You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@felix.apache.org by "Karl Pauls (JIRA)" <ji...@apache.org> on 2010/12/28 17:00:50 UTC
[jira] Resolved: (FELIX-2750) JarEntry.getCodeSigners() is used in
Framework Security
[ https://issues.apache.org/jira/browse/FELIX-2750?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Karl Pauls resolved FELIX-2750.
-------------------------------
Resolution: Invalid
Assignee: Karl Pauls
This is just a workaround of a bug in the sun jdk 1.5.x - getCertificates(). Basically, getCertificates might return null there even if there are valid certificates. This is a regression bug that has been fixed in 1.6.
We use reflection to see whether we have a SignerCertPath for the entry (available >= 1.5) and if so check whether there are valid certificates. The reason we use reflection is that we don't need to do this fallback so other than the stacktrace it should work just fine on 1.4 -- hence, i'll mark this issue as invalid. Please reopen if you find other issues in security.
> JarEntry.getCodeSigners() is used in Framework Security
> -------------------------------------------------------
>
> Key: FELIX-2750
> URL: https://issues.apache.org/jira/browse/FELIX-2750
> Project: Felix
> Issue Type: Bug
> Components: Framework Security
> Affects Versions: framework.security-1.4.1
> Environment: J2SE 1.4
> Reporter: Ikuo YAMASAKI
> Assignee: Karl Pauls
> Priority: Minor
>
> On J2SE1.4, running framework-3.0.7 and framework.security-1.4.1 throws Exception because the framework security uses JarEntry.getCodeSigners().
> java.lang.NoSuchMethodException: java.util.jar.JarEntry.getCodeSigners()
> at java.lang.Class.getMethod(Class.java:986)
> at org.apache.felix.framework.security.verifier.BundleDNParser.<clinit>(BundleDNParser.java:62)
> at org.apache.felix.framework.SecurityProviderImpl.<init>(SecurityProviderImpl.java:53)
> at org.apache.felix.framework.SecurityActivator.start(SecurityActivator.java:204)
> at org.apache.felix.framework.util.SecureAction$Actions.run(SecureAction.java:1243)
> at java.security.AccessController.doPrivileged(Native Method)
> at org.apache.felix.framework.util.SecureAction.startActivator(SecureAction.java:620)
> at org.apache.felix.framework.ExtensionManager.startExtensionBundle(ExtensionManager.java:394)
> at org.apache.felix.framework.Felix.installBundle(Felix.java:2610)
> at org.apache.felix.framework.Felix.installBundle(Felix.java:2429)
> at org.apache.felix.framework.BundleContextImpl.installBundle(BundleContextImpl.java:121)
> at org.apache.felix.framework.BundleContextImpl.installBundle(BundleContextImpl.java:107)
> at org.apache.felix.main.AutoProcessor.processAutoDeploy(AutoProcessor.java:173)
> at org.apache.felix.main.AutoProcessor.process(AutoProcessor.java:78)
> at org.apache.felix.main.Main.main(Main.java:291)
> As far as I check the source, the impl catches the Exception and just calls ex.printStackTrace().
> It seems to me that the conditional permission admin can be used in Neither J2SE 1.4 nor CDC FP1.1.
> I'm not sure we can change the impl in order to allow it in either J2SE1.4 or CDC FP1.1.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.