On 3/22/07, David Jencks <[EMAIL PROTECTED]> wrote:
...
apacheds appears to use bouncycastle for some kerberos support. Some
of the classes they need are already in geronimo-util, but these are
missing so far:
org.bouncycastle.crypto.digests.SHA1Digest
org.bouncycastle.crypto.modes.CBCBlockCipher
org.bouncycastle.crypto.params.ParametersWithIV
org.bouncycastle.crypto.engines.DESEngine
org.bouncycastle.crypto.engines.DESedeEngine
org.bouncycastle.crypto.digests.MD4Digest
org.bouncycastle.crypto.params.DESParameters
org.bouncycastle.crypto.digests.MD5Digest
The use of these classes are left-over from when the Kerberos server
was first written on some old JDK version. I've had, in the back of
my mind, a clean-up project to entirely remove our use of BC ever
since we decided to go with JDK 1.5. Everything in this list is
supported in the JDK. I estimate I can remove the entire dep on BC in
one weekend. Definitely not this weekend (tomorrow) but we (ApacheDS)
could package this as an initiative along with moving to our own
improved-performance ASN.1 DER codecs.
As an added bonus there are some easy enhancements to Kerberos that I
want to add, that also could use JDK 1.5 JCE enhancements.
For now, help from Geronimo with the util jar sounds like a good way
to go if we need to address this for our impending release.
Enrique
