harmony-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From George Harley <george.c.har...@googlemail.com>
Subject Re: [Fwd: svn commit: r376144 - /incubator/harmony/enhanced/classlib/trunk/modules/security2/make/build.xml]
Date Thu, 09 Feb 2006 14:41:20 GMT
Hi Geir,

Excellent !

Best regards,
George
IBM UK


Geir Magnusson Jr wrote:
>
>
> George Harley wrote:
>> Hi,
>>
>> Is it really the case that the BC provider jar needs to be on the 
>> boot classpath ? 
>
> Probably not.
>
> There was some discussion on this a little over a week ago
>> on this thread about the contribution of the beans, math and regex 
>> libraries. The post I want to refer to does not seem to be in the 
>> mailing list archive (!!??!) so let me copy the relevant text in-line 
>> here as I believe that what it says is important :
>>
>>
>> --- snip from dev-list append of 1st Feb 2006 by 
>> george.c.harley@googlemail.com ---
>>
>> Just to clarify your clarification of the question of current Harmony 
>> behaviour ...
>>
>> (A) With the current Harmony build it looks like there is *no 
>> attempt* to verify the signature of a signed jar file that has been 
>> placed on the bootclasspath. I know this because I took a signed BC 
>> provider jar (as downloaded from http://www.bouncycastle.org), 
>> deliberately tampered with the .SF file in the META-INF folder by 
>> removing a few lines, then added the modified jar to the 
>> bootclasspath of a simple program that listed the algorithms 
>> supported by the BC provider. Everything worked fine.
>>
>> (B) With the current Harmony build it looks like an attempt is made 
>> at verifying the signature of a signed jar in the jre/lib/ext 
>> directory. The attempt fails because it involves trying to use 
>> functionality exported by the jar currently being verified and so 
>> opens up a whole problem with cycles.
>> To my mind, (B) is a definite bug that would be fixed by having a 
>> default Harmony provider. The result of my little bit of playing with 
>> (A) just reinforces the argument that relying on the bootclasspath to 
>> load your third party providers is not er ... secure.
>
> That's obvious.  We just have to fix it.
>
>>
>>
>> --- end of snip from dev-list append of 1st Feb 2006 by 
>> george.c.harley@googlemail.com ---
>>
>>
>> Best regards,
>> George
>> IBM UK
>>
>>
>> Geir Magnusson Jr wrote:
>>>
>>>
>>> Tim Ellison wrote:
>>>> Arghhh!
>>>>
>>>> make it stop
>>>>
>>>>> From below:
>>>>  -Xbootclasspath/a:${build.path}/tests${path.separator}${env.CLASSPATH} 
>>>>
>>>>
>>>>
>>>> putting the CLASSPATH onto the bootclasspath.  What are you smokin' ?!
>>>
>>> That was the patch :)
>>>
>>> All that really is supposed to do is get junit and bcprov there.  
>>> I'll move.
>>>
>>> geir
>>>
>>>>
>>>>
>>>> [ I know you are fixing this stuff, but I needed to vent ]
>>>>
>>>>
>>>> -------- Original Message --------
>>>> Subject: svn commit: r376144 -
>>>> /incubator/harmony/enhanced/classlib/trunk/modules/security2/make/build.xml

>>>>
>>>> Date: Thu, 09 Feb 2006 01:44:21 -0000
>>>> From: geirm@apache.org
>>>> Reply-To: harmony-dev@incubator.apache.org
>>>> To: harmony-commits@incubator.apache.org
>>>>
>>>> Author: geirm
>>>> Date: Wed Feb  8 17:44:19 2006
>>>> New Revision: 376144
>>>>
>>>> URL: http://svn.apache.org/viewcvs?rev=376144&view=rev
>>>> Log:
>>>> put the bootclasspath stuff back for classlib tests
>>>> because as I'm renaming some tests, it appears that
>>>> when things reordered, tests broke.  On a lark, I put
>>>> it back, and things work.  Scary.
>>>>
>>>> Will investigate further, but wanted to fix so tests run
>>>>
>>>> Also, changed one of the exclusion lists due to renaming.
>>>>
>>>>
>>>> Modified:
>>>>
>>>> incubator/harmony/enhanced/classlib/trunk/modules/security2/make/build.xml

>>>>
>>>>
>>>> Modified:
>>>> incubator/harmony/enhanced/classlib/trunk/modules/security2/make/build.xml

>>>>
>>>> URL:
>>>> http://svn.apache.org/viewcvs/incubator/harmony/enhanced/classlib/trunk/modules/security2/make/build.xml?rev=376144&r1=376143&r2=376144&view=diff

>>>>
>>>> ==============================================================================

>>>>
>>>> ---
>>>> incubator/harmony/enhanced/classlib/trunk/modules/security2/make/build.xml

>>>>
>>>> (original)
>>>> +++
>>>> incubator/harmony/enhanced/classlib/trunk/modules/security2/make/build.xml

>>>>
>>>> Wed Feb  8 17:44:19 2006
>>>> @@ -499,6 +499,8 @@
>>>>              <env key="JAVA_HOME" value="${vm.home}"/>
>>>>
>>>>              <!-- to pick up junit.jar and bouncycastle.jar -->
>>>> +            <jvmarg
>>>> value="-Xbootclasspath/p:${build.jars.path}/crypto.jar${path.separator}${build.jars.path}/x_net.jar"/>

>>>>
>>>> +
>>>>              <jvmarg
>>>> value="-Xbootclasspath/a:${build.path}/tests${path.separator}${env.CLASSPATH}"/>

>>>>
>>>>
>>>>              <jvmarg
>>>> value="-Djava.security.properties==${build.lib.path}/security/java.security"/>

>>>>
>>>> @@ -518,7 +520,7 @@
>>>>                      <exclude 
>>>> name="org/apache/harmony/security/test/**"/>
>>>>                                          <!-- Harmony exclude list -->
>>>> -                    <exclude
>>>> name="java/security/AlgorithmParameterGeneratorTest1.java"/>
>>>> +                    <exclude
>>>> name="java/security/AlgorithmParameterGenerator1Test.java"/>
>>>>                      <exclude 
>>>> name="java/security/KSBuilderTest.java"/>
>>>>                      <exclude 
>>>> name="java/security/KeyPairGeneratorTest1.java"/>
>>>>                      <exclude 
>>>> name="java/security/KeyPairGeneratorTest3.java"/>
>>>>
>>>>
>>>>
>>>>
>>>
>>
>>
>


Mime
View raw message