directory-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Enrique Rodriguez" <enriqu...@gmail.com>
Subject Re: ApacheDS 1.5 Maven Build Error on AIX 5.3 with IBM JDK 1.5.0 64bit
Date Wed, 23 May 2007 18:53:19 GMT
On 5/23/07, Alex Karasulu <akarasulu@apache.org> wrote:
> Hmmm this may be an issue of some tests using SUN specific classes.  Enrique
> what do you think?

The IBM JRE's are notorious for not shipping with some widely used
crypto.  Web services have the same problem.  This isn't an issue that
"unlimited strength" policy will fix.

We have a couple options I'll throw out there:

1)  We can require ApacheDS to build on certain VMs (just noting it as
an option ...).

2)  We can require users of the IBM JRE to install a provider that
does support CTS mode, RC4/ARCFOUR, and possibly something else,
judging from the errors.  Installing a provider is easy; one line in a
config file and a provider JAR in the right place.  I would write
instructions for setting this up.

Something like:

$ cd /opt/ibm/java2-x86_64-50/jre/lib/ext
$ wget http://www.bouncycastle.org/download/bcprov-jdk15-136.jar
$ cd /opt/ibm/java2-x86_64-50/jre/lib/security
$ vi java.security

Add this line after the other providers, for example at position 6:

security.provider.6=org.bouncycastle.jce.provider.BouncyCastleProvider

3)  I can rework the Kerberos tests to use a Maven 2 profile,
something like -Dkerberos, like we do with integration and performance
tests.  I can then group any tests using CTS mode, RC4/ARCFOUR,
AES-256, etc., to run using this profile.

4)  I can modify the exception hierarchy to handle more missing cases.
 Likely this is limited to 2-3 classes, so might not be too big of a
deal.  Similarly the tests would get updated.  The big issue here, for
me, is getting the right dev & test environment setup.  If it's not
the platform but just the IBM JRE then that's easy; I install an IBM
JRE locally.

I'm thinking out loud here; pretty much the answer is to handle this
in the exception hierarchy (#4).  Timing could be later this week or
early next.

Will 'maven.test.skip' hold things over for a few days?  Or the
provider install in #2?

$ mvn -Dmaven.test.skip=true clean install

Enrique

Caused by: java.security.NoSuchAlgorithmException: Cipher mode: CTS not found
        at com.ibm.crypto.provider.AESCipher.engineSetMode(Unknown Source)
        at javax.crypto.Cipher$a_.a(Unknown Source)
        ... 35 more
java.security.NoSuchAlgorithmException: Cannot find any provider
supporting AES/CTS/NoPadding

Mime
View raw message