If I were to create a patch to fix this, what is the process, and is that
worthwhile?
On Wed, Mar 31, 2010 at 11:59 PM, eric fu <ericfu...@gmail.com> wrote:
> Hi,
>
> I checked out a latest copy for xml security Java from svn trunk(1.4.3).
> But ant test showed a few failures and it took me quite some time to figure
> them out.
>
> Here are a summary of issues I identified:
>
> 1. dependency on Sun JVM. javax.xml.crypto.test.KeySelectors use two
> internal classes: sun.security.x509.X500Name and sun.security.util.DerValue.
> The former can be replaced by public X500Principal, but there is no easy
> replacement for the latter. Ideally, these tests should run with other JVMs,
> such as IBM.
>
> 2. dependency on JVM version. There are quite a few tests relying on
> providers for certain algorithms, such as AES 256. As XML security claims to
> support Java 1.4.2, some high security may not be available, such as SHA256.
> Or they are not turned on by default, such as AES 256(for Sun Java5, you
> have to manually download *Unlimited Strength Jurisdiction Policy*). I
> would suggest to check if desired algorithms are available or not before
> running these tests. If not, tests may be skipped.
>
> 3. dependency on system properties. Some test setup will read system
> properties( mainly look for xml files and others in data sub-directory).
> This will make running individual test in IDE hard. It would be better to
> remove dependency on environment. One way is to replace
> System.getProperty("basedir") with Class.getResource(), or the like in a
> helper class/method.
>
> With the issues above, now I can only run tests successfully in Sun Java 5
> with downloaded policy plus command window. I have not tried to make them
> run with other versions yet.
> What is your opinion?
>
> Eric
>
