directory-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Alex Karasulu" <akaras...@apache.org>
Subject Re: ApacheDS 1.5 Maven Build Error on AIX 5.3 with IBM JDK 1.5.0 64bit
Date Wed, 23 May 2007 19:05:52 GMT
Or for a shorter term work around could you either disable the tests that
cause this failure.  Or
perhaps just enable them as you did before to detect if the crypto
functionality is present and
if not bypass the test?  This might be a nice quick fix then we can take #4
as an option for the
long term?

Alex

On 5/23/07, Enrique Rodriguez <enriquer9@gmail.com> wrote:
>
> On 5/23/07, Alex Karasulu <akarasulu@apache.org> wrote:
> > Hmmm this may be an issue of some tests using SUN specific
> classes.  Enrique
> > what do you think?
>
> The IBM JRE's are notorious for not shipping with some widely used
> crypto.  Web services have the same problem.  This isn't an issue that
> "unlimited strength" policy will fix.
>
> We have a couple options I'll throw out there:
>
> 1)  We can require ApacheDS to build on certain VMs (just noting it as
> an option ...).
>
> 2)  We can require users of the IBM JRE to install a provider that
> does support CTS mode, RC4/ARCFOUR, and possibly something else,
> judging from the errors.  Installing a provider is easy; one line in a
> config file and a provider JAR in the right place.  I would write
> instructions for setting this up.
>
> Something like:
>
> $ cd /opt/ibm/java2-x86_64-50/jre/lib/ext
> $ wget http://www.bouncycastle.org/download/bcprov-jdk15-136.jar
> $ cd /opt/ibm/java2-x86_64-50/jre/lib/security
> $ vi java.security
>
> Add this line after the other providers, for example at position 6:
>
> security.provider.6=org.bouncycastle.jce.provider.BouncyCastleProvider
>
> 3)  I can rework the Kerberos tests to use a Maven 2 profile,
> something like -Dkerberos, like we do with integration and performance
> tests.  I can then group any tests using CTS mode, RC4/ARCFOUR,
> AES-256, etc., to run using this profile.
>
> 4)  I can modify the exception hierarchy to handle more missing cases.
> Likely this is limited to 2-3 classes, so might not be too big of a
> deal.  Similarly the tests would get updated.  The big issue here, for
> me, is getting the right dev & test environment setup.  If it's not
> the platform but just the IBM JRE then that's easy; I install an IBM
> JRE locally.
>
> I'm thinking out loud here; pretty much the answer is to handle this
> in the exception hierarchy (#4).  Timing could be later this week or
> early next.
>
> Will 'maven.test.skip' hold things over for a few days?  Or the
> provider install in #2?
>
> $ mvn -Dmaven.test.skip=true clean install
>
> Enrique
>
> Caused by: java.security.NoSuchAlgorithmException: Cipher mode: CTS not
> found
>         at com.ibm.crypto.provider.AESCipher.engineSetMode(Unknown Source)
>         at javax.crypto.Cipher$a_.a(Unknown Source)
>         ... 35 more
> java.security.NoSuchAlgorithmException: Cannot find any provider
> supporting AES/CTS/NoPadding
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message