I think there is a signature verification problem when using bouncy castle
provider.You can find the details of the past problem in the link[1].(got
this problem 3 years ago)
I started the conversation with BC developers and they're not going to
implement token binding extension by them self in near future.The new
extension, they added on user request was a small one and they already
had implemented it but commented out for some reason.Details about that
extension are in this link[2].But they are okay with sending PR for token
binding implementation.If it is merged then we can reach java community
easily.More details about the conversation can be found at this link[3].
When I talked to BC providers they mentioned about an extension API which
can be used to add a new extension in the handshake.I did some digging into
that and it seems is possible to create a token binding extension and have
to put that into that API.Rest of the negotiations will be done by that
API.So currently I am in the process of developing an extension that could
fit into that API.
Reference:
[1]Bouncy castle issue mail thread
<http://wso2-oxygen-tank.10903.n7.nabble.com/Error-bcprov-jdk15on-1-49-0-wso2v1-jar-has-unsigned-entries-org-bouncycastle-LICENSE-class-td103606.html>
[2]https://github.com/bcgit/bc-java/issues/234
[3]https://github.com/bcgit/bc-java/issues/250
On Fri, Nov 10, 2017 at 8:34 AM, KasunG Gajasinghe <[email protected]> wrote:
> Hi Indra,
>
> Can you find out exactly what issues we faced before? I'm assuming it has
> something to do with jar signing.
>
> The work we are doing is not specific to wso2 but applies to entire Java
> community and bouncycastle users. So, our end goal should be get this
> merged into bouncycastle project.
>
> Please start a dialogue with BC developers asap. They are on GitHub now I
> suppose.
>
> Bouncycastle just added a new tls extension last month, and the community
> quite active.
>
> @Prabath, please share your thoughts.
>
> Thanks,
> KasunG
>
> On Thu, Nov 9, 2017 at 2:10 PM Inthirakumaaran Tharmakulasingham <
> [email protected]> wrote:
>
>> Hi,
>> I am trying to create a Token binding library for TLS layer.One option
>> for this to extend BCJSSE and write the implementations on top of it.But in
>> the past, there have been some issues in making changes in Bouncy
>> Castle.How can I proceed with this?OR any better way to write the library?
>>
>> Basically, our intention is to make a token binding library so that
>> anyone can create HTTP client which can support token binding.Thus we hope
>> to send a PR to BC after completing the implementation.
>>
>>
>> --
>> Inthirakumaaran
>> Software Engineering - Intern | WSO2
>>
>> Email: [email protected]
>> Mobile:0766598050
>>
>> --
>
> *Kasun Gajasinghe*Associate Technical Lead, WSO2 Inc.
> email: kasung AT spamfree wso2.com
> linked-in: http://lk.linkedin.com/in/gajasinghe
> blog: http://kasunbg.org
> phone: +1 650-745-4499 <(650)%20745-4499>, 77 678 0813
>
>
--
Inthirakumaaran
Software Engineering - Intern | WSO2
Email: [email protected]
Mobile:0766598050
_______________________________________________
Dev mailing list
[email protected]
http://wso2.org/cgi-bin/mailman/listinfo/dev
