You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@santuario.apache.org by bu...@apache.org on 2007/03/19 18:10:06 UTC
DO NOT REPLY [Bug 41892] New: - XML Security 1.4.0 does not build with IBM's JDK
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG�
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=41892>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND�
INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=41892
Summary: XML Security 1.4.0 does not build with IBM's JDK
Product: Security
Version: unspecified
Platform: PC
OS/Version: Linux
Status: NEW
Severity: normal
Priority: P2
Component: Signature
AssignedTo: security-dev@xml.apache.org
ReportedBy: derekmorr@psu.edu
xmlsec 1.4.0 fails to build with IBM's 1.5 JDK because it uses Sun internal
classes. Specifically, org.apache.xml.security.keys.content.x509.XMLX509SKI uses
sun.security.util.DerValue, which is a non-public class.
$JAVA_HOME/bin/java -version
java version "1.5.0"
Java(TM) 2 Runtime Environment, Standard Edition (build pxi32dev-20061002a (SR3) )
IBM J9 VM (build 2.3, J2RE 1.5.0 IBM J9 2.3 Linux x86-32 j9vmxi3223-20061001
(JIT enabled)
J9VM - 20060915_08260_lHdSMR
JIT - 20060908_1811_r8
GC - 20060906_AA)
JCL - 20061002
build.src:
[javac] Compiling 252 source files to
/home/dvm105/xml-security-1_4_0/build/classes
[javac]
/home/dvm105/xml-security-1_4_0/src/org/apache/xml/security/keys/content/x509/XMLX509SKI.java:33:
cannot find symbol
[javac] symbol : class DerValue
[javac] location: package sun.security.util
[javac] import sun.security.util.DerValue;
[javac] ^
[javac]
/home/dvm105/xml-security-1_4_0/src/org/apache/xml/security/keys/content/x509/XMLX509SKI.java:142:
cannot find symbol
[javac] symbol : class DerValue
[javac] location: class org.apache.xml.security.keys.content.x509.XMLX509SKI
[javac] DerValue dervalue = new DerValue(derEncodedValue);
[javac] ^
[javac]
/home/dvm105/xml-security-1_4_0/src/org/apache/xml/security/keys/content/x509/XMLX509SKI.java:142:
cannot find symbol
[javac] symbol : class DerValue
[javac] location: class org.apache.xml.security.keys.content.x509.XMLX509SKI
[javac] DerValue dervalue = new DerValue(derEncodedValue);
[javac] ^
[javac]
/home/dvm105/xml-security-1_4_0/src/org/apache/xml/security/keys/content/x509/XMLX509SKI.java:146:
cannot find symbol
[javac] symbol : variable DerValue
[javac] location: class org.apache.xml.security.keys.content.x509.XMLX509SKI
[javac] if (dervalue.tag != DerValue.tag_OctetString) {
[javac] ^
[javac] 4 errors
--
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
DO NOT REPLY [Bug 41892] - XML Security 1.4.0 does not build with IBM's JDK
Posted by bu...@apache.org.
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG�
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=41892>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND�
INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=41892
------- Additional Comments From derekmorr@psu.edu 2007-03-19 15:23 -------
Created an attachment (id=19748)
--> (http://issues.apache.org/bugzilla/attachment.cgi?id=19748&action=view)
Proposed patch to use reflection to load Sun internal classes
--
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
DO NOT REPLY [Bug 41892] - XML Security 1.4.0 does not build with IBM's JDK
Posted by bu...@apache.org.
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG�
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=41892>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND�
INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=41892
------- Additional Comments From julien.pasquier@wanadoo.fr 2007-03-19 11:10 -------
No, the ASN.1 BC implementation can be used independently of the BC JCE
provider.
But I understand that Raul does not want to use BC for that.
Write an "hack" DER encoding class just to get the info seems to be the better
solution.
--
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
DO NOT REPLY [Bug 41892] - XML Security 1.4.0 does not build with IBM's JDK
Posted by bu...@apache.org.
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG�
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=41892>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND�
INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=41892
------- Additional Comments From julien.pasquier@wanadoo.fr 2007-03-19 10:38 -------
The BouncyCastle implementation of ASN.1 may be used to fix this problem.
--
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
DO NOT REPLY [Bug 41892] - XML Security 1.4.0 does not build with IBM's JDK
Posted by bu...@apache.org.
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG�
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=41892>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND�
INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=41892
------- Additional Comments From raul-info@r-bg.com 2007-03-19 10:56 -------
You are right, we have a dependency with sun private implementations.
This code is really old, so I suppose that 1.2 & 1.3 so have also problems being
compiled under ibm jdk.
But I don't know if i like to make xmlsec depends on bouncy castle. Perhaps we
should do small hack der decoding class, just to get the info needed.
Opinions?
--
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
DO NOT REPLY [Bug 41892] - XML Security 1.4.0 does not build with IBM's JDK
Posted by bu...@apache.org.
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG�
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=41892>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND�
INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=41892
raul-info@r-bg.com changed:
What |Removed |Added
----------------------------------------------------------------------------
OtherBugsDependingO| |41801
nThis| |
--
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
DO NOT REPLY [Bug 41892] - XML Security 1.4.0 does not build with IBM's JDK
Posted by bu...@apache.org.
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG�
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=41892>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND�
INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=41892
------- Additional Comments From cantor.2@osu.edu 2007-03-19 11:01 -------
If the choice is using BC or Sun's code, that's an obvious choice, so short
term, I think the fix is pretty simple.
Does using BC for this purpose assume you're using it as the JCE anyway?
--
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
DO NOT REPLY [Bug 41892] - XML Security 1.4.0 does not build with IBM's JDK
Posted by bu...@apache.org.
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG�
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=41892>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND�
INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=41892
------- Additional Comments From sean.mullan@sun.com 2007-04-02 13:46 -------
(In reply to comment #4)
> No, the ASN.1 BC implementation can be used independently of the BC JCE
> provider.
>
> But I understand that Raul does not want to use BC for that.
> Write an "hack" DER encoding class just to get the info seems to be the better
> solution.
I would prefer that, as it would eliminate a dependency on both the Sun and
BouncyCastle classes.
I think it may be as simple as stripping the first 4 bytes of the cert's
extension value, which are the tag and length bytes of the extension value
OCTET STRING and then the tag and length bytes of the SKID OCTET STRING ...
I'll test it out and see if it works.
--
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
DO NOT REPLY [Bug 41892] - XML Security 1.4.0 does not build with IBM's JDK
Posted by bu...@apache.org.
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG�
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=41892>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND�
INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=41892
------- Additional Comments From derekmorr@psu.edu 2007-03-19 11:45 -------
(In reply to comment #1)
> The BouncyCastle implementation of ASN.1 may be used to fix this problem.
It looks like the code is trying to do that now (see lines 156-185). It looks
like it tries the Sun internal class, and then falls back to BC (via reflection)
if needed. We could change the file to use reflection to try loading Sun's class.
--
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
DO NOT REPLY [Bug 41892] - XML Security 1.4.0 does not build with IBM's JDK
Posted by bu...@apache.org.
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG�
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=41892>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND�
INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=41892
sean.mullan@sun.com changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|RESOLVED |CLOSED
------- Additional Comments From sean.mullan@sun.com 2007-09-19 12:33 -------
Closing old bugs. Fixed in 1.4.1
--
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
DO NOT REPLY [Bug 41892] - XML Security 1.4.0 does not build with IBM's JDK
Posted by bu...@apache.org.
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG�
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=41892>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND�
INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=41892
sean.mullan@sun.com changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
Resolution| |FIXED
------- Additional Comments From sean.mullan@sun.com 2007-04-05 09:37 -------
I have fixed this by simply stripping the leading ASN.1 tag and length bytes
from the encoded extension value and subject key identifier bytes. I have
also removed all the code that depends on Sun internal or BouncyCastle APIs.
I have added a new unit test case but please test it to make sure it
still works as expected.
--
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.