directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From David Jencks <>
Subject Re: BouncyCastle and apache ds
Date Thu, 22 Mar 2007 20:59:54 GMT
Getting improved code would be great :-)
Meanwhile Rick added the classes to geronimo 2.0 (GERONIMO-3004, rev  
521413, I deployed a snapshot, and attached a patch to DIRSERVER-877  
that uses geronimo-util: all the integration tests pass.

The only problem I can see is that geronimo-util is a snapshot at the  

I see 2 choices:
- we are hoping to release 1.2 soon, we're just waiting on a couple  
other releases.  We might be able to add this to g. 1.2
- at the end of  the month we expect to put out 2.0-M4.

What next?  Should I commit this while we figure out what to do next?

david jencks
On Mar 22, 2007, at 3:38 PM, Enrique Rodriguez wrote:

> On 3/22/07, David Jencks <> wrote:
>> ...
>> apacheds appears to use bouncycastle for some kerberos support.  Some
>> of the classes they need are already in geronimo-util, but these are
>> missing so far:
>> org.bouncycastle.crypto.digests.SHA1Digest
>> org.bouncycastle.crypto.modes.CBCBlockCipher
>> org.bouncycastle.crypto.params.ParametersWithIV
>> org.bouncycastle.crypto.engines.DESEngine
>> org.bouncycastle.crypto.engines.DESedeEngine
>> org.bouncycastle.crypto.digests.MD4Digest
>> org.bouncycastle.crypto.params.DESParameters
>> org.bouncycastle.crypto.digests.MD5Digest
> The use of these classes are left-over from when the Kerberos server
> was first written on some old JDK version.  I've had, in the back of
> my mind, a clean-up project to entirely remove our use of BC ever
> since we decided to go with JDK 1.5.  Everything in this list is
> supported in the JDK.  I estimate I can remove the entire dep on BC in
> one weekend.  Definitely not this weekend (tomorrow) but we (ApacheDS)
> could package this as an initiative along with moving to our own
> improved-performance ASN.1 DER codecs.
> As an added bonus there are some easy enhancements to Kerberos that I
> want to add, that also could use JDK 1.5 JCE enhancements.
> For now, help from Geronimo with the util jar sounds like a good way
> to go if we need to address this for our impending release.
> Enrique

View raw message