[jira] Created: (JETTY-396) Default configuration of Jetty disables most cryptographic functions

classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

[jira] Created: (JETTY-396) Default configuration of Jetty disables most cryptographic functions

JIRA jira@codehaus.org
Default configuration of Jetty disables most cryptographic functions
--------------------------------------------------------------------

                 Key: JETTY-396
                 URL: http://jira.codehaus.org/browse/JETTY-396
             Project: Jetty
          Issue Type: Bug
          Components: Security and SSL
    Affects Versions: 6.1.4
         Environment: All known environments.
            Reporter: Jason Proctor


The default configuration environment of Jetty prohibits the operation of most cryptographic operations. In the originator of this report's experience, most normally available operations, including attempts to instantiate ciphers provided by the default JCE environment, result in "algorithm not found" or "method not supported" exceptions. However, DSA-based signature generation and verification seem to work.

The exact same code functions unimpeded under Orion and other application server environments, and in standalone applications.



--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://jira.codehaus.org/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira

       

-------------------------------------------------------------------------
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/
_______________________________________________
jetty-discuss mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/jetty-discuss
Reply | Threaded
Open this post in threaded view
|

[jira] Commented: (JETTY-396) Default configuration of Jetty disables most cryptographic functions

JIRA jira@codehaus.org

    [ http://jira.codehaus.org/browse/JETTY-396?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_102672 ]

Jan Bartel commented on JETTY-396:
----------------------------------

Jason,

Cutting and pasting the line you emailed to the jetty lists into the HelloWorld servlet of the jetty test webapp is working fine.

The line you posted before was:
    try
   {
        javax.crypto.SecretKeyFactory skf = javax.crypto.SecretKeyFactory.getInstance ("PBEWithMD5AndDES", "SunJCE");
        System.err.println("Provider="+skf.getAlgorithm());
  }
  catch (Exception e)
  {e.printStackTrace();}

My test environment was jdk1.5_09 on ubuntu linux.

I suspect that you may have some conflicting jars on the classpath, either inside your webapp or in jetty/lib?

regards
Jan


> Default configuration of Jetty disables most cryptographic functions
> --------------------------------------------------------------------
>
>                 Key: JETTY-396
>                 URL: http://jira.codehaus.org/browse/JETTY-396
>             Project: Jetty
>          Issue Type: Bug
>          Components: Security and SSL
>    Affects Versions: 6.1.4
>         Environment: All known environments.
>            Reporter: Jason Proctor
>
> The default configuration environment of Jetty prohibits the operation of most cryptographic operations. In the originator of this report's experience, most normally available operations, including attempts to instantiate ciphers provided by the default JCE environment, result in "algorithm not found" or "method not supported" exceptions. However, DSA-based signature generation and verification seem to work.
> The exact same code functions unimpeded under Orion and other application server environments, and in standalone applications.

--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://jira.codehaus.org/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira

       

-------------------------------------------------------------------------
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/
_______________________________________________
jetty-discuss mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/jetty-discuss
Reply | Threaded
Open this post in threaded view
|

Re: [jira] Commented: (JETTY-396) Default configuration of Jetty disables most cryptographic functions

Jason Proctor
Jan, thanks for the response.

i did indeed have a conflicting jar file in the classpath - but there
was no way i would have worked that out from the error messages.

problem solved. do i mark this one as "not a bug" or does someone else do that?

thanks again
j


>     [
>http://jira.codehaus.org/browse/JETTY-396?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_102672 
>]
>
>Jan Bartel commented on JETTY-396:
>----------------------------------
>
>Jason,
>
>Cutting and pasting the line you emailed to the jetty lists into the
>HelloWorld servlet of the jetty test webapp is working fine.
>
>The line you posted before was:
>     try
>    {
>         javax.crypto.SecretKeyFactory skf =
>javax.crypto.SecretKeyFactory.getInstance ("PBEWithMD5AndDES",
>"SunJCE");
>         System.err.println("Provider="+skf.getAlgorithm());
>   }
>   catch (Exception e)
>   {e.printStackTrace();}
>
>My test environment was jdk1.5_09 on ubuntu linux.
>
>I suspect that you may have some conflicting jars on the classpath,
>either inside your webapp or in jetty/lib?
>
>regards
>Jan
>
>
>>  Default configuration of Jetty disables most cryptographic functions
>>  --------------------------------------------------------------------
>>
>>                  Key: JETTY-396
>>                  URL: http://jira.codehaus.org/browse/JETTY-396
>>              Project: Jetty
>>           Issue Type: Bug
>>           Components: Security and SSL
>>     Affects Versions: 6.1.4
>>          Environment: All known environments.
>>             Reporter: Jason Proctor
>>
>>  The default configuration environment of Jetty prohibits the
>>operation of most cryptographic operations. In the originator of
>>this report's experience, most normally available operations,
>>including attempts to instantiate ciphers provided by the default
>>JCE environment, result in "algorithm not found" or "method not
>>supported" exceptions. However, DSA-based signature generation and
>>verification seem to work.
>>  The exact same code functions unimpeded under Orion and other
>>application server environments, and in standalone applications.
>
>--
>This message is automatically generated by JIRA.
>-
>If you think it was sent incorrectly contact one of the
>administrators: http://jira.codehaus.org/secure/Administrators.jspa
>-
>For more information on JIRA, see: http://www.atlassian.com/software/jira
>
>


-------------------------------------------------------------------------
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2005.
http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
_______________________________________________
jetty-discuss mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/jetty-discuss
Reply | Threaded
Open this post in threaded view
|

[jira] Closed: (JETTY-396) Default configuration of Jetty disables most cryptographic functions

JIRA jira@codehaus.org
In reply to this post by JIRA jira@codehaus.org

     [ http://jira.codehaus.org/browse/JETTY-396?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Jan Bartel closed JETTY-396.
----------------------------

    Resolution: Won't Fix

Not a bug, there were duplicate jars on the classpath.

> Default configuration of Jetty disables most cryptographic functions
> --------------------------------------------------------------------
>
>                 Key: JETTY-396
>                 URL: http://jira.codehaus.org/browse/JETTY-396
>             Project: Jetty
>          Issue Type: Bug
>          Components: Security and SSL
>    Affects Versions: 6.1.4
>         Environment: All known environments.
>            Reporter: Jason Proctor
>
> The default configuration environment of Jetty prohibits the operation of most cryptographic operations. In the originator of this report's experience, most normally available operations, including attempts to instantiate ciphers provided by the default JCE environment, result in "algorithm not found" or "method not supported" exceptions. However, DSA-based signature generation and verification seem to work.
> The exact same code functions unimpeded under Orion and other application server environments, and in standalone applications.

--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://jira.codehaus.org/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira

       

-------------------------------------------------------------------------
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2005.
http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
_______________________________________________
jetty-discuss mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/jetty-discuss