `keytool` can be used to create certificates and keystores, and supports most common extensions and you can use `ProcessBuilder` to execute it.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: dev-unsubscribe@santuario.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
Re: [PR] [SANTUIARIO-614] Tests for the EC Brainpool key types [santuario-xml-security-java]
Posted by "jrihtarsic (via GitHub)" <gi...@apache.org>.
jrihtarsic commented on PR #298:
URL: https://github.com/apache/santuario-xml-security-java/pull/298#issuecomment-2051892186
@coheigea The new tests are carried out using the identical "test pattern" employed for other key types". And these tests uses the certificates, not just the keys . Is there a particular reason why the keystore approach is not suitable Certificates using this type of key?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: dev-unsubscribe@santuario.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
Re: [PR] [SANTUARIO-614] Tests for the EC Brainpool key types [santuario-xml-security-java]
Posted by "jrihtarsic (via GitHub)" <gi...@apache.org>.
jrihtarsic commented on code in PR #298:
URL: https://github.com/apache/santuario-xml-security-java/pull/298#discussion_r1589920012
##########
src/test/resources/org/apache/xml/security/samples/input/README.txt:
##########
Review Comment:
I have addressed the ‘title comments’ above.
Regarding the keystore, I fully agree with the reasoning. Going forward, I will try to use keytool with "ProcessBuilder" to generate certificates before running tests in my future contributions. With the latest enhancements in JDK 17, keytool has become the best tool for this task.
However, testing certain features and certificates with non keytool supported key types with older JDKs using various JCPs may pose some challenges. But we will tackle that when there :)
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: dev-unsubscribe@santuario.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
Re: [PR] [SANTUARIO-614] Tests for the EC Brainpool key types [santuario-xml-security-java]
Posted by "coheigea (via GitHub)" <gi...@apache.org>.
coheigea merged PR #298:
URL: https://github.com/apache/santuario-xml-security-java/pull/298
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: dev-unsubscribe@santuario.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org