New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

org.spongycastle.jce.provider.X509LDAPCertStoreSpi imports javax.naming name space #7

Open
jo-bitsch opened this Issue Nov 24, 2014 · 12 comments

Comments

Projects
None yet
@jo-bitsch

jo-bitsch commented Nov 24, 2014

First and foremost: thanks a lot for your effort on making the complete bouncycastle functionality available on android.

Using lint on my own code, I noticed that org.spongycastle.jce.provider.X509LDAPCertStoreSpi in imports several classes from the javax.naming name space, which is not included in Android. Accordingly, the lint check fails. As your fork is aimed at Android in particular, one possible way to deal with this could be to leave out that file and adjust BouncyCastleProvider.java accordingly. If it's ok for you, I can prepare a pull request for you.

The specific lint error message was:

Correctness
InvalidPackage: Package not included in Android
../../../../../../../.gradle/caches/modules-2/files-2.1/com.madgag.spongycastle/prov/1.51.0.0/6755081df770180856ca48694b40cd34c2208128/prov-1.51.0.0.jar: Invalid package reference in library; not included in Android: javax.naming.directory. Referenced from org.spongycastle.jce.provider.X509LDAPCertStoreSpi.
../../../../../../../.gradle/caches/modules-2/files-2.1/com.madgag.spongycastle/prov/1.51.0.0/6755081df770180856ca48694b40cd34c2208128/prov-1.51.0.0.jar: Invalid package reference in library; not included in Android: javax.naming. Referenced from org.spongycastle.jce.provider.X509LDAPCertStoreSpi.
Priority: 6 / 10
Category: Correctness
Severity: Error
Explanation: Package not included in Android.
This check scans through libraries looking for calls to APIs that are not included in Android.

When you create Android projects, the classpath is set up such that you can only access classes in the API packages that are included in Android. However, if you add other projects to your libs/ folder, there is no guarantee that those .jar files were built with an Android specific classpath, and in particular, they could be accessing unsupported APIs such as java.applet.

This check scans through library jars and looks for references to API packages that are not included in Android and flags these. This is only an error if your code calls one of the library classes which wind up referencing the unsupported package.
@ktorn

This comment has been minimized.

Show comment
Hide comment
@ktorn

ktorn Jul 14, 2015

Just ran into this when building Mycelium. @rtyley any chance of merging the changes from the @jo-bitsch repo?

ktorn commented Jul 14, 2015

Just ran into this when building Mycelium. @rtyley any chance of merging the changes from the @jo-bitsch repo?

@rtyley

This comment has been minimized.

Show comment
Hide comment
@rtyley

rtyley Jul 14, 2015

Owner

Apologies for taking so long to get round to this - normally I don't care much for linters but this seems reasonable. It looks like @jo-bitsch has a commit ready:

jo-bitsch@5305ff5

@jo-bitsch, if you'd like to raise this as a pull request against latest SpongyCastle, I'd be happy to make a new release based upon it.

Thanks for reminding me, @ktorn !

Owner

rtyley commented Jul 14, 2015

Apologies for taking so long to get round to this - normally I don't care much for linters but this seems reasonable. It looks like @jo-bitsch has a commit ready:

jo-bitsch@5305ff5

@jo-bitsch, if you'd like to raise this as a pull request against latest SpongyCastle, I'd be happy to make a new release based upon it.

Thanks for reminding me, @ktorn !

@jo-bitsch

This comment has been minimized.

Show comment
Hide comment
@jo-bitsch

jo-bitsch Jul 15, 2015

@rtyley: sure thing. On top of which branch do you want me to patch?

BC is currently at 1.53.0.01. you seem to be at 1.52.0 at f1a4b3f in https://github.com/rtyley/spongycastle/commits/become-spongy_2015-06-15T16-59-06.

jo-bitsch commented Jul 15, 2015

@rtyley: sure thing. On top of which branch do you want me to patch?

BC is currently at 1.53.0.01. you seem to be at 1.52.0 at f1a4b3f in https://github.com/rtyley/spongycastle/commits/become-spongy_2015-06-15T16-59-06.

@rtyley

This comment has been minimized.

Show comment
Hide comment
@rtyley

rtyley Jul 15, 2015

Owner

1.53 doesn't seem to have been tagged yet?
https://github.com/bcgit/bc-java/releases

If you raise the PR against spongy-master that will be fine.
On 15 Jul 2015 13:17, "Jó Ágila Bitsch" notifications@github.com wrote:

@rtyley https://github.com/rtyley: sure thing. On top of which branch
do you want me to patch?

BC is currently at 1.53.0.01. you seem to be at 1.52.0 at f1a4b3f
f1a4b3f
in
https://github.com/rtyley/spongycastle/commits/become-spongy_2015-06-15T16-59-06
.


Reply to this email directly or view it on GitHub
#7 (comment).

Owner

rtyley commented Jul 15, 2015

1.53 doesn't seem to have been tagged yet?
https://github.com/bcgit/bc-java/releases

If you raise the PR against spongy-master that will be fine.
On 15 Jul 2015 13:17, "Jó Ágila Bitsch" notifications@github.com wrote:

@rtyley https://github.com/rtyley: sure thing. On top of which branch
do you want me to patch?

BC is currently at 1.53.0.01. you seem to be at 1.52.0 at f1a4b3f
f1a4b3f
in
https://github.com/rtyley/spongycastle/commits/become-spongy_2015-06-15T16-59-06
.


Reply to this email directly or view it on GitHub
#7 (comment).

@mvdan

This comment has been minimized.

Show comment
Hide comment
@mvdan

mvdan Feb 26, 2016

I get similar errors on .53:

Invalid package reference in library; not included in Android: javax.naming.directory. Referenced from org.spongycastle.cert.dane.fetcher.JndiDANEFetcherFactory.1
Invalid package reference in library; not included in Android: javax.naming. Referenced from org.spongycastle.cert.dane.fetcher.JndiDANEFetcherFactory.1

Is this fixed on .54? We haven't updated yet.

If it is, it would probably be a good idea to close this issue.

mvdan commented Feb 26, 2016

I get similar errors on .53:

Invalid package reference in library; not included in Android: javax.naming.directory. Referenced from org.spongycastle.cert.dane.fetcher.JndiDANEFetcherFactory.1
Invalid package reference in library; not included in Android: javax.naming. Referenced from org.spongycastle.cert.dane.fetcher.JndiDANEFetcherFactory.1

Is this fixed on .54? We haven't updated yet.

If it is, it would probably be a good idea to close this issue.

thestinger pushed a commit to AndroidHardeningArchive/fdroidclient that referenced this issue Mar 2, 2016

Merge branch 'lint-errors-2' into 'master'
Lint errors round 2

There are only a few errors left, which I've either logged as issues or reported upstream:

* #580
* #581
* #582
* rtyley/spongycastle#7 (comment)

I've also done a bunch of warnings that were just too easy to leave alone.

See merge request !215
@JaySoyer

This comment has been minimized.

Show comment
Hide comment
@JaySoyer

JaySoyer Jun 16, 2016

I confirmed that this is still happening in 1.54

InvalidPackage: Package not included in Android
../../../../../.gradle/caches/modules-2/files-2.1/com.madgag.spongycastle/pkix/1.54.0.0/183d77545a164f8fcf5a88b27af1f33670004eb6/pkix-1.54.0.0.jar: Invalid package reference in library; not included in Android: javax.naming.directory. Referenced from org.spongycastle.cert.dane.fetcher.JndiDANEFetcherFactory.1.
../../../../../.gradle/caches/modules-2/files-2.1/com.madgag.spongycastle/pkix/1.54.0.0/183d77545a164f8fcf5a88b27af1f33670004eb6/pkix-1.54.0.0.jar: Invalid package reference in library; not included in Android: javax.naming. Referenced from org.spongycastle.cert.dane.fetcher.JndiDANEFetcherFactory.1.

JaySoyer commented Jun 16, 2016

I confirmed that this is still happening in 1.54

InvalidPackage: Package not included in Android
../../../../../.gradle/caches/modules-2/files-2.1/com.madgag.spongycastle/pkix/1.54.0.0/183d77545a164f8fcf5a88b27af1f33670004eb6/pkix-1.54.0.0.jar: Invalid package reference in library; not included in Android: javax.naming.directory. Referenced from org.spongycastle.cert.dane.fetcher.JndiDANEFetcherFactory.1.
../../../../../.gradle/caches/modules-2/files-2.1/com.madgag.spongycastle/pkix/1.54.0.0/183d77545a164f8fcf5a88b27af1f33670004eb6/pkix-1.54.0.0.jar: Invalid package reference in library; not included in Android: javax.naming. Referenced from org.spongycastle.cert.dane.fetcher.JndiDANEFetcherFactory.1.

@robertszuba

This comment has been minimized.

Show comment
Hide comment
@robertszuba

robertszuba Oct 21, 2016

Any chance for the fix in coming 1.55?

robertszuba commented Oct 21, 2016

Any chance for the fix in coming 1.55?

@marcin-onegini

This comment has been minimized.

Show comment
Hide comment
@marcin-onegini

marcin-onegini Jun 6, 2017

It still doesn't work in version 1.56.0.0.
@rtyley any chance this will be fixed in next version?

marcin-onegini commented Jun 6, 2017

It still doesn't work in version 1.56.0.0.
@rtyley any chance this will be fixed in next version?

@samuelrohr

This comment has been minimized.

Show comment
Hide comment
@samuelrohr

samuelrohr Jul 12, 2017

The problem only happens here when i enable the minify. Are someone looking to fix this? The javax.naming isnt in Android api so for this lib to be for android it shouldn't depends on it

samuelrohr commented Jul 12, 2017

The problem only happens here when i enable the minify. Are someone looking to fix this? The javax.naming isnt in Android api so for this lib to be for android it shouldn't depends on it

@mirceanis

This comment has been minimized.

Show comment
Hide comment
@mirceanis

mirceanis Apr 18, 2018

any progress on this?

mirceanis commented Apr 18, 2018

any progress on this?

@mrZizik

This comment has been minimized.

Show comment
Hide comment
@mrZizik

mrZizik Jun 13, 2018

still happening

mrZizik commented Jun 13, 2018

still happening

@tajchert

This comment has been minimized.

Show comment
Hide comment
@tajchert

tajchert Jul 20, 2018

Still on 1.58

tajchert commented Jul 20, 2018

Still on 1.58

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment