You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@maven.apache.org by Valerio Schiavoni <va...@gmail.com> on 2006/11/06 16:07:13 UTC
webstart-plugin: signing takes soo long..
hello everyone,
i'm trying to get my way wiith the java-webstart plugin. i'm quite a newbie
with it, sorry if i post silly questions.
i followed the tutorials here:
http://mojo.codehaus.org/webstart-maven-plugin-parent/webstart-maven-plugin/howto.html
first, i tried without signing the jars, and i got the .zip files. My
application actually requires read permission on the local filesystem (its
main purpose is to upload pdf files to a remote web server). Then, i added
the signing related stuff to the pom,following an example found on some
mailing-list. I ended up with this:
<!-- SIGNING -->
<!-- defining this will automatically sign the jar and
its dependencies, if necessary -->
<sign>
<keystore>${basedir}/src/main/keystore/keystore</keystore>
<keypass>asdfghjk</keypass>
<storepass>qwertzui</storepass>
<alias>test</alias>
<validity>360</validity>
<verify>true</verify>
<dnameCn></dnameCn>
<dnameOu></dnameOu>
<dnameO></dnameO>
<dnameL></dnameL>
<dnameSt></dnameSt>
<dnameC></dnameC>
</sign>
<!-- KEYSTORE MANGEMENT -->
<keystore>
<delete>true</delete><!-- delete the keystore -->
<gen>true</gen><!-- optional shortcut to generate
the store. -->
</keystore>
so, when I do a mvn install webstart:jnlp the application simply got stuck
while (i guess) signing runtime dependencies. those are actually only these
ones:
<dependency>
<groupId>commons-fileupload</groupId>
<artifactId>commons-fileupload</artifactId>
<version>1.1.1</version>
</dependency>
<dependency>
<groupId>commons-codec</groupId>
<artifactId>commons-codec</artifactId>
<version>1.3</version>
</dependency>
<dependency>
<groupId>commons-httpclient</groupId>
<artifactId>commons-httpclient</artifactId>
<version>3.0.1</version>
</dependency>
<dependency>
<groupId>commons-lang</groupId>
<artifactId>commons-lang</artifactId>
<version>2.2</version>
</dependency>
<dependency>
<groupId>jmimemagic</groupId>
<artifactId>jmimemagic</artifactId>
<version>0.0.4a</version>
</dependency>
so, anyone has any idea on why it takes so long to sign them ? actually, i
don't even know if it ever finishes the whole process...
the only output i get is a countless list of :
[warn] [no]: Specificare nome e cognome
[warn] [Unknown]: Specificare il nome dell'unità aziendale
[warn] [Unknown]: Specificare il nome dell'azienda
[warn] [Unknown]: Specificare la località
[warn] [Unknown]: Specificare la provincia
[warn] [Unknown]: Specificare il codice a due lettere del paese in cui si
trova l'unità
[warn] [Unknown]: Il dato CN=Unknown, OU=Unknown, O=Unknown, L=Unknown,
ST=Unknown, C=Unknown è corretto?
apart from the language, i guess it is related to the dname elements within
the sign configuration.
help!
valerio
--
http://valerioschiavoni.blogspot.com
http://jroller.com/page/vschiavoni
Re: webstart-plugin: signing takes soo long..
Posted by Wayne Fay <wa...@gmail.com>.
Dirk is simply suggesting (I think) that you can/should check the
version and speed of your securerandom.source, and if signing jars
"takes too long" then you might need to look into a faster source.
There's not a lot the webstart plugin can do to improve the speed of
your random device.
If you don't really care about the security, you could probably find
one that runs very fast and is not terribly secure at all. So probably
your internal builds could use a very fast and not secure random
device, and then your external builds might use a truly random device
that's quite a bit slower.
Wayne
On 11/6/06, Valerio Schiavoni <va...@gmail.com> wrote:
> hello dirk, thanks for your reply,
>
> On 11/6/06, Dirk Olmes <di...@xanthippe.ping.de> wrote:
> >
> > In the end it turned out to be the random device that is configured by
> > default in the jdk. Take a look at
> > $JAVA_HOME/jre/lib/security/java.security where the random device is
> > configured.
>
>
> what should I check ? i'm on a linux machine, the default random device is
> accessed :
>
> securerandom.source=file:/dev/urandom
>
> what exactly should I check ?
>
> --
> http://valerioschiavoni.blogspot.com
> http://jroller.com/page/vschiavoni
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@maven.apache.org
For additional commands, e-mail: users-help@maven.apache.org
Re: webstart-plugin: signing takes soo long..
Posted by Dirk Olmes <di...@xanthippe.ping.de>.
Valerio Schiavoni wrote:
> hello dirk, thanks for your reply,
>
> On 11/6/06, Dirk Olmes <di...@xanthippe.ping.de> wrote:
>>
>> In the end it turned out to be the random device that is configured by
>> default in the jdk. Take a look at
>> $JAVA_HOME/jre/lib/security/java.security where the random device is
>> configured.
>
>
> what should I check ? i'm on a linux machine, the default random device is
> accessed :
>
> securerandom.source=file:/dev/urandom
>
> what exactly should I check ?
Ok, forget that. Quoting from the linux random man page:
> When read, the /dev/random device will only return random bytes
> within the estimated number of bits of noise in the entropy pool.
> /dev/random should be suitable for uses that need very high quality
> randomness such as one-time pad or key generation. When the entropy
> pool is empty, reads from /dev/random will block until additional
> environmental noise is gathered.
... so /dev/random is NOT what you want. This used to be the default for
older JDKs IIRC.
> A read from the /dev/urandom device will not block waiting for more
> entropy. As a result, if there is not sufficient entropy in the
> entropy pool, the returned values are theoretically vulnerable to a
> cryptographic attack on the algorithms used by the driver. Knowledge
> of how to do this is not available in the current non-classified
> literature, but it is theoretically possible that such an attack may
> exist. If this is a concern in your application, use /dev/random
> instead.
... obviously /dev/urandom is what you want and what's already configured.
-dirk
--
A: Maybe because some people are too annoyed by top-posting.
Q: Why do I not get an answer to my question(s)?
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@maven.apache.org
For additional commands, e-mail: users-help@maven.apache.org
Re: webstart-plugin: signing takes soo long..
Posted by Valerio Schiavoni <va...@gmail.com>.
hello dirk, thanks for your reply,
On 11/6/06, Dirk Olmes <di...@xanthippe.ping.de> wrote:
>
> In the end it turned out to be the random device that is configured by
> default in the jdk. Take a look at
> $JAVA_HOME/jre/lib/security/java.security where the random device is
> configured.
what should I check ? i'm on a linux machine, the default random device is
accessed :
securerandom.source=file:/dev/urandom
what exactly should I check ?
--
http://valerioschiavoni.blogspot.com
http://jroller.com/page/vschiavoni
Re: webstart-plugin: signing takes soo long..
Posted by Dirk Olmes <di...@xanthippe.ping.de>.
[...]
>
> so, anyone has any idea on why it takes so long to sign them ? actually, i
> don't even know if it ever finishes the whole process...
This may not be related to maven at all but I ran into slow signing when
I built my project on the server. On my workstation the signing of jars
was reasonably fast but on the server it took ages.
In the end it turned out to be the random device that is configured by
default in the jdk. Take a look at
$JAVA_HOME/jre/lib/security/java.security where the random device is
configured.
-dirk
--
A: Maybe because some people are too annoyed by top-posting.
Q: Why do I not get an answer to my question(s)?
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@maven.apache.org
For additional commands, e-mail: users-help@maven.apache.org
Réf. : Re: webstart-plugin: signing takes soo long..
Posted by vi...@bnpparibas.com.
Unfortunately not...these values were already set.
thanks you anyway.
I've found a workaround : I launch a CruiseControl instance on the same
station, and the fact to have maven running speeds up the
signing......weird.
regards.
Extranet
valerio.schiavoni@gmail.com
07/11/2006 15:17
Veuillez répondre à
users@maven.apache.org
Pour
users
cc
Objet
Re: webstart-plugin: signing takes soo long..
On 11/6/06, Valerio Schiavoni <va...@gmail.com> wrote:
>
>
> <dnameCn></dnameCn>
> <dnameOu></dnameOu>
> <dnameO></dnameO>
> <dnameL></dnameL>
> <dnameSt></dnameSt>
> <dnameC></dnameC>
i found out that specifiying appropriate values for the above elements,
the
signing process goes on just fine...is this intended ?
--
http://valerioschiavoni.blogspot.com
http://jroller.com/page/vschiavoni
This message and any attachments (the "message") is
intended solely for the addressees and is confidential.
If you receive this message in error, please delete it and
immediately notify the sender. Any use not in accord with
its purpose, any dissemination or disclosure, either whole
or partial, is prohibited except formal approval. The internet
can not guarantee the integrity of this message.
BNP PARIBAS (and its subsidiaries) shall (will) not
therefore be liable for the message if modified.
---------------------------------------------
Ce message et toutes les pieces jointes (ci-apres le
"message") sont etablis a l'intention exclusive de ses
destinataires et sont confidentiels. Si vous recevez ce
message par erreur, merci de le detruire et d'en avertir
immediatement l'expediteur. Toute utilisation de ce
message non conforme a sa destination, toute diffusion
ou toute publication, totale ou partielle, est interdite, sauf
autorisation expresse. L'internet ne permettant pas
d'assurer l'integrite de ce message, BNP PARIBAS (et ses
filiales) decline(nt) toute responsabilite au titre de ce
message, dans l'hypothese ou il aurait ete modifie.
Re: webstart-plugin: signing takes soo long..
Posted by Valerio Schiavoni <va...@gmail.com>.
On 11/6/06, Valerio Schiavoni <va...@gmail.com> wrote:
>
>
> <dnameCn></dnameCn>
> <dnameOu></dnameOu>
> <dnameO></dnameO>
> <dnameL></dnameL>
> <dnameSt></dnameSt>
> <dnameC></dnameC>
i found out that specifiying appropriate values for the above elements, the
signing process goes on just fine...is this intended ?
--
http://valerioschiavoni.blogspot.com
http://jroller.com/page/vschiavoni