Comments (10)
loetifuss
commented on June 24, 2024
2
created a pull request to address this issue: #28
Extracted API to interface to hide dependencies for compilation
from secon-tool.
loetifuss
commented on June 24, 2024
1
The issue is compiling against secon-tool doesn't work, during runtime there is no problem. The compiler needs the "Socket" type of "fun-io-api" during compilation although it is marked as "implementation" scope. Thus, the POM file will only contain it as "runtime" dependency.
I suspect the dependency on "Socket" is leaked in "de.tk.opensource.secon.SECON" class and therefore required through static imports in "de.tk.opensource.secon.Subscriber".
from secon-tool.
christian-schlichtherle
commented on June 24, 2024
The runtime scope on fun-io-bios is intentional indeed. Please note that the Socket interface is not from this library however. In fact, it is from another library fun-io-api, which is a transitive dependency of fun-io-bios. Apparently your tool chain does not resolve transitive dependencies? Please check.
from secon-tool.
christian-schlichtherle
commented on June 24, 2024
This is how the dependency graph actually looks:
[info] +-de.tk.opensource:secon-tool:1.0.0
[info] | +-global.namespace.fun-io:fun-io-bios:2.4.0
[info] | | +-global.namespace.fun-io:fun-io-spi:2.4.0
[info] | | +-global.namespace.fun-io:fun-io-api:2.4.0
[info] | |
[info] | +-org.bouncycastle:bcpkix-jdk15on:1.66
[info] | +-org.bouncycastle:bcprov-jdk15on:1.66
from secon-tool.
lukasnaske
commented on June 24, 2024
Thanks for this info. Still compilation fails, even with a clean project. As soon as Subscriber#signAndEncryptTo is called the Socket dependency cannot be found. I created a clean project using both gradle and maven and only tried to run a simple class:
public class Test {
public static void main(String[] args) {
Identity identity = SECON.identity(null, null, null);
Directory directory = SECON.directory((KeyStore) null);
Subscriber subscriber = SECON.subscriber(identity, directory);
subscriber.signAndEncryptTo(() -> new ByteArrayOutputStream(), "test");
}
}
I will investigate further, but it would be quite interesting if anyone else can successfully compile a project without adding the fun-io-bios dependency separately.
from secon-tool.
loetifuss
commented on June 24, 2024
Just confirmed this issue with the following plain-vanilla Gradle script:
plugins {
id 'java-library'
}
repositories {
jcenter()
}
dependencies {
implementation ('de.tk.opensource:secon-tool:1.0.0')
}
Compilation of "Test.java" class fails on the command line using "gradlew compileJava". In Eclipse it works since Eclipse exposes the runtime classpath to the project.
from secon-tool.
christian-schlichtherle
commented on June 24, 2024
Works like a charm for me. In pom.xml:
<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>
<groupId>org.example</groupId>
<artifactId>untitled</artifactId>
<version>0.1.0-SNAPSHOT</version>
<dependencies>
<dependency>
<groupId>de.tk.opensource</groupId>
<artifactId>secon-tool</artifactId>
<version>1.0.0</version>
</dependency>
</dependencies>
<build>
<plugins>
<plugin>
<artifactId>maven-shade-plugin</artifactId>
<executions>
<execution>
<goals>
<goal>shade</goal>
</goals>
<configuration>
<shadedArtifactAttached>true</shadedArtifactAttached>
<shadedClassifierName>standalone</shadedClassifierName>
<filters>
<filter>
<artifact>*:*</artifact>
<excludes>
<exclude>META-INF/*.SF</exclude>
<exclude>META-INF/*.DSA</exclude>
<exclude>META-INF/*.RSA</exclude>
<exclude>**/module-info.class</exclude>
</excludes>
</filter>
</filters>
<transformers>
<transformer implementation="org.apache.maven.plugins.shade.resource.ManifestResourceTransformer">
<mainClass>de.tk.opensource.secon.Main</mainClass>
</transformer>
</transformers>
</configuration>
</execution>
</executions>
</plugin>
</plugins>
</build>
</project>Now in a shell session:
$ mvn clean verify
[...]
$ keytool -keystore keystore.p12 -storepass secret -genkey -alias alice -dname CN=alice -keyalg rsa
Generating 2.048 bit RSA key pair and self-signed certificate (SHA256withRSA) with a validity of 90 days
for: CN=alice
$ keytool -keystore keystore.p12 -storepass secret -genkey -alias bob -dname CN=bob -keyalg rsa
Generating 2.048 bit RSA key pair and self-signed certificate (SHA256withRSA) with a validity of 90 days
for: CN=bob
$ echo 'Hello world!' > message.txt
$ java -jar target/untitled-0.1.0-SNAPSHOT-standalone.jar -keystore keystore.p12 -storepass secret -alias alice -recipient bob -source message.txt -sink message.cms
$ java -jar target/untitled-0.1.0-SNAPSHOT-standalone.jar -keystore keystore.p12 -storepass secret -alias bob -source message.cms -sink copy.txt
$ cmp message.txt copy.txtfrom secon-tool.
christian-schlichtherle
commented on June 24, 2024
$ mvn dependency:tree
[...]
[INFO] --- maven-dependency-plugin:2.8:tree (default-cli) @ untitled ---
[INFO] org.example:untitled:jar:0.1.0-SNAPSHOT
[INFO] \- de.tk.opensource:secon-tool:jar:1.0.0:compile
[INFO] +- global.namespace.fun-io:fun-io-bios:jar:2.4.0:runtime
[INFO] | \- global.namespace.fun-io:fun-io-spi:jar:2.4.0:runtime
[INFO] | \- global.namespace.fun-io:fun-io-api:jar:2.4.0:runtime
[INFO] \- org.bouncycastle:bcpkix-jdk15on:jar:1.66:runtime
[INFO] \- org.bouncycastle:bcprov-jdk15on:jar:1.66:runtime
[INFO] ------------------------------------------------------------------------
[...]
$ from secon-tool.
christian-schlichtherle
commented on June 24, 2024
This is how the dependency graph actually looks:
[info] +-de.tk.opensource:secon-tool:1.0.0 [info] | +-global.namespace.fun-io:fun-io-bios:2.4.0 [info] | | +-global.namespace.fun-io:fun-io-spi:2.4.0 [info] | | +-global.namespace.fun-io:fun-io-api:2.4.0 [info] | | [info] | +-org.bouncycastle:bcpkix-jdk15on:1.66 [info] | +-org.bouncycastle:bcprov-jdk15on:1.66
This is from SBT, by the way. I suppose this issue is specific to Gradle.
from secon-tool.
lukasnaske
commented on June 24, 2024
Thanks for taking care of this, with the newly released version the compilation works πͺ
from secon-tool.
Related Issues (19)
- Clarify license situation HOT 2
- RSASSA-PSS 4096 doesn't work HOT 4
- Please consider renaming this repository HOT 2
- Please create a first release HOT 5
- Improve documentation over the command line tool params HOT 6
- (Non-)usage of parameter "employerNumber" in "sign" and "decrypt" HOT 3
- No need to declare a transitive dependency HOT 1
- use RSAES-OAEP algorithm for 4096 bit keys HOT 1
- Broken link to SECON spec HOT 1
- Add cache for LDAP certificates HOT 3
- Use embedded certificates HOT 7
- CertificateNotFoundException HOT 1
- Verification of valid/strong encryption algorithm HOT 1
- bouncycastle 1.6.4 has CVE-2020-15522 HOT 4
- SECON uses BouncyCastleProvider with old version 1.68 HOT 2
- Ist es ein Fehler wegen Signatur oder was fΓΌr ein Problem haben wir? HOT 1
- Doesn't compile on Java 8 HOT 4
- fat-jar misses generators for apsec private key HOT 4
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
π Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. πππ
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google β€οΈ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from secon-tool.