harmony-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Geir Magnusson Jr <g...@pobox.com>
Subject Re: [Fwd: svn commit: r376144 - /incubator/harmony/enhanced/classlib/trunk/modules/security2/make/build.xml]
Date Thu, 09 Feb 2006 14:32:11 GMT


George Harley wrote:
> Hi,
> 
> Is it really the case that the BC provider jar needs to be on the boot 
> classpath ? 

Probably not.

There was some discussion on this a little over a week ago
> on this thread about the contribution of the beans, math and regex 
> libraries. The post I want to refer to does not seem to be in the 
> mailing list archive (!!??!) so let me copy the relevant text in-line 
> here as I believe that what it says is important :
> 
> 
> --- snip from dev-list append of 1st Feb 2006 by 
> george.c.harley@googlemail.com ---
> 
> Just to clarify your clarification of the question of current Harmony 
> behaviour ...
> 
> (A) With the current Harmony build it looks like there is *no attempt* 
> to verify the signature of a signed jar file that has been placed on the 
> bootclasspath. I know this because I took a signed BC provider jar (as 
> downloaded from http://www.bouncycastle.org), deliberately tampered with 
> the .SF file in the META-INF folder by removing a few lines, then added 
> the modified jar to the bootclasspath of a simple program that listed 
> the algorithms supported by the BC provider. Everything worked fine.
> 
> (B) With the current Harmony build it looks like an attempt is made at 
> verifying the signature of a signed jar in the jre/lib/ext directory. 
> The attempt fails because it involves trying to use functionality 
> exported by the jar currently being verified and so opens up a whole 
> problem with cycles.
> To my mind, (B) is a definite bug that would be fixed by having a 
> default Harmony provider. The result of my little bit of playing with 
> (A) just reinforces the argument that relying on the bootclasspath to 
> load your third party providers is not er ... secure.

That's obvious.  We just have to fix it.

> 
> 
> --- end of snip from dev-list append of 1st Feb 2006 by 
> george.c.harley@googlemail.com ---
> 
> 
> Best regards,
> George
> IBM UK
> 
> 
> Geir Magnusson Jr wrote:
>>
>>
>> Tim Ellison wrote:
>>> Arghhh!
>>>
>>> make it stop
>>>
>>>> From below:
>>>  -Xbootclasspath/a:${build.path}/tests${path.separator}${env.CLASSPATH}
>>>
>>>
>>> putting the CLASSPATH onto the bootclasspath.  What are you smokin' ?!
>>
>> That was the patch :)
>>
>> All that really is supposed to do is get junit and bcprov there.  I'll 
>> move.
>>
>> geir
>>
>>>
>>>
>>> [ I know you are fixing this stuff, but I needed to vent ]
>>>
>>>
>>> -------- Original Message --------
>>> Subject: svn commit: r376144 -
>>> /incubator/harmony/enhanced/classlib/trunk/modules/security2/make/build.xml 
>>>
>>> Date: Thu, 09 Feb 2006 01:44:21 -0000
>>> From: geirm@apache.org
>>> Reply-To: harmony-dev@incubator.apache.org
>>> To: harmony-commits@incubator.apache.org
>>>
>>> Author: geirm
>>> Date: Wed Feb  8 17:44:19 2006
>>> New Revision: 376144
>>>
>>> URL: http://svn.apache.org/viewcvs?rev=376144&view=rev
>>> Log:
>>> put the bootclasspath stuff back for classlib tests
>>> because as I'm renaming some tests, it appears that
>>> when things reordered, tests broke.  On a lark, I put
>>> it back, and things work.  Scary.
>>>
>>> Will investigate further, but wanted to fix so tests run
>>>
>>> Also, changed one of the exclusion lists due to renaming.
>>>
>>>
>>> Modified:
>>>
>>> incubator/harmony/enhanced/classlib/trunk/modules/security2/make/build.xml 
>>>
>>>
>>> Modified:
>>> incubator/harmony/enhanced/classlib/trunk/modules/security2/make/build.xml 
>>>
>>> URL:
>>> http://svn.apache.org/viewcvs/incubator/harmony/enhanced/classlib/trunk/modules/security2/make/build.xml?rev=376144&r1=376143&r2=376144&view=diff

>>>
>>> ==============================================================================

>>>
>>> ---
>>> incubator/harmony/enhanced/classlib/trunk/modules/security2/make/build.xml 
>>>
>>> (original)
>>> +++
>>> incubator/harmony/enhanced/classlib/trunk/modules/security2/make/build.xml 
>>>
>>> Wed Feb  8 17:44:19 2006
>>> @@ -499,6 +499,8 @@
>>>              <env key="JAVA_HOME" value="${vm.home}"/>
>>>
>>>              <!-- to pick up junit.jar and bouncycastle.jar -->
>>> +            <jvmarg
>>> value="-Xbootclasspath/p:${build.jars.path}/crypto.jar${path.separator}${build.jars.path}/x_net.jar"/>

>>>
>>> +
>>>              <jvmarg
>>> value="-Xbootclasspath/a:${build.path}/tests${path.separator}${env.CLASSPATH}"/>

>>>
>>>
>>>              <jvmarg
>>> value="-Djava.security.properties==${build.lib.path}/security/java.security"/>

>>>
>>> @@ -518,7 +520,7 @@
>>>                      <exclude 
>>> name="org/apache/harmony/security/test/**"/>
>>>                                          <!-- Harmony exclude list -->
>>> -                    <exclude
>>> name="java/security/AlgorithmParameterGeneratorTest1.java"/>
>>> +                    <exclude
>>> name="java/security/AlgorithmParameterGenerator1Test.java"/>
>>>                      <exclude name="java/security/KSBuilderTest.java"/>
>>>                      <exclude 
>>> name="java/security/KeyPairGeneratorTest1.java"/>
>>>                      <exclude 
>>> name="java/security/KeyPairGeneratorTest3.java"/>
>>>
>>>
>>>
>>>
>>
> 
> 

Mime
View raw message