Uploaded image for project: 'Wicket'
  1. Wicket
  2. WICKET-260

Wicket uses trivial encryption if com.sun.crypto.provider.SunJCE is not available

    Details

      Description

      The wicket.util.crypt.SunJceCrypt class attempts to load Sun's JCE security provider class and throws an exception if it doesn't exist. Wicket then defaults to a trivial encryption implementation. However, the Java runtime may have other security providers that support the required encryption (PBEWithMD5AndDES). The following patch checks for statically registered providers (which users typically configure in their java.security file) before defaulting to the Sun JCE case.

      Index: src/main/java/wicket/util/crypt/SunJceCrypt.java
      ===================================================================
      — src/main/java/wicket/util/crypt/SunJceCrypt.java (revision 501736)
      +++ src/main/java/wicket/util/crypt/SunJceCrypt.java (working copy)
      @@ -61,6 +61,11 @@
      */
      public SunJceCrypt()
      {
      + if ( Security.getProviders("Cipher."+CRYPT_METHOD).length > 0 )
      +

      { + return; // we are good to go! + }

      +
      try
      {
      // Initialize and add a security provider required for encryption

        Attachments

        1. SunJceCrypt.java.patch
          0.5 kB
          Stuart McCulloch

          Activity

            People

            • Assignee:
              dashorst Martijn Dashorst
              Reporter:
              mcculls Stuart McCulloch
            • Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: