Coder Social home page Coder Social logo

crypt4gh's People

Stargazers

 avatar  avatar

Watchers

 avatar  avatar  avatar  avatar  avatar  avatar

crypt4gh's Issues

JCenter is deprecated

Describe the bug
As of March 2021, jcenter went readonly. See https://developer.android.com/studio/build/jcenter-migration or https://jfrog.com/blog/into-the-sunset-bintray-jcenter-gocenter-and-chartcenter/

The pom.xml directions in https://github.com/uio-bmi/crypt4gh#readme give jcenter.bintray.com as the repository.

Maven central or another repository seems like a good second option to list this project. I know of https://docs.github.com/en/packages/working-with-a-github-packages-registry/working-with-the-gradle-registry but do not know the pluses or minuses there.

I know I see some pretty harsh warnings when including this in Android studio. Some sources say jcenter planned to completely shut off some jcenter services as of Feb 2022, I am not sure if they carried through on that or not.

To Reproduce
Steps to reproduce the behavior:

  1. Go to 'https://github.com/uio-bmi/crypt4gh#readme'
  2. Copy sections of the pom.xml into Android studio (or ostensibly any other modern IDE that will use/convert these).
  3. Attempt to sync packages for the v.2.4.3 release
  4. See error: "Unable to resolve dependency for ':app@debugUnitTest/compileClasspath': Could not resolve no.uio.ifi:crypt4gh:v2.4.3" (The same occurs for no.uio.ifi:crypt4gh:2.4.3 or even no.uio.ifi:crypt4gh:+ which would download the latest of any version available).

Expected behavior
The library artifact is fetchable from a trustworthy repository, and future versions (v2.4.4, e.g) will be fetchable as well.

Screenshots
n/a

Desktop (please complete the following information):

  • OS: macOS 11.6
  • Browser: Safari (not that it matters)
  • Android Studio Bumblebee 2021.1.1

Additional context
As a workaround a user could build directly from GitHub

Update README.md

Is your feature request related to a problem? Please describe.
No.

Describe the solution you'd like
The current version of README.md does not provide up-to-date information on the crypt4gh maven artifact.

Illegal access warning

Depending on the JVM, some users may see a warning during encryption:

Encryption initialized...
Done: <path>
WARNING: An illegal reflective access operation has occurred
WARNING: Illegal reflective access by org.apache.commons.crypto.stream.CryptoInputStream (<path>/crypt4gh.jar) to method sun.nio.ch.DirectBuffer.cleaner()
WARNING: Please consider reporting this to the maintainers of org.apache.commons.crypto.stream.CryptoInputStream
WARNING: Use --illegal-access=warn to enable warnings of further illegal reflective access operations
WARNING: All illegal access operations will be denied in a future release

Assumption: it happens only on Java 9+ JVM.

PGPRuntimeOperationException during encryption

Exception in thread "main" org.bouncycastle.openpgp.PGPRuntimeOperationException: Iterator failed to get next object: unknown object in stream: 0
at org.bouncycastle.openpgp.PGPObjectFactory$1.getObject(Unknown Source)
at org.bouncycastle.openpgp.PGPObjectFactory$1.hasNext(Unknown Source)
at org.c02e.jpgpj.Ring.load(Ring.java:267)
at org.c02e.jpgpj.Ring.load(Ring.java:242)
at org.c02e.jpgpj.Key.load(Key.java:435)
at org.c02e.jpgpj.Key.<init>(Key.java:79)
at no.uio.ifi.crypt4gh.stream.Crypt4GHOutputStream.<init>(Crypt4GHOutputStream.java:83)
at no.uio.ifi.crypt4gh.app.Crypt4GHUtils.encryptFile(Crypt4GHUtils.java:42)
at no.uio.ifi.crypt4gh.app.Main.main(Main.java:57)
Caused by: java.io.IOException: unknown object in stream: 0
at org.bouncycastle.openpgp.PGPObjectFactory.nextObject(Unknown Source)
... 9 more
openjdk version "1.8.0_181"
OpenJDK Runtime Environment (build 1.8.0_181-8u181-b13-2~deb9u1-b13)
OpenJDK 64-Bit Server VM (build 25.181-b13, mixed mode)

Wrong keyID exttracted from Header

Description

The full conversation where this issue was identified is here: EGA-archive/ega-data-api#111 (comment)

ids.add(Long.toHexString(pgpPublicKeyEncryptedData.getKeyID())); https://github.com/uio-bmi/crypt4gh/blob/master/src/main/java/no/uio/ifi/crypt4gh/factory/HeaderFactory.java#L68 it suffers from this: https://stackoverflow.com/a/35335975

Steps to Reproduce

  1. Load a key id that starts with 0 e.g. 012C3737B2ED3BA5
  2. see that extracted id is 12c3737b2ed3ba5

Proposed solution

Maybe drop the long conversion, as the library should return the key id as found with no extra processing.

Edit list not applied according to specification

Describe the bug

Section 4.2 of the specification outlines how the edit list is applied. In the example, it says that the last keep value "[...] could actually be left out as it extends all the way to the end of the file." While testing my PR #88, I noticed that the last keep value is not optional in this implementation. Is this a potential interoperability issue?

To Reproduce

Encrypt value "1234" with edit list [3].

Expected behavior

Expecting first 3 bytes to be discarded. Decrypted result should therefore be "4".

Actual behavior

All data is discarded resulting to an empty result. Changing the edit list to [3,1] produces the expected result "4".

Sample code

    @Test
    public void testEditListImplementation() throws Exception {
        PrivateKey writerPrivateKey = keyUtils.generatePrivateKey();
        KeyPair readerKeyPair = keyUtils.generateKeyPair();
        PrivateKey readerPrivateKey = readerKeyPair.getPrivate();
        PublicKey readerPublicKey = readerKeyPair.getPublic();

        try (ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream()) {
            try (Crypt4GHOutputStream crypt4GHOutputStream = new Crypt4GHOutputStream(byteArrayOutputStream, new DataEditList(new long[]{ 3 }), writerPrivateKey, readerPublicKey)) {
                crypt4GHOutputStream.write("1234".getBytes());
            }
            try (ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(byteArrayOutputStream.toByteArray());
                 Crypt4GHInputStream crypt4GHInputStream = new Crypt4GHInputStream(byteArrayInputStream, readerPrivateKey)) {

                Assert.assertArrayEquals("4".getBytes(), crypt4GHInputStream.readAllBytes()); // Fails!
            }
        }
    }

Resume publishing releases to maven central, please?

Is your feature request related to a problem? Please describe.

I'd like to incorporate this module on IGV desktop and the upstream maintainers might not accept the PR unless the .jar is publicly accessible (sans authenticated Github tokens). Unauthenticated access is planned but not implemented in GH yet:

https://github.com/orgs/community/discussions/26634

Describe the solution you'd like

It'd be very convenient to resume publishing here: https://mvnrepository.com/artifact/no.uio.ifi/crypt4gh

Github has detailed github actions workflows that allow parallel publishing (github + mavencentral).

Describe alternatives you've considered

I could just download the .jar and ship it with IGV's codebase, which is the approach I'll take for the time being, although it's suboptimal from a release and dependencies management perspective.

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.