-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Mark,
On 1/21/20 12:14 PM, Mark Thomas wrote: > On 21/01/2020 15:53, Christopher Schultz wrote: >> Mark, >> >> On 1/20/20 2:25 PM, Mark Thomas wrote: >>> On 20/01/2020 17:21, Mark Thomas wrote: >>>> On 20/01/2020 17:08, Christopher Schultz wrote: >>>>> On 1/20/20 12:01 PM, ma...@apache.org wrote: >>>> >>>> <snip/> >>>> >>>>>> Add encryption as the first option to secure a cluster >>>>>> --- >>>> >>>> <snip/> >>>> >>>>> I could have sworn I added this, already. Thanks for doing >>>>> it. >>>> >>>> I'm looking at back-porting the Interceptor to 7.0.x. I've >>>> got everything done apart from GCMParameterSpec which is new >>>> in Java 7. >>>> >>>> I don't suppose you've looked into this previously and know >>>> if there is a Java 6 equivalent? It would save me the time >>>> to research it. >>>> >>>> If not, I'll make it a Java 7+ feature with JreCompat. >> >>> Java 6 doesn't support GCM. JreCompat it is. >> >> You may not need it: I checked, and the GCMParameterSpec class >> isn't referenced except in the GCMEncryptionManager class, which >> will only be loaded if the user specifically requests GCM >> block-cipher mode. > > It won't compile unless we compile with Java 7 and Tomcat 7 > ideally needs to compile with Java 6 unless we want to start > jumping through the same sort of hoops we have to jump through for > WebSocket. > >> So maybe you could just leave it alone and allow CNFE to occur on >> Java 7. Or, if you want a nicer error message, you can catch CNFE >> (or similar) or explicitly check the Java version and print a >> nice error message. >> >> But don't require Java 7 for the EncryptInterceptor in general. > > I went with the option of using reflection to call the Constructor. > That way it compiles on Java 6 but if the user specifies GCM it > will fail unless GCM is available (Java 7+ for Solaris, Java 8+ for > everyone else). Sounds good to me. The use is so limited that using reflection for everything isn't the end of the world. It just makes the code a little harder to follow. Aain, it's like 10 lines of code initially, so the reflection won't be awful. Thanks for doing this work. - -chris -----BEGIN PGP SIGNATURE----- Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/ iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAl4nRB0ACgkQHPApP6U8 pFgfFw/+KNgG0RBBt/EsDLbE6o3GLod475NBU92Js0oOK7R6sf1zxgjE3CxCQhlE Q8xWfHgx1zbVIXtG1DXBuFPTU8aOaP03jfcL/mu11SKRaHykUZTFQKQ4Fk5bjILe 5uK2SDHm6Qnki0U9MsX6MJeeRwSoUyHLM3JxVVSodG641vsB70a/w1fG14xGvHyJ nP9FOotg8weKwmgnftGe2Q4qg1Ug5+XcU9DYLeiYTHzIp+CnuH2HqRYDX8ERzEsM 7u94QEJRNThw58egmXqDlY7sOaMOlK31Yq7bC57KYt6U40ahs56FlZZwwfojTKQf Sab1m44lC2Av5y6SUby+0z/dcSlpV0fF5l13SDgVEN/mkqgGj71kfSu9TqQiCLSo ug6jpuM+u/rdQG7hPs+NlnOfJoIAsQgrVt6QkQy8Ro2mGq+jgo1R0Gqi25iuzUfI Bo/w057CNCoVaNKf5GLz9WHt00+Rq0mJP+AXoXD2nWxFzwe3E79AL41yXTdZfjRM YlpNylGIwoFXzrks5Rw3ESilhzQ07RZR9HOUKhv0T2EX/la5GoThSYjLgFyANS1o wapi1Bi713ZC8WnbOjnzmnz4ZbQV8UTnj+g5R50phTDnMn0/gWBsXv7O9KO8uW3M pEeKwyZxHp688H0P+BqozC9mTmlEfG/WuMo2UAd763GgJgK4mFo= =bwmC -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
