harmony-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From George Harley <george.c.har...@googlemail.com>
Subject Re: [Fwd: svn commit: r376144 - /incubator/harmony/enhanced/classlib/trunk/modules/security2/make/build.xml]
Date Thu, 09 Feb 2006 14:00:15 GMT
Hi,

Is it really the case that the BC provider jar needs to be on the boot 
classpath ? There was some discussion on this a little over a week ago 
on this thread about the contribution of the beans, math and regex 
libraries. The post I want to refer to does not seem to be in the 
mailing list archive (!!??!) so let me copy the relevant text in-line 
here as I believe that what it says is important :


--- snip from dev-list append of 1st Feb 2006 by 
george.c.harley@googlemail.com ---

Just to clarify your clarification of the question of current Harmony 
behaviour ...

(A) With the current Harmony build it looks like there is *no attempt* 
to verify the signature of a signed jar file that has been placed on the 
bootclasspath. I know this because I took a signed BC provider jar (as 
downloaded from http://www.bouncycastle.org), deliberately tampered with 
the .SF file in the META-INF folder by removing a few lines, then added 
the modified jar to the bootclasspath of a simple program that listed 
the algorithms supported by the BC provider. Everything worked fine.

(B) With the current Harmony build it looks like an attempt is made at 
verifying the signature of a signed jar in the jre/lib/ext directory. 
The attempt fails because it involves trying to use functionality 
exported by the jar currently being verified and so opens up a whole 
problem with cycles.
To my mind, (B) is a definite bug that would be fixed by having a 
default Harmony provider. The result of my little bit of playing with 
(A) just reinforces the argument that relying on the bootclasspath to 
load your third party providers is not er ... secure.


--- end of snip from dev-list append of 1st Feb 2006 by 
george.c.harley@googlemail.com ---


Best regards,
George
IBM UK


Geir Magnusson Jr wrote:
>
>
> Tim Ellison wrote:
>> Arghhh!
>>
>> make it stop
>>
>>> From below:
>>  -Xbootclasspath/a:${build.path}/tests${path.separator}${env.CLASSPATH}
>>
>>
>> putting the CLASSPATH onto the bootclasspath.  What are you smokin' ?!
>
> That was the patch :)
>
> All that really is supposed to do is get junit and bcprov there.  I'll 
> move.
>
> geir
>
>>
>>
>> [ I know you are fixing this stuff, but I needed to vent ]
>>
>>
>> -------- Original Message --------
>> Subject: svn commit: r376144 -
>> /incubator/harmony/enhanced/classlib/trunk/modules/security2/make/build.xml 
>>
>> Date: Thu, 09 Feb 2006 01:44:21 -0000
>> From: geirm@apache.org
>> Reply-To: harmony-dev@incubator.apache.org
>> To: harmony-commits@incubator.apache.org
>>
>> Author: geirm
>> Date: Wed Feb  8 17:44:19 2006
>> New Revision: 376144
>>
>> URL: http://svn.apache.org/viewcvs?rev=376144&view=rev
>> Log:
>> put the bootclasspath stuff back for classlib tests
>> because as I'm renaming some tests, it appears that
>> when things reordered, tests broke.  On a lark, I put
>> it back, and things work.  Scary.
>>
>> Will investigate further, but wanted to fix so tests run
>>
>> Also, changed one of the exclusion lists due to renaming.
>>
>>
>> Modified:
>>
>> incubator/harmony/enhanced/classlib/trunk/modules/security2/make/build.xml 
>>
>>
>> Modified:
>> incubator/harmony/enhanced/classlib/trunk/modules/security2/make/build.xml 
>>
>> URL:
>> http://svn.apache.org/viewcvs/incubator/harmony/enhanced/classlib/trunk/modules/security2/make/build.xml?rev=376144&r1=376143&r2=376144&view=diff

>>
>> ============================================================================== 
>>
>> ---
>> incubator/harmony/enhanced/classlib/trunk/modules/security2/make/build.xml 
>>
>> (original)
>> +++
>> incubator/harmony/enhanced/classlib/trunk/modules/security2/make/build.xml 
>>
>> Wed Feb  8 17:44:19 2006
>> @@ -499,6 +499,8 @@
>>              <env key="JAVA_HOME" value="${vm.home}"/>
>>
>>              <!-- to pick up junit.jar and bouncycastle.jar -->
>> +            <jvmarg
>> value="-Xbootclasspath/p:${build.jars.path}/crypto.jar${path.separator}${build.jars.path}/x_net.jar"/>

>>
>> +
>>              <jvmarg
>> value="-Xbootclasspath/a:${build.path}/tests${path.separator}${env.CLASSPATH}"/>

>>
>>
>>              <jvmarg
>> value="-Djava.security.properties==${build.lib.path}/security/java.security"/>

>>
>> @@ -518,7 +520,7 @@
>>                      <exclude 
>> name="org/apache/harmony/security/test/**"/>
>>                     
>>                      <!-- Harmony exclude list -->
>> -                    <exclude
>> name="java/security/AlgorithmParameterGeneratorTest1.java"/>
>> +                    <exclude
>> name="java/security/AlgorithmParameterGenerator1Test.java"/>
>>                      <exclude name="java/security/KSBuilderTest.java"/>
>>                      <exclude 
>> name="java/security/KeyPairGeneratorTest1.java"/>
>>                      <exclude 
>> name="java/security/KeyPairGeneratorTest3.java"/>
>>
>>
>>
>>
>


-- 
IBM UK


Mime
View raw message