Skip to content

Adding a "bouncycastle" provider to run the bouncycastle specific tests#204

Merged
coheigea merged 1 commit intomainfrom
coheigea/bcprov-profile
Aug 28, 2023
Merged

Adding a "bouncycastle" provider to run the bouncycastle specific tests#204
coheigea merged 1 commit intomainfrom
coheigea/bcprov-profile

Conversation

@coheigea
Copy link
Contributor

@coheigea coheigea commented Aug 28, 2023

No description provided.

@coheigea coheigea merged commit 6fd5401 into main Aug 28, 2023
@coheigea coheigea deleted the coheigea/bcprov-profile branch August 28, 2023 05:51
coheigea added a commit that referenced this pull request Aug 28, 2023
@coheigea
Adding a "bouncycastle" provider to run the bouncycastle specific tes…
73641d4 
…ts (#204)
@seanjmullan
Copy link
Member

seanjmullan commented Sep 7, 2023

Another enhancement related to this that I was thinking is to (optionally) run all of the tests with BouncyCastle installed as the first provider. This would give us more confirmation that Santuario works with different JCE providers (those installed in the JDK or BouncyCastle). This might require some Junit wizardry that I'm not an expert enough to know if it is possible or not.

@coheigea
Copy link
Contributor Author

coheigea commented Sep 8, 2023

Good point, I added the assumptions. Regarding tests, we could just run the tests twice as part of CI,i.e "mvn clean install; mvn clean install -Pbouncycastle"

@seanjmullan
Copy link
Member

seanjmullan commented Sep 11, 2023

Thanks. I think you may have misunderstood my latter comment though. What I was thinking if we could run all of the tests with this profile and be sure that BC was used as the default JCE provider for all of the tests, as this would give us a better assurance that all Santuario APIs worked across the board with different JCE providers. Typically this would be done by editing the java.security file and adding it as the first provider. For testing, however, modifying the JDK under test is usually not a viable option, so this could be done instead by specifying an alternate java.security file with the java.security.properties system property, ex:

java -Djava.security.properties=my.java.security ...

where my.java.security is a file with an entry with the first provider as BC followed by the existing JDK providers, all renumbered, something like:

security.provider.1=org.bouncycastle.jce.provider.BouncyCastleProvider
security.provider.2=SUN
security.provider.3=SunRsaSign
security.provider.4=SunEC
security.provider.5=SunJSSE
security.provider.6=SunJCE
security.provider.7=SunJGSS
security.provider.8=SunSASL
security.provider.9=XMLDSig
security.provider.10=SunPCSC
security.provider.11=JdkLDAP
security.provider.12=JdkSASL
security.provider.13=Apple
security.provider.14=SunPKCS11

This might be a bit hard to pull off, but would be a very valuable feature as it would provide comprehensive interoperability testing of at least 2 different JCE providers.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@seanjmullan seanjmullan seanjmullan left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@coheigea @seanjmullan