Wicket
  1. Wicket
  2. WICKET-260

Wicket uses trivial encryption if com.sun.crypto.provider.SunJCE is not available

    Details

      Description

      The wicket.util.crypt.SunJceCrypt class attempts to load Sun's JCE security provider class and throws an exception if it doesn't exist. Wicket then defaults to a trivial encryption implementation. However, the Java runtime may have other security providers that support the required encryption (PBEWithMD5AndDES). The following patch checks for statically registered providers (which users typically configure in their java.security file) before defaulting to the Sun JCE case.

      Index: src/main/java/wicket/util/crypt/SunJceCrypt.java
      ===================================================================
      — src/main/java/wicket/util/crypt/SunJceCrypt.java (revision 501736)
      +++ src/main/java/wicket/util/crypt/SunJceCrypt.java (working copy)
      @@ -61,6 +61,11 @@
      */
      public SunJceCrypt()
      {
      + if ( Security.getProviders("Cipher."+CRYPT_METHOD).length > 0 )
      +

      { + return; // we are good to go! + }

      +
      try
      {
      // Initialize and add a security provider required for encryption

      1. SunJceCrypt.java.patch
        0.5 kB
        Stuart McCulloch

        Activity

        Stuart McCulloch created issue -
        Hide
        Stuart McCulloch added a comment -

        The proposed patch.

        Show
        Stuart McCulloch added a comment - The proposed patch.
        Stuart McCulloch made changes -
        Field Original Value New Value
        Attachment SunJceCrypt.java.patch [ 12350539 ]
        Hide
        Stuart McCulloch added a comment -

        Bumping up priority, because wicket fails to load the Sun JCE provider on the standard Mac OS X JVM, but with the patch it works.

        Show
        Stuart McCulloch added a comment - Bumping up priority, because wicket fails to load the Sun JCE provider on the standard Mac OS X JVM, but with the patch it works.
        Stuart McCulloch made changes -
        Priority Minor [ 4 ] Major [ 3 ]
        Hide
        Eelco Hillenius added a comment -

        Hmmm, really? I just used Sun JCE on Mac OSX JVM without any problems (but with Wicket 1.3).

        Show
        Eelco Hillenius added a comment - Hmmm, really? I just used Sun JCE on Mac OSX JVM without any problems (but with Wicket 1.3).
        Hide
        Eelco Hillenius added a comment -

        Another thing is that our password field eats up any crypt related exception and says it can't load the crypt, even if there was something completely different going on.

        Show
        Eelco Hillenius added a comment - Another thing is that our password field eats up any crypt related exception and says it can't load the crypt, even if there was something completely different going on.
        Eelco Hillenius made changes -
        Resolution Fixed [ 1 ]
        Fix Version/s 2.0 [ 12312113 ]
        Status Open [ 1 ] Resolved [ 5 ]
        Assignee Eelco Hillenius [ ehillenius ]
        Fix Version/s 1.3 [ 12312114 ]
        Fix Version/s 1.2.5 [ 12312236 ]
        Eelco Hillenius made changes -
        Status Resolved [ 5 ] Closed [ 6 ]
        Hide
        Martijn Dashorst added a comment -

        Was not fixed in 1.2.5, but will be part of 1.2.6

        Show
        Martijn Dashorst added a comment - Was not fixed in 1.2.5, but will be part of 1.2.6
        Martijn Dashorst made changes -
        Resolution Fixed [ 1 ]
        Assignee Eelco Hillenius [ ehillenius ] Martijn Dashorst [ dashorst ]
        Status Closed [ 6 ] Reopened [ 4 ]
        Hide
        Martijn Dashorst added a comment -

        Was not fixed in 1.2.5, but will be part of 1.2.6

        Show
        Martijn Dashorst added a comment - Was not fixed in 1.2.5, but will be part of 1.2.6
        Martijn Dashorst made changes -
        Affects Version/s 1.2.5 [ 12312236 ]
        Fix Version/s 1.2.5 [ 12312236 ]
        Fix Version/s 1.2.6 [ 12312305 ]
        Martijn Dashorst made changes -
        Resolution Fixed [ 1 ]
        Status Reopened [ 4 ] Closed [ 6 ]
        Transition Time In Source Status Execution Times Last Executer Last Execution Date
        Open Open Resolved Resolved
        2d 9h 2m 1 Eelco Hillenius 09/Feb/07 18:23
        Resolved Resolved Closed Closed
        8s 1 Eelco Hillenius 09/Feb/07 18:23
        Closed Closed Reopened Reopened
        13h 47m 1 Martijn Dashorst 10/Feb/07 08:10
        Reopened Reopened Closed Closed
        56s 1 Martijn Dashorst 10/Feb/07 08:11

          People

          • Assignee:
            Martijn Dashorst
            Reporter:
            Stuart McCulloch
          • Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved:

              Development