harmony-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Gregory Shimansky <gshiman...@gmail.com>
Subject [drlvm] Signed jars cannot be used in classpath
Date Fri, 30 Jun 2006 22:59:50 GMT
Hello

Today I've found the reason of why drlvm currently cannot use jar files signed 
with jarsigner in classpath. When it is done it throws "SecurityException: 
K00ec" :) . The reason is that SHA1 provider cannot be found by security API 
to check the signature.

It cannot be found because now bootclasspath.properties is taken from classlib 
and it does not mention bcprov-jdk14-129.jar where this provider should be 
found. As a workaround this jar file may be added to bootclasspath, but this 
is not really correct.

The class of SHA1 provider org.bouncycastle.jce.provider.JDKMessageDigest$SHA1 
shouldn't really appear in bootclasspath because security provider is an 
extension and should be loaded by an extension class loader, not bootstrap. 
This is AFAIK something that drlvm doesn't have in kernel classes at the 
moment. I think the correct way to fix the problem would be to add one and 
invoke it somehow... but I don't really know the subtleties of classloader 
hierarchy so I am not sure how and when it should be invoked.

The workaround like adding bcprov-jdk14-129.jar to bootclasspath is not 
enough, the directory lib/boot/security has to be copied from classlib as 
well or security engine cannot find the provider. This is pretty simple to 
fix I think.

One more interesting thing is that first after clean rebuild of drlvm I 
had "SecurityException: K00ec" thrown. But after several incremental rebuilds 
when I just changed classlib and rebuilt drlvm to copy changed jar files to 
its deploy directory the exception appeared to have a normal message like

java.lang.SecurityException: META-INF/TESTKEY.SF has invalid digest for 
Hello.class in /home/gregory/work/tests/Hello.jar

So some resources don't appear in drlvm deploy dir by default, but I couldn't 
find which files make the difference. This is something to be fixed 
separately.

-- 
Gregory Shimansky, Intel Middleware Products Division

---------------------------------------------------------------------
Terms of use : http://incubator.apache.org/harmony/mailing.html
To unsubscribe, e-mail: harmony-dev-unsubscribe@incubator.apache.org
For additional commands, e-mail: harmony-dev-help@incubator.apache.org


Mime
View raw message