[GitHub] merlimat commented on issue #839: Specify rsa transform, aes & tag length
merlimat commented on issue #839: Specify rsa transform, aes & tag length URL: https://github.com/apache/incubator-pulsar/pull/839#issuecomment-337991632 > This is because our build env does not have the JCE Unlimited Strength Jurisdiction Policy files. http://www.oracle.com/technetwork/java/javase/downloads/jce8-download-2133166.html. I'll dig further to see if we can install them in our environment. We should have it working out of the box with standard JDK and allow the better encryption if available. This is an automated message from the Apache Git Service. To respond to the message, please log on GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org With regards, Apache Git Services
[GitHub] saandrews commented on issue #839: Specify rsa transform, aes & tag length
saandrews commented on issue #839: Specify rsa transform, aes & tag length
URL: https://github.com/apache/incubator-pulsar/pull/839#issuecomment-338003748
I see your point. But, if we do not enforce, a producer produced using 256
bit AES key and if consumer host does not have the unlimited policy files
installed, it will fail to decrypt. This is true for RSA/ECDSA keys as well.
I'm considering the following change to address this:
```
int aesKeyLength = javax.crypto.Cipher.getMaxAllowedKeyLength("AES");
if (aesKeyLength <= 128) {
log.warn(
"{} JCE Cryptographic strength is limited to {}. Consider
installing JCE Unlimited Strength Jurisdiction Policy Files.",
logCtx, aesKeyLength);
keyGenerator.init(aesKeyLength, secureRandom);
} else {
keyGenerator.init(256, secureRandom);
}
```
This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
With regards,
Apache Git Services
[GitHub] saandrews commented on issue #839: Specify rsa transform, aes & tag length
saandrews commented on issue #839: Specify rsa transform, aes & tag length URL: https://github.com/apache/incubator-pulsar/pull/839#issuecomment-337990856 This is because our build env does not have the JCE Unlimited Strength Jurisdiction Policy files. http://www.oracle.com/technetwork/java/javase/downloads/jce8-download-2133166.html. I'll dig further to see if we can install them in our environment. This is an automated message from the Apache Git Service. To respond to the message, please log on GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org With regards, Apache Git Services
[GitHub] saandrews commented on issue #839: Specify rsa transform, aes & tag length
saandrews commented on issue #839: Specify rsa transform, aes & tag length
URL: https://github.com/apache/incubator-pulsar/pull/839#issuecomment-338003748
I see your point. But, if we do not enforce, a producer produced using 256
bit AES key and if consumer host does not have the unlimited policy files
installed, it will fail to decrypt. This is true for RSA/ECDSA keys as well.
I'm considering the following change to address this:
int aesKeyLength =
javax.crypto.Cipher.getMaxAllowedKeyLength("AES");
if (aesKeyLength <= 128) {
log.warn(
"{} JCE Cryptographic strength is limited to {}.
Consider installing JCE Unlimited Strength Jurisdiction Policy Files.",
logCtx, aesKeyLength);
keyGenerator.init(aesKeyLength, secureRandom);
} else {
keyGenerator.init(256, secureRandom);
}
This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
With regards,
Apache Git Services
[GitHub] merlimat opened a new pull request #842: Add PulsarClientImpl.getNumberOfPartitions() to avoid exposing PartitionedTopicMetadata
merlimat opened a new pull request #842: Add PulsarClientImpl.getNumberOfPartitions() to avoid exposing PartitionedTopicMetadata URL: https://github.com/apache/incubator-pulsar/pull/842 ### Motivation The `PartitionedTopicMetadata` will be shaded if the pulsar-client library itself it's shaded, so we cannot really use it (for example in Kafka wrapper we need to know the number of partitions). By returning just the partitions number, we avoid the shading problem. This is an automated message from the Apache Git Service. To respond to the message, please log on GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org With regards, Apache Git Services
[GitHub] saandrews commented on issue #839: Specify rsa transform, aes & tag length
saandrews commented on issue #839: Specify rsa transform, aes & tag length
URL: https://github.com/apache/incubator-pulsar/pull/839#issuecomment-338003748
I see your point. But, if we do not enforce, a producer produced using 256
bit AES key and if consumer host does not have the unlimited policy files
installed, it will fail to decrypt. This is true for RSA/ECDSA keys as well.
I'm considering the following change to address this:
```
int aesKeyLength =
javax.crypto.Cipher.getMaxAllowedKeyLength("AES");
if (aesKeyLength <= 128) {
log.warn(
"{} JCE Cryptographic strength is limited to {}.
Consider installing JCE Unlimited Strength Jurisdiction Policy Files.",
logCtx, aesKeyLength);
keyGenerator.init(aesKeyLength, secureRandom);
} else {
keyGenerator.init(256, secureRandom);
}
```
This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
With regards,
Apache Git Services
[GitHub] awilliams commented on issue #813: Global and local zookeeper should use different stats server ports
awilliams commented on issue #813: Global and local zookeeper should use
different stats server ports
URL:
https://github.com/apache/incubator-pulsar/issues/813#issuecomment-338050464
I worked around this by updating `conf/pulsar_env.sh`, changing where
`PULSAR_EXTRA_OPTS` is overwritten. I then launch global zookeeper with the
following env variable set:
```shell
PULSAR_EXTRA_OPTS="-Dstats_server_port=8081"
```
Modified line
([original](https://github.com/apache/incubator-pulsar/blob/539c8182037fe540433eeb4e7072e4bf2b3eae04/conf/pulsar_env.sh#L51)):
```
PULSAR_EXTRA_OPTS="${PULSAR_EXTRA_OPTS} ${PULSAR_MEM} ${PULSAR_GC}
-Dio.netty.leakDetectionLevel=disabled -Dio.netty.recycler.linkCapacity=1024"
```
This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
With regards,
Apache Git Services
[GitHub] hrsakai opened a new pull request #843: Fixed PulsarClientToolTest.testInitialzation
hrsakai opened a new pull request #843: Fixed PulsarClientToolTest.testInitialzation URL: https://github.com/apache/incubator-pulsar/pull/843 ### Motivation Fixed https://github.com/apache/incubator-pulsar/issues/651 It seems that producer start sending messages even though subscription has not been created yet. ### Modifications Wait for subscription to be created on the topic. This is an automated message from the Apache Git Service. To respond to the message, please log on GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org With regards, Apache Git Services
[GitHub] saandrews commented on issue #839: Specify rsa transform, aes & tag length
saandrews commented on issue #839: Specify rsa transform, aes & tag length URL: https://github.com/apache/incubator-pulsar/pull/839#issuecomment-338057631 retest this please This is an automated message from the Apache Git Service. To respond to the message, please log on GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org With regards, Apache Git Services
[GitHub] saandrews commented on issue #839: Specify rsa transform, aes & tag length
saandrews commented on issue #839: Specify rsa transform, aes & tag length URL: https://github.com/apache/incubator-pulsar/pull/839#issuecomment-338085648 retest this please This is an automated message from the Apache Git Service. To respond to the message, please log on GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org With regards, Apache Git Services
[GitHub] massakam commented on issue #836: In C++ partitioned consumer, do not append partition index in subscription name
massakam commented on issue #836: In C++ partitioned consumer, do not append partition index in subscription name URL: https://github.com/apache/incubator-pulsar/pull/836#issuecomment-338071190 retest this please This is an automated message from the Apache Git Service. To respond to the message, please log on GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org With regards, Apache Git Services
