It looks fine to me. Colm.
On Fri, Jul 25, 2014 at 11:48 AM, Alessio Soldano <[email protected]> wrote: > Hi Colm, > I've came up with a proposal, please see https://issues.apache.org/ > jira/browse/WSS-507 and https://issues.apache.org/jira/browse/CXF-5905 . > The CXF side of the proposal patch is still to be finished, but it should > give an idea of the approach. > Please let me know what you think. > Thanks > Alessio > > On 23/07/14 12:49, Colm O hEigeartaigh wrote: > >> Hi Alessio, >> >> I'm open to the idea of passing the BouncyCastle Provider Object to the >> various classes in WSS4J etc rather than installing it as a global >> provider, IF it can be done without large code changes. Ultimately, CXF >> does not ship with BouncyCastle installed by default, and you can use GCM >> algorithms by upgrading to Java 8 as Sergey said, and so most users will >> not have to install/use BouncyCastle. >> >> Colm. >> >> >> On Wed, Jul 23, 2014 at 10:44 AM, Alessio Soldano <[email protected]> >> wrote: >> >> Hi, >>> I've been asked whether it's possible to avoid having BC installed as a >>> global security provider when using Apache CXF. I'm of course aware that >>> WSS4J installs it on behalf of CXF for supporting e.g. GCM algorithms, >>> which is not an option. However the question is still reasonable; >>> assuming >>> the CXF stack is not the only framework running in the JVM, other >>> frameworks are going to be affected by that. They might or might not want >>> BC installed (for instance, just an example, because of [1]). They might >>> prefer different providers for a given set of algorithm requirements. >>> Ultimately, it should be up to the user to decide which providers are set >>> as global security provider, application should either rely on the >>> installed global providers without touching them, or explicitly use what >>> they want. >>> So I'm wondering if there's a way we could modify CXF/WSS4J/Santuario for >>> using BC (or whatever we want to use ;-) ) e.g. when needing GCM without >>> installing it as a global provider. Something around e.g. getting ciphers >>> through the javax.crypto.Cipher#getInstance(String transformation, >>> Provider provider) method instead of the javax.crypto.Cipher# >>> getInstance(String >>> transformation) after having loaded the provider without installing it >>> globally, etc. >>> Any thought / idea? >>> Thanks >>> Alessio >>> >>> [1] http://bouncycastle.org/jira/browse/BJA-19 / >>> https://issues.apache.org/jira/browse/HARMONY-3789, BouncyCastle DH >>> KeyPairGenerator algorithm can hang / eat lots of CPU >>> >>> -- >>> Alessio Soldano >>> Web Service Lead, JBoss >>> >>> >>> >> > > -- > Alessio Soldano > Web Service Lead, JBoss > > -- Colm O hEigeartaigh Talend Community Coder http://coders.talend.com
