olamy commented on issue #590: URL: https://github.com/apache/mina-sshd/issues/590#issuecomment-2322848217
> > not sure to follow. do you mean some new method in SecurityProviderRegistrar? > > No. The `PKCS8PEMResourceKeyPairParser` currently handles unencrypted and encrypted keys. For encrypted keys it relies on BC because of numerous bugs in PBES2 in earlier Java versions. > > The `PKCS8PEMResourceKeyPairParser` is unconditionally registered in `PEMResourceParserUtils`. > > My suggestion was to factor out the encrypted key handling into a separate parser, which would implement `OptionalFeature`, and which would be registered only if the required BC classes are present. (And/or BC was registered through a registrar. All this registrar stuff seems way overdesigned to me anyway. I don't quite understand why one would want to have yet another layer on top of Java's SecurityProvider. Why can't we just use whatever SecurityProviders are installed?) > I kinda agree, but maybe this should be done as part of another issue, including some bigger refactoring. Here it's only a bug fix because it's blocking system that wanted to use Mina SSH on a FIPS constrained env (which means JGit is not usable for SSH git repo) > Re: ServiceLoader: seems simpler than using ThreadUtils and manual class loading. Java has a mechanism to such things, so why not use it. (It's another area of the code that I don't quite get why we have it at all. What's the problem with ServiceLoader that prompted the creation of these home-grown thread utils?) I don't have the history here. But there could be plenty of classloader issues (OSGI?). I will change the code to use classloader for this random. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For additional commands, e-mail: dev-h...@mina.apache.org
