harmony-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Alexey Varlamov" <alexey.v.varla...@gmail.com>
Subject Re: [classlib][security] Changing system property java.home may cause incorrect initialization of java.security.Security class
Date Fri, 24 Nov 2006 10:12:23 GMT
2006/11/24, Tim Ellison <t.p.ellison@gmail.com>:
> Alexey Varlamov (JIRA) wrote:
> >     [ http://issues.apache.org/jira/browse/HARMONY-2163?page=comments#action_12452378
]
> >
> > The only consistent way to fix this (as I see) is to preload and init Security class
early, somewhere during bootstrap. OTOH this may increase bootstrap time a bit...
> > What do you think?
>
> The problem appears to be that we don't set defaults if we cannot find
> the properties file(s).
Oh, I just overlooked the practical root cause. Nice catch!

>
> So how about we implement Security#registerDRLProviders() (maybe with a
> method name change) to register:
>
> security.provider.1=org.apache.harmony.security.provider.cert.DRLCertFactory
> security.provider.2=org.apache.harmony.security.provider.crypto.CryptoProvider
> security.provider.3=org.apache.harmony.xnet.provider.jsse.JSSEProvider
> security.provider.4=org.bouncycastle.jce.provider.BouncyCastleProvider
>
> Thoughts?
> Tim

Well, there is a number of other sensitive keys without hardcoded
defaults, e.g. package.access, probably bunch of ssl.* keys. Therefore
I presume it should be Security#defaultConfig() then.

--
Alexey

> --
>
> Tim Ellison (t.p.ellison@gmail.com)
> IBM Java technology centre, UK.
>

Mime
View raw message