Hi, when I've started to migrate the xml signature stuff [1], one of the goals was to minimize the library dependencies. At runtime it would need bouncycastle and an Oracle JDK. At compile time, I've hidden the dependencies via the HorribleProxy/ies classes. But now it's starting to look like real mess with that heap of wrapped bouncy castle classes and the fact, that I've also hidden those restricted api classes (under org.jcp.xml.dsig.internal.dom)
Would it be ok, to have bouncy castle as a compile time/junit dependency? (If someone would like to use that feature, they would need to have bc in the path of course ...) Same for the dsig classes - would it be ok to add a dependency to Apache Santuario instead? (... I haven't developed for Android, but I guess even with the help of Santuario it wouldn't work there [2] ...) but IBM JDK compatibility looks better there [3] Andi [1} https://svn.apache.org/repos/asf/poi/branches/xml_signature/src/ooxml/java/org/apache/poi/poifs/crypt/dsig/ [2] http://stackoverflow.com/questions/3347285/noclassdeffounderror-restricted-class-on-gae-j [3] https://issues.apache.org/jira/browse/SANTUARIO-125 --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
