harmony-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Alexey Varlamov (JIRA)" <j...@apache.org>
Subject [jira] Commented: (HARMONY-4857) [classlib][security] KeyPairGenerator.getInstance() fails because of AccessControlException
Date Wed, 07 Nov 2007 09:12:50 GMT

    [ https://issues.apache.org/jira/browse/HARMONY-4857?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12540706

Alexey Varlamov commented on HARMONY-4857:

You see, the root cause has nothing to do with policy: even though AllPermission is granted
to extension classes, there is a user class on stack (at the very bottom) and access control
rightfully denies requested SecurityPermission for it.
As I see it, as long as the provider needs some restricted resources per impl specificity
only, it should take care of excluding users' context via doPrivileged() calls. That is, bouncycastle
should be fixed.

> [classlib][security] KeyPairGenerator.getInstance() fails because of AccessControlException
> -------------------------------------------------------------------------------------------
>                 Key: HARMONY-4857
>                 URL: https://issues.apache.org/jira/browse/HARMONY-4857
>             Project: Harmony
>          Issue Type: Bug
>          Components: Classlib
>            Reporter: Andrey Pavlenko
>            Priority: Critical
>         Attachments: Test.java
> I'm not sure is it a bug or non-bug-diff, but the attached test fails on Hramony if some
permissions are not granted. This test pass on RI and also it pass on Harmony only if I grant
all permissions.
> The test fails with the following stack:
> java.security.NoSuchAlgorithmException: Signature MD4WithRSAEncryption implementation
not found:
>         at java.security.Provider$Service.newInstance(Provider.java:847)
>         at org.apache.harmony.security.fortress.Engine.getInstance(Engine.java:111)
>         at java.security.Signature.getInstance(Signature.java:98)
>         at Test.main(Test.java:53)
> Caused by: java.security.AccessControlException: Permission check failed (java.util.PropertyPermission
org.bouncycastle.pkcs1.strict read)
>         at java.security.AccessControlContext.checkPermission(Unknown Source)
>         at java.security.AccessController.checkPermission(Unknown Source)
>         at java.lang.SecurityManager.checkPermission(SecurityManager.java:746)
>         at java.lang.SecurityManager.checkPropertyAccess(SecurityManager.java:373)
>         at java.lang.System.getProperty(Unknown Source)
>         at java.lang.System.getProperty(Unknown Source)
>         at org.bouncycastle.crypto.encodings.PKCS1Encoding.useStrict(Unknown Source)
>         at org.bouncycastle.crypto.encodings.PKCS1Encoding.<init>(Unknown Source)
>         at org.bouncycastle.jce.provider.JDKDigestSignature$MD4WithRSAEncryption.<init>(Unknown
>         at java.lang.reflect.VMReflection.newClassInstance(Native Method)
>         at java.lang.reflect.Constructor.newInstance(Unknown Source)
>         at java.lang.Class.newInstance(Unknown Source)
>         at java.security.Provider$Service.newInstance(Provider.java:844)
>         at org.apache.harmony.security.fortress.Engine.getInstance(Engine.java:111)
>         ... 2 more
> Signature MD4WithRSAEncryption implementation not found:

This message is automatically generated by JIRA.
You can reply to this email to add a comment to the issue online.

View raw message