geronimo-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Enrique Rodriguez" <>
Subject Re: BouncyCastle and apache ds
Date Thu, 22 Mar 2007 19:38:15 GMT
On 3/22/07, David Jencks <> wrote:
> ...
> apacheds appears to use bouncycastle for some kerberos support.  Some
> of the classes they need are already in geronimo-util, but these are
> missing so far:
> org.bouncycastle.crypto.digests.SHA1Digest
> org.bouncycastle.crypto.modes.CBCBlockCipher
> org.bouncycastle.crypto.params.ParametersWithIV
> org.bouncycastle.crypto.engines.DESEngine
> org.bouncycastle.crypto.engines.DESedeEngine
> org.bouncycastle.crypto.digests.MD4Digest
> org.bouncycastle.crypto.params.DESParameters
> org.bouncycastle.crypto.digests.MD5Digest

The use of these classes are left-over from when the Kerberos server
was first written on some old JDK version.  I've had, in the back of
my mind, a clean-up project to entirely remove our use of BC ever
since we decided to go with JDK 1.5.  Everything in this list is
supported in the JDK.  I estimate I can remove the entire dep on BC in
one weekend.  Definitely not this weekend (tomorrow) but we (ApacheDS)
could package this as an initiative along with moving to our own
improved-performance ASN.1 DER codecs.

As an added bonus there are some easy enhancements to Kerberos that I
want to add, that also could use JDK 1.5 JCE enhancements.

For now, help from Geronimo with the util jar sounds like a good way
to go if we need to address this for our impending release.


View raw message