You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@harmony.apache.org by "Leo Li (JIRA)" <ji...@apache.org> on 2007/05/29 05:34:15 UTC
[jira] Commented: (HARMONY-3939) [classlib][security] Security
providers are initialized on first request
[ https://issues.apache.org/jira/browse/HARMONY-3939?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12499672 ]
Leo Li commented on HARMONY-3939:
---------------------------------
After some studying I found that the problem is BouncyCastleProvider.addMappings does not have the priviledge to call java.security.Provider.put(Object, Object). Here is the stacktrace:
java.lang.ExceptionInInitializerError
at java.lang.J9VMInternals.initialize(J9VMInternals.java:195)
at org.apache.harmony.security.fortress.Engine.getInstance(Engine.java:91)
at java.security.AlgorithmParameters.getInstance(AlgorithmParameters.java:90)
at Test.main(Test.java:8)
Caused by: java.security.AccessControlException: Access denied (java.security.SecurityPermission putProviderProperty.BC)
at java.security.AccessController.checkPermission(AccessController.java:94)
at java.lang.SecurityManager.checkPermission(SecurityManager.java:746)
at java.lang.SecurityManager.checkSecurityAccess(SecurityManager.java:422)
at java.security.Provider.put(Provider.java:236)
at org.bouncycastle.jce.provider.BouncyCastleProvider.addMappings(Unknown Source)
at org.bouncycastle.jce.provider.BouncyCastleProvider.<init>(Unknown Source)
at java.lang.Class.newInstanceImpl(Native Method)
at java.lang.Class.newInstance(Class.java:1250)
at org.apache.harmony.security.fortress.Services.loadProviders(Services.java:84)
at org.apache.harmony.security.fortress.Services.access$0(Services.java:73)
at org.apache.harmony.security.fortress.Services$1.run(Services.java:66)
at java.security.AccessController.doPrivileged(AccessController.java:179)
at org.apache.harmony.security.fortress.Services.<clinit>(Services.java:64)
at java.lang.J9VMInternals.initializeImpl(Native Method)
at java.lang.J9VMInternals.initialize(J9VMInternals.java:177)
... 3 more
Harmony has such problem is that all the functions of bouncy castle reside in those classes in ext while RI, only those related to JCE is put in ext and other classes are in boot jars which have higher priviledges than former.
So if possible, part of the classes in bcprov.jar should be moved to boot directory of harmony.
> [classlib][security] Security providers are initialized on first request
> ------------------------------------------------------------------------
>
> Key: HARMONY-3939
> URL: https://issues.apache.org/jira/browse/HARMONY-3939
> Project: Harmony
> Issue Type: Bug
> Components: Classlib
> Environment: Windows/ia32
> Reporter: Roman S. Bushmanov
> Attachments: Test.java, Test1.java
>
>
> Security providers can be initialized correctly only by trusted code i.e. application working w/out security manager or application with certain security permission granted.
> At the same time, JavaTM Cryptography Architecture API Specification & Reference requires the code to be trusted only for *dynamic* registration of provoders and no security permissions are required to install a provider by means of java.security file.
> To reproduce the problem please run two simple testcases on the same JRE. These two testcases differs in one line which ilstalls a security manager and expected output is the same.
> 'Test' testcase produces on svn = r537794, (May 14 2007), Windows/ia32/msvc 1310, release build the following output:
> DSA
> while 'Test1' prints the following
> java.security.NoSuchAlgorithmException: AlgorithmParameters DSA implementation not found
> at org.apache.harmony.security.fortress.Engine.getInstance(Engine.java:111)
> at java.security.AlgorithmParameters.getInstance(AlgorithmParameters.java:90)
> at Test1.main(Test1.java:9)
> On RI both testcases prints the same:
> DSA
> Affected tests:
> functional/org/apache/harmony/test/func/api/java/security/F_AlgorithmParametersTest_01/F_AlgorithmParametersTest_01.xml
> (see HARMONY-3528)
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.