harmony-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Leo Li (JIRA)" <j...@apache.org>
Subject [jira] Commented: (HARMONY-3939) [classlib][security] Security providers are initialized on first request
Date Tue, 29 May 2007 03:34:15 GMT

    [ https://issues.apache.org/jira/browse/HARMONY-3939?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12499672

Leo Li commented on HARMONY-3939:

After some studying I found that the problem is BouncyCastleProvider.addMappings does not
have the priviledge to call java.security.Provider.put(Object, Object). Here is the stacktrace:

	at java.lang.J9VMInternals.initialize(J9VMInternals.java:195)
	at org.apache.harmony.security.fortress.Engine.getInstance(Engine.java:91)
	at java.security.AlgorithmParameters.getInstance(AlgorithmParameters.java:90)
	at Test.main(Test.java:8)
Caused by: java.security.AccessControlException: Access denied (java.security.SecurityPermission
	at java.security.AccessController.checkPermission(AccessController.java:94)
	at java.lang.SecurityManager.checkPermission(SecurityManager.java:746)
	at java.lang.SecurityManager.checkSecurityAccess(SecurityManager.java:422)
	at java.security.Provider.put(Provider.java:236)
	at org.bouncycastle.jce.provider.BouncyCastleProvider.addMappings(Unknown Source)
	at org.bouncycastle.jce.provider.BouncyCastleProvider.<init>(Unknown Source)
	at java.lang.Class.newInstanceImpl(Native Method)
	at java.lang.Class.newInstance(Class.java:1250)
	at org.apache.harmony.security.fortress.Services.loadProviders(Services.java:84)
	at org.apache.harmony.security.fortress.Services.access$0(Services.java:73)
	at org.apache.harmony.security.fortress.Services$1.run(Services.java:66)
	at java.security.AccessController.doPrivileged(AccessController.java:179)
	at org.apache.harmony.security.fortress.Services.<clinit>(Services.java:64)
	at java.lang.J9VMInternals.initializeImpl(Native Method)
	at java.lang.J9VMInternals.initialize(J9VMInternals.java:177)
	... 3 more

Harmony has such problem is that all the functions of bouncy castle reside in those classes
in ext while RI, only those related to JCE is put in ext and other classes are in boot jars
which have higher priviledges than former.

So if possible, part of the classes in bcprov.jar should be moved to boot directory of harmony.

> [classlib][security] Security providers are initialized on first request
> ------------------------------------------------------------------------
>                 Key: HARMONY-3939
>                 URL: https://issues.apache.org/jira/browse/HARMONY-3939
>             Project: Harmony
>          Issue Type: Bug
>          Components: Classlib
>         Environment: Windows/ia32
>            Reporter: Roman S. Bushmanov
>         Attachments: Test.java, Test1.java
> Security providers can be initialized correctly only by trusted code i.e. application
working w/out security manager or application with certain security permission granted. 
> At the same time, JavaTM Cryptography Architecture API Specification & Reference
requires  the code to be trusted only  for *dynamic* registration of provoders and no security
permissions are required to install a provider  by means of java.security file.
> To reproduce the problem please run two simple testcases on the same JRE.  These two
testcases differs in one line which ilstalls a security manager and expected output is the
> 'Test'  testcase produces on svn = r537794, (May 14 2007), Windows/ia32/msvc 1310, release
build the following output:
> while 'Test1' prints the following
> java.security.NoSuchAlgorithmException: AlgorithmParameters DSA implementation not found
>         at org.apache.harmony.security.fortress.Engine.getInstance(Engine.java:111)
>         at java.security.AlgorithmParameters.getInstance(AlgorithmParameters.java:90)
>         at Test1.main(Test1.java:9)                                                 
> On RI both testcases prints the same:
> Affected tests: 
> functional/org/apache/harmony/test/func/api/java/security/F_AlgorithmParametersTest_01/F_AlgorithmParametersTest_01.xml
> (see HARMONY-3528)

This message is automatically generated by JIRA.
You can reply to this email to add a comment to the issue online.

View raw message