The re-entrant coder

OK, so here’s the deal: the company I work for uses a ConfigurationManagement-as-a-Service provider to handle configuration management for all internal projects. The provider itself is actually a subsidiary of the company but in the end this doesn’t matter much. For CM they use Trac and Subversion. Which is great. As a proper service provider, all CM configurations for customers are highly secured which is achieved in part by the use of client-certificates for both SVN and Trac. Getting Eclipse integrated with services listed as such was not as easy as it seemed. I’ve split my efforts into two posts: this one deals with subversion whereas the next one will deal with Trac.
First, the setup that I tried to make work:

• Eclipse 3.3.1 (Europa release)
• Mylyn 3.3.1 (Europa release)
• Trac 0.10.3
• Subversion (version unknown)

Everything will be running under Windows XP SP2.

First: Subversion

Integrating Subversion was supposedly as easy as installing Subclipse. This is done via a an update site, the installation instructions can be found here. After this, you can switch to the SVN Repository Exploring perspective. There I clicked ‘Add SVN Repository’ and filled in the URL. This is where the problems start. Subclipse (or at least the libraries it uses to handle SVN) does not ask for a client-certificate by default and connection to the repository fails. A little googling pointed me to the following page that stated that Subclipse requires a setting named ssl-client-cert-prompt = yes “in the “Runtime Configuration Area”. This “runtime configuration area” turns out to be %APPDATA%\Subversion\ under Windows. Here, I editted the ‘servers’ file and stuck this setting in the ‘[Global]‘ section.
When re-entering the file it comes up with a certificate prompt where I can manually type the location of the certificate. Why there is no ‘browse’ button is beyond me, but alas. After typing the location of the certificate it asks for the passphrase for the certificate and goes to work… …only to bomb out with Propfind errors.
A further google reveals some pointers by the subclipse authors that I might need an ‘unlimited strength’ Java Cryptography Extension. By default, a JRE ships with ‘Strong encryption’, meaning that JCE will use strong ciphers such as DES and RSA, but with limited keysizes (max 128 bits for most). As it turns out, my certificate uses 512-bit RSA. The maximum keylengths are controlled by a policy file. To update to unlimited keysizes, you need to download this file from Sun. Extract the contents of the ‘jce’ folder in the zip-file in %JAVAHOME%\lib\security. Then, restart Eclipse to ensure that it accepts the new policy (I don’t know if this is absolutely required but better safe than sorry).
After the restart, I opened the SVN perspective again and entered the URL, again entered the certificate path and passphrase and lo’ and behold: a SVN repository appeared:
However, when clicking the little + sign, again the dialogs appeared that asked me to input my certificate path and passphrase. I was sure that I had ticked the ‘Save Answer:’ checkbox, but I entered my info again and the second level in the repository appeared. When clicking one of the branches in the tree, again I got the dialogs. It appears that the ‘Save Answer:’ checkbox doesn’t do anything. Rather than entering the certificate and passphrase for every action I take in the SVN Repository explorer, I opted for entering the certificate and passphrase into the SVN configuration file.
This entails entering the following info into the ‘servers’ configuration file mentioned above:
ssl-client-cert-file = <location of certificate>
ssl-client-cert-password = <passphrase>
This solved the problem and I could browse the repository without problems afterwards. I checked out my project and moved on to the next task: integrating Trac into Mylyn.

Related posts:

1. My client-certificate toil, Part 2/2
2. Client Certificate success!
3. Further research into failed Mylyn and client certificates integration