uio-bmi / crypt4gh Goto Github PK
View Code? Open in Web Editor NEWCrypt4GH standard implementation
Home Page: https://uio-bmi.github.io/crypt4gh/
License: MIT License
Crypt4GH standard implementation
Home Page: https://uio-bmi.github.io/crypt4gh/
License: MIT License
CodeFactor found an issue: Overload methods should not be split. Previous overloaded method located at line '80'.
It's currently on:
src\main\java\no\uio\ifi\crypt4gh\stream\Crypt4GHInputStream.java:167
Describe the bug
As of March 2021, jcenter went readonly. See https://developer.android.com/studio/build/jcenter-migration or https://jfrog.com/blog/into-the-sunset-bintray-jcenter-gocenter-and-chartcenter/
The pom.xml directions in https://github.com/uio-bmi/crypt4gh#readme give jcenter.bintray.com as the repository.
Maven central or another repository seems like a good second option to list this project. I know of https://docs.github.com/en/packages/working-with-a-github-packages-registry/working-with-the-gradle-registry but do not know the pluses or minuses there.
I know I see some pretty harsh warnings when including this in Android studio. Some sources say jcenter planned to completely shut off some jcenter services as of Feb 2022, I am not sure if they carried through on that or not.
To Reproduce
Steps to reproduce the behavior:
Expected behavior
The library artifact is fetchable from a trustworthy repository, and future versions (v2.4.4, e.g) will be fetchable as well.
Screenshots
n/a
Desktop (please complete the following information):
Additional context
As a workaround a user could build directly from GitHub
Is your feature request related to a problem? Please describe.
No.
Describe the solution you'd like
The current version of README.md
does not provide up-to-date information on the crypt4gh
maven artifact.
Depending on the JVM, some users may see a warning during encryption:
Encryption initialized...
Done: <path>
WARNING: An illegal reflective access operation has occurred
WARNING: Illegal reflective access by org.apache.commons.crypto.stream.CryptoInputStream (<path>/crypt4gh.jar) to method sun.nio.ch.DirectBuffer.cleaner()
WARNING: Please consider reporting this to the maintainers of org.apache.commons.crypto.stream.CryptoInputStream
WARNING: Use --illegal-access=warn to enable warnings of further illegal reflective access operations
WARNING: All illegal access operations will be denied in a future release
Assumption: it happens only on Java 9+ JVM.
CodeFactor found an issue: Overload methods should not be split. Previous overloaded method located at line '66'.
It's currently on:
src\main\java\no\uio\ifi\crypt4gh\stream\Crypt4GHInputStreamInternal.java:136
Exception in thread "main" org.bouncycastle.openpgp.PGPRuntimeOperationException: Iterator failed to get next object: unknown object in stream: 0
at org.bouncycastle.openpgp.PGPObjectFactory$1.getObject(Unknown Source)
at org.bouncycastle.openpgp.PGPObjectFactory$1.hasNext(Unknown Source)
at org.c02e.jpgpj.Ring.load(Ring.java:267)
at org.c02e.jpgpj.Ring.load(Ring.java:242)
at org.c02e.jpgpj.Key.load(Key.java:435)
at org.c02e.jpgpj.Key.<init>(Key.java:79)
at no.uio.ifi.crypt4gh.stream.Crypt4GHOutputStream.<init>(Crypt4GHOutputStream.java:83)
at no.uio.ifi.crypt4gh.app.Crypt4GHUtils.encryptFile(Crypt4GHUtils.java:42)
at no.uio.ifi.crypt4gh.app.Main.main(Main.java:57)
Caused by: java.io.IOException: unknown object in stream: 0
at org.bouncycastle.openpgp.PGPObjectFactory.nextObject(Unknown Source)
... 9 more
openjdk version "1.8.0_181"
OpenJDK Runtime Environment (build 1.8.0_181-8u181-b13-2~deb9u1-b13)
OpenJDK 64-Bit Server VM (build 25.181-b13, mixed mode)
The full conversation where this issue was identified is here: EGA-archive/ega-data-api#111 (comment)
ids.add(Long.toHexString(pgpPublicKeyEncryptedData.getKeyID()));
https://github.com/uio-bmi/crypt4gh/blob/master/src/main/java/no/uio/ifi/crypt4gh/factory/HeaderFactory.java#L68 it suffers from this: https://stackoverflow.com/a/35335975
0
e.g. 012C3737B2ED3BA5
12c3737b2ed3ba5
Maybe drop the long conversion, as the library should return the key id as found with no extra processing.
Describe the bug
Section 4.2 of the specification outlines how the edit list is applied. In the example, it says that the last keep value "[...] could actually be left out as it extends all the way to the end of the file." While testing my PR #88, I noticed that the last keep value is not optional in this implementation. Is this a potential interoperability issue?
To Reproduce
Encrypt value "1234" with edit list [3].
Expected behavior
Expecting first 3 bytes to be discarded. Decrypted result should therefore be "4".
Actual behavior
All data is discarded resulting to an empty result. Changing the edit list to [3,1] produces the expected result "4".
Sample code
@Test
public void testEditListImplementation() throws Exception {
PrivateKey writerPrivateKey = keyUtils.generatePrivateKey();
KeyPair readerKeyPair = keyUtils.generateKeyPair();
PrivateKey readerPrivateKey = readerKeyPair.getPrivate();
PublicKey readerPublicKey = readerKeyPair.getPublic();
try (ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream()) {
try (Crypt4GHOutputStream crypt4GHOutputStream = new Crypt4GHOutputStream(byteArrayOutputStream, new DataEditList(new long[]{ 3 }), writerPrivateKey, readerPublicKey)) {
crypt4GHOutputStream.write("1234".getBytes());
}
try (ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(byteArrayOutputStream.toByteArray());
Crypt4GHInputStream crypt4GHInputStream = new Crypt4GHInputStream(byteArrayInputStream, readerPrivateKey)) {
Assert.assertArrayEquals("4".getBytes(), crypt4GHInputStream.readAllBytes()); // Fails!
}
}
}
One test fails when CI runs on PR#45 with suggested maven-jar-plugin version bump:
https://github.com/uio-bmi/crypt4gh/runs/4798705086?check_suite_focus=true#step:2:52
seems to be a documented known problem with GitHub workflow (missing privileges, read_only instead of required write).
Is your feature request related to a problem? Please describe.
I'd like to incorporate this module on IGV desktop and the upstream maintainers might not accept the PR unless the .jar is publicly accessible (sans authenticated Github tokens). Unauthenticated access is planned but not implemented in GH yet:
https://github.com/orgs/community/discussions/26634
Describe the solution you'd like
It'd be very convenient to resume publishing here: https://mvnrepository.com/artifact/no.uio.ifi/crypt4gh
Github has detailed github actions workflows that allow parallel publishing (github + mavencentral).
Describe alternatives you've considered
I could just download the .jar and ship it with IGV's codebase, which is the approach I'll take for the time being, although it's suboptimal from a release and dependencies management perspective.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.