From mharmsen at redhat.com Thu Nov 8 17:19:18 2018 From: mharmsen at redhat.com (Matthew Harmsen) Date: Thu, 8 Nov 2018 10:19:18 -0700 Subject: [Pki-devel] No PKI meeting today Message-ID: <9be7896e-ca4a-3a5e-a4b1-614a78df6097@redhat.com> Everyone, I have a family emergency, and need to cancel today's meeting. -- Matt From jonm at rescale.com Wed Nov 7 23:47:08 2018 From: jonm at rescale.com (Jon Moroney) Date: Wed, 7 Nov 2018 15:47:08 -0800 Subject: [Pki-devel] Integrating JSS into an existing java project Message-ID: <48D266C5-F8EE-4871-96B2-DF8B1E2828D6@rescale.com> Hey all, Sorry if this question has been covered, I did a cursory search and came up with nothing. I?m trying to integrate the signed JSS jar into my build to be used as a JCE provider for fips compliance and am running into issues. Using the java Security class I?m trying to set the JSS provider as the default security provider ``` Security.insertProviderAt(new JSSProvider() ,1); ``` This works, however when running my test suite I get about a billion errors which all seem to trace back to errors around the default PRNG provider. Ex. ``` Could not initialize class javax.crypto.JceSecurityManager ``` I?ve read that in order to use jss classes directly one needs to initialize the cryptomanager class. Is this necessary if I just want to use jss as a JCE provider? If so, how do I know what arguments to pass into the initialize function? Thanks, Jon From ascheel at redhat.com Tue Nov 13 15:58:26 2018 From: ascheel at redhat.com (Alexander Scheel) Date: Tue, 13 Nov 2018 10:58:26 -0500 (EST) Subject: [Pki-devel] Integrating JSS into an existing java project In-Reply-To: <48D266C5-F8EE-4871-96B2-DF8B1E2828D6@rescale.com> References: <48D266C5-F8EE-4871-96B2-DF8B1E2828D6@rescale.com> Message-ID: <158268449.68223940.1542124706960.JavaMail.zimbra@redhat.com> Hi Jon, I do have to say I'm not that familiar with your use case. You might want to take a look at TomcatJSS and PKI for examples using JSS. One thing that I will point out is that, rather than directly adding the JSSProvider to the JCE, we let the CryptoManager deal with that: See: https://github.com/dogtagpki/pki/blob/master/base/server/cmscore/src/com/netscape/cmscore/security/JssSubsystem.java#L305 Which calls here: https://github.com/dogtagpki/jss/blob/master/org/mozilla/jss/CryptoManager.java#L437 I'm guessing the latter will give you the clues you seek for initializing the RNG if you want to do it yourself... :) (So I think to directly answer the last question, you either need to initialize the CryptoManager class, or do the work it does (RNG initialization in this current case) and/or the subset of work it does that enables your use cases... so I'd perhaps consider just using the CryptoManager class myself). - Alex ----- Original Message ----- > From: "Jon Moroney" > To: pki-devel at redhat.com > Sent: Wednesday, November 7, 2018 6:47:08 PM > Subject: [Pki-devel] Integrating JSS into an existing java project > > Hey all, > > Sorry if this question has been covered, I did a cursory search and came up > with nothing. > > I?m trying to integrate the signed JSS jar into my build to be used as a JCE > provider for fips compliance and am running into issues. Using the java > Security class I?m trying to set the JSS provider as the default security > provider > ``` > Security.insertProviderAt(new JSSProvider() ,1); > ``` > This works, however when running my test suite I get about a billion errors > which all seem to trace back to errors around the default PRNG provider. Ex. > ``` > Could not initialize class javax.crypto.JceSecurityManager > ``` > I?ve read that in order to use jss classes directly one needs to initialize > the cryptomanager class. Is this necessary if I just want to use jss as a > JCE provider? If so, how do I know what arguments to pass into the > initialize function? > > Thanks, > Jon > > _______________________________________________ > Pki-devel mailing list > Pki-devel at redhat.com > https://www.redhat.com/mailman/listinfo/pki-devel From builds at travis-ci.org Sat Nov 17 04:38:55 2018 From: builds at travis-ci.org (Travis CI) Date: Sat, 17 Nov 2018 04:38:55 +0000 Subject: [Pki-devel] [CRON] Errored: dogtagpki/pki-nightly-test#161 (master - 8b0826f) In-Reply-To: Message-ID: <5bef9b5ec2b5c_43f93ccd476ec2473c6@4810438c-30c6-4434-a838-d52deaac951b.mail> Build Update for dogtagpki/pki-nightly-test ------------------------------------- Build: #161 Status: Errored Duration: 41 mins and 29 secs Commit: 8b0826f (master) Author: Endi S. Dewata Message: Updated global variables The COPR_REPO variable has been replaced with TEST_COPR_REPO to prevent collision with pki's COPR_REPO variable. The PKI_VERSION variable has been replaced with COPR_REPO to match pki project. The setupCOPR.sh has been modified to validate that the COPR_API environment variable is defined. View the changeset: https://github.com/dogtagpki/pki-nightly-test/compare/5097ae0e6f48ab6f856c8972de8bb3fefde08e7f...8b0826fe3dc1e407036590f886dcd0fdac0299ea View the full build log and details: https://travis-ci.org/dogtagpki/pki-nightly-test/builds/456256727?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the dogtagpki/pki-nightly-test repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=20325727&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From builds at travis-ci.org Wed Nov 28 04:09:11 2018 From: builds at travis-ci.org (Travis CI) Date: Wed, 28 Nov 2018 04:09:11 +0000 Subject: [Pki-devel] [CRON] Errored: dogtagpki/pki-nightly-test#172 (master - 8b0826f) In-Reply-To: Message-ID: <5bfe14e734dcb_43fad66235980108275@9e327000-4e0f-4d4d-93f9-ae3c69aee234.mail> Build Update for dogtagpki/pki-nightly-test ------------------------------------- Build: #172 Status: Errored Duration: 6 mins and 56 secs Commit: 8b0826f (master) Author: Endi S. Dewata Message: Updated global variables The COPR_REPO variable has been replaced with TEST_COPR_REPO to prevent collision with pki's COPR_REPO variable. The PKI_VERSION variable has been replaced with COPR_REPO to match pki project. The setupCOPR.sh has been modified to validate that the COPR_API environment variable is defined. View the changeset: https://github.com/dogtagpki/pki-nightly-test/compare/5097ae0e6f48ab6f856c8972de8bb3fefde08e7f...8b0826fe3dc1e407036590f886dcd0fdac0299ea View the full build log and details: https://travis-ci.org/dogtagpki/pki-nightly-test/builds/460594936?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the dogtagpki/pki-nightly-test repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=20325727&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: