db-derby-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From d..@apache.org
Subject svn commit: r230183 - in /db/derby/code/trunk/java: engine/org/apache/derby/iapi/services/loader/ engine/org/apache/derby/iapi/types/ engine/org/apache/derby/impl/services/reflect/ engine/org/apache/derby/impl/sql/compile/ engine/org/apache/derby/impl/...
Date Fri, 05 Aug 2005 00:30:51 GMT
Author: djd
Date: Thu Aug  4 17:30:40 2005
New Revision: 230183

URL: http://svn.apache.org/viewcvs?rev=230183&view=rev
Log:
DERBY-485 Catch SecurityExceptions and LinkageExceptions consistently when loading application
classes (e.g. procedures, functions) and report as a ClassNotFoundException with the text
of
the underlying exception. Enhance the test lang/dcl.jar to have a signed jar file as a database
jar, a hacked version of the jar file and a jar file with an invalid class (for a LinkageError).

Added:
    db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/master/jdk15/
    db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/master/jdk15/dcl.out
  (with props)
    db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/lang/dcl_emc2l.jar
  (with props)
    db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/lang/dcl_emc2s.jar
  (with props)
    db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/lang/dcl_emc2sm.jar
  (with props)
Modified:
    db/derby/code/trunk/java/engine/org/apache/derby/iapi/services/loader/ClassFactory.java
    db/derby/code/trunk/java/engine/org/apache/derby/iapi/services/loader/ClassInspector.java
    db/derby/code/trunk/java/engine/org/apache/derby/iapi/types/TypeId.java
    db/derby/code/trunk/java/engine/org/apache/derby/impl/services/reflect/DatabaseClasses.java
    db/derby/code/trunk/java/engine/org/apache/derby/impl/services/reflect/ReflectClassesJava2.java
    db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/compile/ColumnDefinitionNode.java
    db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/compile/QueryTreeNode.java
    db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/execute/CreateAliasConstantAction.java
    db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/master/dcl.out
    db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/lang/copyfiles.ant
    db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/lang/dcl.sql
    db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/lang/dcl_app.properties
    db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/lang/dcl_emc2.jar

Modified: db/derby/code/trunk/java/engine/org/apache/derby/iapi/services/loader/ClassFactory.java
URL: http://svn.apache.org/viewcvs/db/derby/code/trunk/java/engine/org/apache/derby/iapi/services/loader/ClassFactory.java?rev=230183&r1=230182&r2=230183&view=diff
==============================================================================
--- db/derby/code/trunk/java/engine/org/apache/derby/iapi/services/loader/ClassFactory.java
(original)
+++ db/derby/code/trunk/java/engine/org/apache/derby/iapi/services/loader/ClassFactory.java
Thu Aug  4 17:30:40 2005
@@ -51,7 +51,8 @@
 	/**
 		Load an application class, or a class that is potentially an application class.
 
-		@exception ClassNotFoundException Class cannot be found
+		@exception ClassNotFoundException Class cannot be found, or
+		a SecurityException or LinkageException was thrown loading the class.
 	*/
 	public Class loadApplicationClass(String className)
 		throws ClassNotFoundException;
@@ -59,7 +60,8 @@
 	/**
 		Load an application class, or a class that is potentially an application class.
 
-		@exception ClassNotFoundException Class cannot be found
+		@exception ClassNotFoundException Class cannot be found, or
+		a SecurityException or LinkageException was thrown loading the class.
 	*/
 	public Class loadApplicationClass(ObjectStreamClass classDescriptor)
 		throws ClassNotFoundException;

Modified: db/derby/code/trunk/java/engine/org/apache/derby/iapi/services/loader/ClassInspector.java
URL: http://svn.apache.org/viewcvs/db/derby/code/trunk/java/engine/org/apache/derby/iapi/services/loader/ClassInspector.java?rev=230183&r1=230182&r2=230183&view=diff
==============================================================================
--- db/derby/code/trunk/java/engine/org/apache/derby/iapi/services/loader/ClassInspector.java
(original)
+++ db/derby/code/trunk/java/engine/org/apache/derby/iapi/services/loader/ClassInspector.java
Thu Aug  4 17:30:40 2005
@@ -794,7 +794,8 @@
 		and primitive types.
 		This will attempt to load the class from the application set.
 
-		@exception ClassNotFoundException Class cannot be found.
+		@exception ClassNotFoundException Class cannot be found, or
+		a SecurityException or LinkageException was thrown loading the class.
 	*/
 	public Class getClass(String className) throws ClassNotFoundException {
 

Modified: db/derby/code/trunk/java/engine/org/apache/derby/iapi/types/TypeId.java
URL: http://svn.apache.org/viewcvs/db/derby/code/trunk/java/engine/org/apache/derby/iapi/types/TypeId.java?rev=230183&r1=230182&r2=230183&view=diff
==============================================================================
--- db/derby/code/trunk/java/engine/org/apache/derby/iapi/types/TypeId.java (original)
+++ db/derby/code/trunk/java/engine/org/apache/derby/iapi/types/TypeId.java Thu Aug  4 17:30:40
2005
@@ -1267,10 +1267,6 @@
                                 {
                                         orderable = false;
                                 } 
-                                catch (LinkageError le) 
-                                {
-                                        orderable = false;
-                                }
                                 break;
 
                         default:

Modified: db/derby/code/trunk/java/engine/org/apache/derby/impl/services/reflect/DatabaseClasses.java
URL: http://svn.apache.org/viewcvs/db/derby/code/trunk/java/engine/org/apache/derby/impl/services/reflect/DatabaseClasses.java?rev=230183&r1=230182&r2=230183&view=diff
==============================================================================
--- db/derby/code/trunk/java/engine/org/apache/derby/impl/services/reflect/DatabaseClasses.java
(original)
+++ db/derby/code/trunk/java/engine/org/apache/derby/impl/services/reflect/DatabaseClasses.java
Thu Aug  4 17:30:40 2005
@@ -76,7 +76,7 @@
 	@see org.apache.derby.iapi.services.loader.ClassFactory
 */
 
-public abstract class DatabaseClasses
+abstract class DatabaseClasses
 	implements ClassFactory, ModuleControl
 {
 	/*
@@ -92,7 +92,7 @@
 	** Constructor
 	*/
 
-	public DatabaseClasses() {
+	DatabaseClasses() {
 	}
 
 	/*
@@ -208,22 +208,36 @@
 	public final Class loadApplicationClass(String className)
 		throws ClassNotFoundException {
 
+		Throwable loadError;
 		try {
-			return loadClassNotInDatabaseJar(className);
-		} catch (ClassNotFoundException cnfe) {
-			if (applicationLoader == null)
-				throw cnfe;
-			Class c = applicationLoader.loadClass(className, true);
-			if (c == null)
-				throw cnfe;
-			return c;
+			try {
+				return loadClassNotInDatabaseJar(className);
+			} catch (ClassNotFoundException cnfe) {
+				if (applicationLoader == null)
+					throw cnfe;
+				Class c = applicationLoader.loadClass(className, true);
+				if (c == null)
+					throw cnfe;
+				return c;
+			}
 		}
+		catch (SecurityException se)
+		{
+			// Thrown if the class has been comprimised in some
+			// way, e.g. modified in a signed jar.
+			loadError = se;	
+		}
+		catch (LinkageError le)
+		{
+			// some error linking the jar, again could
+			// be malicious code inserted into a jar.
+			loadError = le;	
+		}
+		throw new ClassNotFoundException(className + " : " + loadError.getMessage());
 	}
-
-	Class loadClassNotInDatabaseJar(String className) throws ClassNotFoundException {
-		return Class.forName(className);
-	}
-
+	
+	abstract Class loadClassNotInDatabaseJar(String className)
+		throws ClassNotFoundException;
 
 	public final Class loadApplicationClass(ObjectStreamClass classDescriptor)
 		throws ClassNotFoundException {

Modified: db/derby/code/trunk/java/engine/org/apache/derby/impl/services/reflect/ReflectClassesJava2.java
URL: http://svn.apache.org/viewcvs/db/derby/code/trunk/java/engine/org/apache/derby/impl/services/reflect/ReflectClassesJava2.java?rev=230183&r1=230182&r2=230183&view=diff
==============================================================================
--- db/derby/code/trunk/java/engine/org/apache/derby/impl/services/reflect/ReflectClassesJava2.java
(original)
+++ db/derby/code/trunk/java/engine/org/apache/derby/impl/services/reflect/ReflectClassesJava2.java
Thu Aug  4 17:30:40 2005
@@ -31,7 +31,7 @@
 
 	private java.util.HashMap preCompiled;
 
-	private int action;
+	private int action = -1;
 
 	synchronized LoadedGeneratedClass loadGeneratedClassFromData(String fullyQualifiedName,
ByteArray classDump) {
 
@@ -62,21 +62,27 @@
 	}
 
 	public final Object run() {
-		// SECURITY PERMISSION - MP2
-		switch (action) {
-		case 1:
-			return new ReflectLoaderJava2(getClass().getClassLoader(), this);
-		case 2:
-			return Thread.currentThread().getContextClassLoader();
-		default:
-			return null;
+
+		try {
+			// SECURITY PERMISSION - MP2
+			switch (action) {
+			case 1:
+				return new ReflectLoaderJava2(getClass().getClassLoader(), this);
+			case 2:
+				return Thread.currentThread().getContextClassLoader();
+			default:
+				return null;
+			}
+		} finally {
+			action = -1;
 		}
+		
 	}
 
-	synchronized Class loadClassNotInDatabaseJar(String name) throws ClassNotFoundException
{
+	Class loadClassNotInDatabaseJar(String name) throws ClassNotFoundException {
 		
 		Class foundClass = null;
-		action = 2;
+		
 	    // We may have two problems with calling  getContextClassLoader()
 	    // when trying to find our own classes for aggregates.
 	    // 1) If using the URLClassLoader a ClassNotFoundException may be 
@@ -88,8 +94,12 @@
 	    // (the classLoader that loaded Cloudscape). 
 	    // So we call Class.forName to ensure that we find the class.
         try {
-            ClassLoader cl = ((ClassLoader)
+        	ClassLoader cl;
+        	synchronized(this) {
+        	  action = 2;
+              cl = ((ClassLoader)
 			      java.security.AccessController.doPrivileged(this));
+        	}
 			
 			foundClass = (cl != null) ?  cl.loadClass(name) 
 				      :Class.forName(name);

Modified: db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/compile/ColumnDefinitionNode.java
URL: http://svn.apache.org/viewcvs/db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/compile/ColumnDefinitionNode.java?rev=230183&r1=230182&r2=230183&view=diff
==============================================================================
--- db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/compile/ColumnDefinitionNode.java
(original)
+++ db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/compile/ColumnDefinitionNode.java
Thu Aug  4 17:30:40 2005
@@ -306,8 +306,6 @@
 			foundMatch = classInspector.accessible(columnTypeName);
 		} catch (ClassNotFoundException cnfe) {
 			reason = cnfe;
-		} catch (LinkageError le) {
-			reason = le;
 		}
 
 		if (!foundMatch)

Modified: db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/compile/QueryTreeNode.java
URL: http://svn.apache.org/viewcvs/db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/compile/QueryTreeNode.java?rev=230183&r1=230182&r2=230183&view=diff
==============================================================================
--- db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/compile/QueryTreeNode.java (original)
+++ db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/compile/QueryTreeNode.java Thu
Aug  4 17:30:40 2005
@@ -1559,8 +1559,6 @@
 		} catch (ClassNotFoundException cnfe) {
 
 			reason = cnfe;
-		} catch (LinkageError le) {
-			reason = le;
 		}
 
 		if (!foundMatch)

Modified: db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/execute/CreateAliasConstantAction.java
URL: http://svn.apache.org/viewcvs/db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/execute/CreateAliasConstantAction.java?rev=230183&r1=230182&r2=230183&view=diff
==============================================================================
--- db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/execute/CreateAliasConstantAction.java
(original)
+++ db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/execute/CreateAliasConstantAction.java
Thu Aug  4 17:30:40 2005
@@ -211,7 +211,7 @@
 				// Does the class exist?
 				realClass = cf.loadApplicationClass(checkClassName);
 			}
-			catch (Throwable t)
+			catch (ClassNotFoundException t)
 			{
 				throw StandardException.newException(SQLState.LANG_TYPE_DOESNT_EXIST2, t, checkClassName);
 			}

Modified: db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/master/dcl.out
URL: http://svn.apache.org/viewcvs/db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/master/dcl.out?rev=230183&r1=230182&r2=230183&view=diff
==============================================================================
--- db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/master/dcl.out
(original)
+++ db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/master/dcl.out
Thu Aug  4 17:30:40 2005
@@ -97,6 +97,53 @@
 big@blue.com                  |0     
 spammer@ripoff.com            |0     
 open@source.org               |1     
+ij> -- function that gets the signers of the class (loaded from the jar)
+create function EMC.GETSIGNERS(CLASS_NAME VARCHAR(256))
+RETURNS VARCHAR(60)
+NO SQL
+external name 'org.apache.derbyTesting.databaseclassloader.emc.getSigners'
+language java parameter style java;
+0 rows inserted/updated/deleted
+ij> -- at this point the jar is not signed, NULL expected
+VALUES EMC.GETSIGNERS('org.apache.derbyTesting.databaseclassloader.emc');
+1                                                                                       
                                       
+--------------------------------------------------------------------------------------------------------------------------------
+NULL                                                                                    
                                       
+ij> -- Replace with a signed jar
+-- (self signed certificate)
+--
+-- Commands used to sign jar
+-- keytool -genkey -dname "cn=EMC CTO, ou=EMC APP, o=Easy Mail Company, c=US" -alias emccto
-keypass kpi135 -keystore emcks -storepass ab987c
+-- keytool -selfcert -alias emccto -keypass kpi135 -keystore emcks -storepass ab987c
+-- jarsigner -keystore emcks -storepass ab987c -keypass kpi135 -signedjar dcl_emc2s.jar dcl_emc2.jar
emccto
+--
+--
+CALL SQLJ.REPLACE_JAR('file:dcl_emc2s.jar', 'EMC.MAIL_APP');
+0 rows inserted/updated/deleted
+ij> VALUES EMC.GETSIGNERS('org.apache.derbyTesting.databaseclassloader.emc');
+1                                                                                       
                                       
+--------------------------------------------------------------------------------------------------------------------------------
+CN=EMC CTO, OU=EMC APP, O=Easy Mail Company, C=US                                       
                                       
+ij> -- other jar should not be signed
+VALUES EMC.GETSIGNERS('org.apache.derbyTesting.databaseclassloader.addon.vendor.util');
+1                                                                                       
                                       
+--------------------------------------------------------------------------------------------------------------------------------
+NULL                                                                                    
                                       
+ij> -- replace with a hacked jar file, emc.class modified to diable
+-- valid e-mail address check but using same signatures.
+-- ie direct replacement of the .class file.
+CALL SQLJ.REPLACE_JAR('file:dcl_emc2sm.jar', 'EMC.MAIL_APP');
+0 rows inserted/updated/deleted
+ij> CALL EMC.ADDCONTACT(99, 'spamking@cracker.org');
+ERROR 42X51: The class 'org.apache.derbyTesting.databaseclassloader.emc' does not exist or
is inaccessible. This can happen if the class is not public.
+ERROR XJ001: Java exception: 'org.apache.derbyTesting.databaseclassloader.emc : Security
exception thrown accessing class org.apache.derbyTesting.databaseclassloader.emc in jar "EMC"."MAIL_APP"
: SHA1 digest error for org/apache/derbyTesting/databaseclassloader/emc.class: java.lang.ClassNotFoundException'.
+ij> -- replace with a hacked jar file, emc.class modified to 
+-- be an invalid jar file (no signing on this jar).
+CALL SQLJ.REPLACE_JAR('file:dcl_emc2l.jar', 'EMC.MAIL_APP');
+0 rows inserted/updated/deleted
+ij> CALL EMC.ADDCONTACT(999, 'spamking2@cracker.org');
+ERROR 42X51: The class 'org.apache.derbyTesting.databaseclassloader.emc' does not exist or
is inaccessible. This can happen if the class is not public.
+ERROR XJ001: Java exception: 'org.apache.derbyTesting.databaseclassloader.emc : org/apache/derbyTesting/databaseclassloader/emc
(Unsupported major.minor version 32558.32639): java.lang.ClassNotFoundException'.
 ij> -- cleanup
 CALL SQLJ.REMOVE_JAR('EMC.MAIL_APP', 0);
 ERROR X0X07: Cannot drop jar file '"EMC"."MAIL_APP"' because its on your db2j.database.classpath
'"EMC"."MAIL_APP"'.
@@ -108,6 +155,8 @@
 ij> CALL SQLJ.REMOVE_JAR('EMC.MAIL_APP', 0);
 0 rows inserted/updated/deleted
 ij> DROP PROCEDURE EMC.ADDCONTACT;
+0 rows inserted/updated/deleted
+ij> DROP FUNCTION EMC.GETSIGNERS;
 0 rows inserted/updated/deleted
 ij> select e_mail, "emcAddOn".VALIDCONTACT(e_mail) from EMC.CONTACTS;
 E_MAIL                        |2     

Added: db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/master/jdk15/dcl.out
URL: http://svn.apache.org/viewcvs/db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/master/jdk15/dcl.out?rev=230183&view=auto
==============================================================================
--- db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/master/jdk15/dcl.out
(added)
+++ db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/master/jdk15/dcl.out
Thu Aug  4 17:30:40 2005
@@ -0,0 +1,180 @@
+ij> -- test database class loading.
+create schema emc;
+0 rows inserted/updated/deleted
+ij> set schema emc;
+0 rows inserted/updated/deleted
+ij> create table contacts (id int primary key, e_mail varchar(30));
+0 rows inserted/updated/deleted
+ij> create procedure EMC.ADDCONTACT(id INT, e_mail VARCHAR(30))
+MODIFIES SQL DATA
+external name 'org.apache.derbyTesting.databaseclassloader.emc.addContact'
+language java parameter style java;
+0 rows inserted/updated/deleted
+ij> -- fails because no class in classpath, 
+CALL EMC.ADDCONTACT(1, 'bill@somecompany.com');
+ERROR 42X51: The class 'org.apache.derbyTesting.databaseclassloader.emc' does not exist or
is inaccessible. This can happen if the class is not public.
+ERROR XJ001: Java exception: 'org.apache.derbyTesting.databaseclassloader.emc: java.lang.ClassNotFoundException'.
+ij> -- install the jar, copied there by the magic of supportfiles
+-- in the test harness (dcl_app.properties). The source for
+-- the class is contained within the jar for reference.
+CALL SQLJ.INSTALL_JAR('file:dcl_emc1.jar', 'EMC.MAIL_APP', 0);
+0 rows inserted/updated/deleted
+ij> -- fails because no class not in classpath, jar file not in database classpath.
+CALL EMC.ADDCONTACT(1, 'bill@somecompany.com');
+ERROR 42X51: The class 'org.apache.derbyTesting.databaseclassloader.emc' does not exist or
is inaccessible. This can happen if the class is not public.
+ERROR XJ001: Java exception: 'org.apache.derbyTesting.databaseclassloader.emc: java.lang.ClassNotFoundException'.
+ij> -- now add this into the database class path
+call SYSCS_UTIL.SYSCS_SET_DATABASE_PROPERTY('derby.database.classpath', 'EMC.MAIL_APP');
+0 rows inserted/updated/deleted
+ij> -- all should work now
+CALL EMC.ADDCONTACT(1, 'bill@ruletheworld.com');
+0 rows inserted/updated/deleted
+ij> CALL EMC.ADDCONTACT(2, 'penguin@antartic.com');
+0 rows inserted/updated/deleted
+ij> SELECT id, e_mail from EMC.CONTACTS;
+ID         |E_MAIL                        
+------------------------------------------
+1          |bill@ruletheworld.com         
+2          |penguin@antartic.com          
+ij> -- now the application needs to track if e-mails are valid
+ALTER TABLE EMC.CONTACTS ADD COLUMN OK SMALLINT;
+0 rows inserted/updated/deleted
+ij> SELECT id, e_mail, ok from EMC.CONTACTS;
+ID         |E_MAIL                        |OK    
+-------------------------------------------------
+1          |bill@ruletheworld.com         |NULL  
+2          |penguin@antartic.com          |NULL  
+ij> -- well written application, INSERT used explicit column names
+-- ok defaults to NULL
+CALL EMC.ADDCONTACT(3, 'big@blue.com');
+0 rows inserted/updated/deleted
+ij> SELECT id, e_mail, ok from EMC.CONTACTS;
+ID         |E_MAIL                        |OK    
+-------------------------------------------------
+1          |bill@ruletheworld.com         |NULL  
+2          |penguin@antartic.com          |NULL  
+3          |big@blue.com                  |NULL  
+ij> -- now change the application to run checks on the e-mail
+-- address to ensure it is valid (in this case by seeing if
+-- simply includes 'spam' in the title.
+CALL SQLJ.REPLACE_JAR('file:dcl_emc2.jar', 'EMC.MAIL_APP');
+0 rows inserted/updated/deleted
+ij> CALL EMC.ADDCONTACT(4, 'spammer@ripoff.com');
+0 rows inserted/updated/deleted
+ij> CALL EMC.ADDCONTACT(5, 'open@source.org');
+0 rows inserted/updated/deleted
+ij> SELECT id, e_mail, ok from EMC.CONTACTS;
+ID         |E_MAIL                        |OK    
+-------------------------------------------------
+1          |bill@ruletheworld.com         |NULL  
+2          |penguin@antartic.com          |NULL  
+3          |big@blue.com                  |NULL  
+4          |spammer@ripoff.com            |0     
+5          |open@source.org               |1     
+ij> -- now add another jar in to test two jars and
+-- a quoted identifer for the jar names.
+create schema "emcAddOn";
+0 rows inserted/updated/deleted
+ij> set schema emcAddOn;
+ERROR 42Y07: Schema 'EMCADDON' does not exist
+ij> set schema "emcAddOn";
+0 rows inserted/updated/deleted
+ij> create function "emcAddOn".VALIDCONTACT(e_mail VARCHAR(30))
+RETURNS SMALLINT
+READS SQL DATA
+external name 'org.apache.derbyTesting.databaseclassloader.addon.vendor.util.valid'
+language java parameter style java;
+0 rows inserted/updated/deleted
+ij> CALL SQLJ.INSTALL_JAR('file:dcl_emcaddon.jar', '"emcAddOn"."MailAddOn"', 0);
+0 rows inserted/updated/deleted
+ij> call SYSCS_UTIL.SYSCS_SET_DATABASE_PROPERTY('derby.database.classpath', 'EMC.MAIL_APP:"emcAddOn"."MailAddOn"');
+0 rows inserted/updated/deleted
+ij> select e_mail, "emcAddOn".VALIDCONTACT(e_mail) from EMC.CONTACTS;
+E_MAIL                        |2     
+-------------------------------------
+bill@ruletheworld.com         |0     
+penguin@antartic.com          |0     
+big@blue.com                  |0     
+spammer@ripoff.com            |0     
+open@source.org               |1     
+ij> -- function that gets the signers of the class (loaded from the jar)
+create function EMC.GETSIGNERS(CLASS_NAME VARCHAR(256))
+RETURNS VARCHAR(60)
+NO SQL
+external name 'org.apache.derbyTesting.databaseclassloader.emc.getSigners'
+language java parameter style java;
+0 rows inserted/updated/deleted
+ij> -- at this point the jar is not signed, NULL expected
+VALUES EMC.GETSIGNERS('org.apache.derbyTesting.databaseclassloader.emc');
+1                                                                                       
                                       
+--------------------------------------------------------------------------------------------------------------------------------
+NULL                                                                                    
                                       
+ij> -- Replace with a signed jar
+-- (self signed certificate)
+--
+-- Commands used to sign jar
+-- keytool -genkey -dname "cn=EMC CTO, ou=EMC APP, o=Easy Mail Company, c=US" -alias emccto
-keypass kpi135 -keystore emcks -storepass ab987c
+-- keytool -selfcert -alias emccto -keypass kpi135 -keystore emcks -storepass ab987c
+-- jarsigner -keystore emcks -storepass ab987c -keypass kpi135 -signedjar dcl_emc2s.jar dcl_emc2.jar
emccto
+--
+--
+CALL SQLJ.REPLACE_JAR('file:dcl_emc2s.jar', 'EMC.MAIL_APP');
+0 rows inserted/updated/deleted
+ij> VALUES EMC.GETSIGNERS('org.apache.derbyTesting.databaseclassloader.emc');
+1                                                                                       
                                       
+--------------------------------------------------------------------------------------------------------------------------------
+CN=EMC CTO, OU=EMC APP, O=Easy Mail Company, C=US                                       
                                       
+ij> -- other jar should not be signed
+VALUES EMC.GETSIGNERS('org.apache.derbyTesting.databaseclassloader.addon.vendor.util');
+1                                                                                       
                                       
+--------------------------------------------------------------------------------------------------------------------------------
+NULL                                                                                    
                                       
+ij> -- replace with a hacked jar file, emc.class modified to diable
+-- valid e-mail address check but using same signatures.
+-- ie direct replacement of the .class file.
+CALL SQLJ.REPLACE_JAR('file:dcl_emc2sm.jar', 'EMC.MAIL_APP');
+0 rows inserted/updated/deleted
+ij> CALL EMC.ADDCONTACT(99, 'spamking@cracker.org');
+ERROR 42X51: The class 'org.apache.derbyTesting.databaseclassloader.emc' does not exist or
is inaccessible. This can happen if the class is not public.
+ERROR XJ001: Java exception: 'org.apache.derbyTesting.databaseclassloader.emc : Security
exception thrown accessing class org.apache.derbyTesting.databaseclassloader.emc in jar "EMC"."MAIL_APP"
: SHA1 digest error for org/apache/derbyTesting/databaseclassloader/emc.class: java.lang.ClassNotFoundException'.
+ij> -- replace with a hacked jar file, emc.class modified to 
+-- be an invalid jar file (no signing on this jar).
+CALL SQLJ.REPLACE_JAR('file:dcl_emc2l.jar', 'EMC.MAIL_APP');
+0 rows inserted/updated/deleted
+ij> CALL EMC.ADDCONTACT(999, 'spamking2@cracker.org');
+ERROR 42X51: The class 'org.apache.derbyTesting.databaseclassloader.emc' does not exist or
is inaccessible. This can happen if the class is not public.
+ERROR XJ001: Java exception: 'org.apache.derbyTesting.databaseclassloader.emc : Bad version
number in .class file: java.lang.ClassNotFoundException'.
+ij> -- cleanup
+CALL SQLJ.REMOVE_JAR('EMC.MAIL_APP', 0);
+ERROR X0X07: Cannot drop jar file '"EMC"."MAIL_APP"' because its on your db2j.database.classpath
'"EMC"."MAIL_APP"'.
+ij> call SYSCS_UTIL.SYSCS_SET_DATABASE_PROPERTY('derby.database.classpath', '"emcAddOn"."MailAddOn"');
+0 rows inserted/updated/deleted
+ij> CALL EMC.ADDCONTACT(99, 'cash@venture.com');
+ERROR 42X51: The class 'org.apache.derbyTesting.databaseclassloader.emc' does not exist or
is inaccessible. This can happen if the class is not public.
+ERROR XJ001: Java exception: 'org.apache.derbyTesting.databaseclassloader.emc: java.lang.ClassNotFoundException'.
+ij> CALL SQLJ.REMOVE_JAR('EMC.MAIL_APP', 0);
+0 rows inserted/updated/deleted
+ij> DROP PROCEDURE EMC.ADDCONTACT;
+0 rows inserted/updated/deleted
+ij> DROP FUNCTION EMC.GETSIGNERS;
+0 rows inserted/updated/deleted
+ij> select e_mail, "emcAddOn".VALIDCONTACT(e_mail) from EMC.CONTACTS;
+E_MAIL                        |2     
+-------------------------------------
+bill@ruletheworld.com         |0     
+penguin@antartic.com          |0     
+big@blue.com                  |0     
+spammer@ripoff.com            |0     
+open@source.org               |1     
+ij> call SYSCS_UTIL.SYSCS_SET_DATABASE_PROPERTY('derby.database.classpath', '');
+0 rows inserted/updated/deleted
+ij> select e_mail, "emcAddOn".VALIDCONTACT(e_mail) from EMC.CONTACTS;
+ERROR 42X51: The class 'org.apache.derbyTesting.databaseclassloader.addon.vendor.util' does
not exist or is inaccessible. This can happen if the class is not public.
+ERROR XJ001: Java exception: 'org.apache.derbyTesting.databaseclassloader.addon.vendor.util:
java.lang.ClassNotFoundException'.
+ij> CALL SQLJ.REMOVE_JAR('"emcAddOn"."MailAddOn"', 0);
+0 rows inserted/updated/deleted
+ij> DROP FUNCTION "emcAddOn".VALIDCONTACT;
+0 rows inserted/updated/deleted
+ij> DROP TABLE EMC.CONTACTS;
+0 rows inserted/updated/deleted
+ij> 

Propchange: db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/master/jdk15/dcl.out
------------------------------------------------------------------------------
    svn:eol-style = native

Modified: db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/lang/copyfiles.ant
URL: http://svn.apache.org/viewcvs/db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/lang/copyfiles.ant?rev=230183&r1=230182&r2=230183&view=diff
==============================================================================
--- db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/lang/copyfiles.ant
(original)
+++ db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/lang/copyfiles.ant
Thu Aug  4 17:30:40 2005
@@ -53,6 +53,9 @@
 dcl_app.properties
 dcl_emc1.jar
 dcl_emc2.jar
+dcl_emc2l.jar
+dcl_emc2s.jar
+dcl_emc2sm.jar
 dcl_emcaddon.jar
 ddlTableLockMode.sql
 ddlTableLockMode_app.properties

Modified: db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/lang/dcl.sql
URL: http://svn.apache.org/viewcvs/db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/lang/dcl.sql?rev=230183&r1=230182&r2=230183&view=diff
==============================================================================
--- db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/lang/dcl.sql
(original)
+++ db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/lang/dcl.sql
Thu Aug  4 17:30:40 2005
@@ -67,6 +67,43 @@
 
 select e_mail, "emcAddOn".VALIDCONTACT(e_mail) from EMC.CONTACTS;
 
+-- function that gets the signers of the class (loaded from the jar)
+create function EMC.GETSIGNERS(CLASS_NAME VARCHAR(256))
+RETURNS VARCHAR(60)
+NO SQL
+external name 'org.apache.derbyTesting.databaseclassloader.emc.getSigners'
+language java parameter style java;
+
+-- at this point the jar is not signed, NULL expected
+VALUES EMC.GETSIGNERS('org.apache.derbyTesting.databaseclassloader.emc');
+
+-- Replace with a signed jar
+-- (self signed certificate)
+--
+-- Commands used to sign jar
+-- keytool -genkey -dname "cn=EMC CTO, ou=EMC APP, o=Easy Mail Company, c=US" -alias emccto
-keypass kpi135 -keystore emcks -storepass ab987c
+-- keytool -selfcert -alias emccto -keypass kpi135 -keystore emcks -storepass ab987c
+-- jarsigner -keystore emcks -storepass ab987c -keypass kpi135 -signedjar dcl_emc2s.jar dcl_emc2.jar
emccto
+--
+--
+
+CALL SQLJ.REPLACE_JAR('file:dcl_emc2s.jar', 'EMC.MAIL_APP');
+VALUES EMC.GETSIGNERS('org.apache.derbyTesting.databaseclassloader.emc');
+
+-- other jar should not be signed
+VALUES EMC.GETSIGNERS('org.apache.derbyTesting.databaseclassloader.addon.vendor.util');
+
+-- replace with a hacked jar file, emc.class modified to diable
+-- valid e-mail address check but using same signatures.
+-- ie direct replacement of the .class file.
+CALL SQLJ.REPLACE_JAR('file:dcl_emc2sm.jar', 'EMC.MAIL_APP');
+CALL EMC.ADDCONTACT(99, 'spamking@cracker.org');
+
+-- replace with a hacked jar file, emc.class modified to 
+-- be an invalid jar file (no signing on this jar).
+CALL SQLJ.REPLACE_JAR('file:dcl_emc2l.jar', 'EMC.MAIL_APP');
+CALL EMC.ADDCONTACT(999, 'spamking2@cracker.org');
+
 
 -- cleanup
 CALL SQLJ.REMOVE_JAR('EMC.MAIL_APP', 0);
@@ -74,6 +111,7 @@
 CALL EMC.ADDCONTACT(99, 'cash@venture.com');
 CALL SQLJ.REMOVE_JAR('EMC.MAIL_APP', 0);
 DROP PROCEDURE EMC.ADDCONTACT;
+DROP FUNCTION EMC.GETSIGNERS;
 
 select e_mail, "emcAddOn".VALIDCONTACT(e_mail) from EMC.CONTACTS;
 call SYSCS_UTIL.SYSCS_SET_DATABASE_PROPERTY('derby.database.classpath', '');

Modified: db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/lang/dcl_app.properties
URL: http://svn.apache.org/viewcvs/db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/lang/dcl_app.properties?rev=230183&r1=230182&r2=230183&view=diff
==============================================================================
--- db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/lang/dcl_app.properties
(original)
+++ db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/lang/dcl_app.properties
Thu Aug  4 17:30:40 2005
@@ -1,4 +1,4 @@
 usedefaults=true
-supportfiles=tests/lang/dcl_emc1.jar,tests/lang/dcl_emc2.jar,tests/lang/dcl_emcaddon.jar
+supportfiles=tests/lang/dcl_emc1.jar,tests/lang/dcl_emc2.jar,tests/lang/dcl_emcaddon.jar,tests/lang/dcl_emc2s.jar,tests/lang/dcl_emc2sm.jar,tests/lang/dcl_emc2l.jar
 #Exclude for J2ME/Foundation - test requires java.sql.DriverManager for server side JDBC
 runwithfoundation=false

Modified: db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/lang/dcl_emc2.jar
URL: http://svn.apache.org/viewcvs/db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/lang/dcl_emc2.jar?rev=230183&r1=230182&r2=230183&view=diff
==============================================================================
Binary files - no diff available.

Added: db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/lang/dcl_emc2l.jar
URL: http://svn.apache.org/viewcvs/db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/lang/dcl_emc2l.jar?rev=230183&view=auto
==============================================================================
Binary file - no diff available.

Propchange: db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/lang/dcl_emc2l.jar
------------------------------------------------------------------------------
    svn:mime-type = application/octet-stream

Added: db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/lang/dcl_emc2s.jar
URL: http://svn.apache.org/viewcvs/db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/lang/dcl_emc2s.jar?rev=230183&view=auto
==============================================================================
Binary file - no diff available.

Propchange: db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/lang/dcl_emc2s.jar
------------------------------------------------------------------------------
    svn:mime-type = application/octet-stream

Added: db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/lang/dcl_emc2sm.jar
URL: http://svn.apache.org/viewcvs/db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/lang/dcl_emc2sm.jar?rev=230183&view=auto
==============================================================================
Binary file - no diff available.

Propchange: db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/lang/dcl_emc2sm.jar
------------------------------------------------------------------------------
    svn:mime-type = application/octet-stream



Mime
View raw message