REVIEW NEXUS-6323: Replace plx cipher #636

Merged
merged 9 commits into from Jul 28, 2014

Projects

None yet

3 participants

Contributor
cstamas commented Jul 17, 2014

Phasing out plexus cipher, using newly introduced component in PR
sonatype/goodies#27

Issue
https://issues.sonatype.org/browse/NEXUS-6323

CI
http://bamboo.s/browse/NX-OSSF166

@mrprescott mrprescott and 2 others commented on an outdated diff Jul 21, 2014
...atype/nexus/internal/crypto/BCPluginEventHandler.java
@@ -32,8 +35,7 @@
* component is marked as {@code EagerSingleton} to be created (and hence to have registration happen) as early as
* possible, even before any wiring happens in plugins.
*
- * @author cstamas
- * @since 2.4
+ * @since 3.0
mrprescott
mrprescott Jul 21, 2014 Contributor

Curious: if this class existed in 2.4, shouldn't it remain @since 2.4?

mcculls
mcculls Jul 21, 2014 Member

This branch needs to be updated wrt. master - the BCPluginEventHandler class was removed last week and should not be re-introduced.

cstamas
cstamas Jul 23, 2014 Contributor

@mrprescott yup, this is wrong: originally I made the change and the @jdillon pointed out that @mcculls is about to remove BC plugin as is and solve it with OSGi. That will be merged in here.

@mrprescott mrprescott commented on an outdated diff Jul 21, 2014
...atype/nexus/internal/crypto/BCPluginEventHandler.java
@@ -51,6 +53,17 @@
public BCPluginEventHandler(final EventBus eventBus) {
checkNotNull(eventBus);
+ // log if no unlimited strength cipher detected
+ try {
+ if (Cipher.getMaxAllowedKeyLength("AES") == Integer.MAX_VALUE) {
+ log.info("Unlimited strength JCE policy detected");
+ }
+ }
+ catch (NoSuchAlgorithmException e) {
+ throw Throwables.propagate(e);
+ }
+ // TODO: Add specific warnings for algorithms we know specifically may affect NX behavior negatively if low strength/default policy is in place
mrprescott
mrprescott Jul 21, 2014 Contributor

Is this a reminder to do more work for this PR, or should there be an issue in the backlog?

Member
mcculls commented Jul 21, 2014

This branch needs to be updated wrt. master before I can +1 otherwise it will bring back a number of classes that were deleted in favour of letting the stock bcprov bundle register its security provider: 991d941

Contributor

+1, pending Stuart's concerns.

cstamas added some commits Jul 23, 2014
@cstamas cstamas Merge remote-tracking branch 'origin/master' into NEXUS-6323-replace-…
…plexus-cipher

Conflicts:
	components/nexus-core/src/main/java/org/sonatype/nexus/internal/crypto/BCPluginEventHandler.java
	components/nexus-crypto/pom.xml
ccc61fd
@cstamas cstamas NEXUS-6323: Merging master changes
re crypto plugin
35292af
Contributor
cstamas commented Jul 23, 2014

Branch updated, plz review

Member
mcculls commented Jul 23, 2014

+1

cstamas added some commits Jul 24, 2014
@cstamas cstamas changed the title from WIP NEXUS-6323: Replace plx cipher to REVIEW NEXUS-6323: Replace plx cipher Jul 28, 2014
@cstamas cstamas merged commit b126f02 into master Jul 28, 2014
@cstamas cstamas deleted the NEXUS-6323-replace-plexus-cipher branch Jul 28, 2014
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment