On 24.09.2015 22:35, Patrick Bakker wrote: > Yeah, I had those as dependencies. Then there are further dependencies on 1 > or more bouncycastle (https://www.bouncycastle.org/java.html) libraries and > some XML security stuff which I think is http://santuario.apache.org/. The > XML security libraries have their own series of dependencies which is where > I decided to stop. >
Do you need support for exotic cryptography (des3_112[1],various[2]) and xml signatures in your OSGI bundle? I guess it's ok to skip those for most users. The reason for not referencing those dependency in our poms is of course the cascading heap of libraries, which you've mentioned. When I've implemented the encryption classes and adapted the xml signature stuff I've already tried to minimize the dependencies, but there's a point where you need to decide if you want to provide feature xy or simply omit it. With encryption it was quite easy to make bouncycastle optional, but with the xml signatures you only find some sun.misc classes which you might copy&paste and would end with a lot of copyright infringements, so I preferred to use the official libs ... Andi [1] org.apache.poi.poifs.crypt.CipherAlgorithm [2] org.apache.poi.poifs.crypt.HashAlgorithm --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
