You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@harmony.apache.org by "Leo Li (JIRA)" <ji...@apache.org> on 2007/01/04 10:05:27 UTC
[jira] Created: (HARMONY-2940)
[classlib][security]Class.forName("org.bouncycastle.jce.provider.BouncyCastleProvider");
fails while org.bouncycastle.jce.provider.BouncyCastleProvider is added as
a security provider
[classlib][security]Class.forName("org.bouncycastle.jce.provider.BouncyCastleProvider"); fails while org.bouncycastle.jce.provider.BouncyCastleProvider is added as a security provider
---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Key: HARMONY-2940
URL: https://issues.apache.org/jira/browse/HARMONY-2940
Project: Harmony
Issue Type: Bug
Components: Classlib
Reporter: Leo Li
Priority: Critical
Here is a testcase:
public void test()
{
Class cls = Class.forName("org.bouncycastle.jce.provider.BouncyCastleProvider");
}
Harmony fails.
After digging into it, I found that it is related with bcprov.jar has a certificate signed by the signature provided by itself. I tried to remove it signature and move it into the boot directory and it works.
So I recommend to put an unsigned bcprov.jar into the boot directory.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: https://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
Re: [jira] Created: (HARMONY-2940) [classlib][security]Class.forName("org.bouncycastle.jce.provider.BouncyCastleProvider"); fails while org.bouncycastle.jce.provider.BouncyCastleProvider is added as a security provider
Posted by Yang Paulex <pa...@gmail.com>.
I see, thank you, Stepan, I'll look at if we can modify the URLClassLoader
implementation not to cache the JarFile instance until the instance is
fully initiated.
2007/1/16, Stepan Mishura <st...@gmail.com>:
>
> On 1/15/07, Yang Paulex wrote:
> >
> > 2007/1/12, Stepan Mishura :
> > <SNIP>
> > > IMHO the case with BC provider only is just particular case of
> > classloader
> > > bug. As you pointed out URLClassloader caches JarFile instances - so
> > the
> > > problem is that during JarFile object initialization there may be
> > request
> > > to
> > > load a class from the same jar-file. For example, the request may be
> > > initiated by a security manager (not by Services class).
> > >
> > > So adding to static init block "Security.getProviders()" will resolve
> > > problem only with "bouncycastle.jar".
> >
> >
> > This workaround can resolve problems related with any security
> providers.
> > But I agree this is just a special case, that's exactly why I have
> concern
> > on it. And I thought that maybe URLClassLoader should not cache the
> > JarFile
> > instance until it is fully initiated, but because URLClassLoader is so
> > widely used, so I need more tests to validate.
>
>
> Hi Paulex,
>
> I afraid that this workaround may not help, for example I've added to
> HARMONY-2940 a test that reproduces the failure with SecurityManager. The
> test may look odd but it just demonstrates possible failure conditions.
>
> Thanks,
> Stepan.
>
> Thanks,
> > > Stepan.
> > >
> > > 2007/1/4, Leo Li (JIRA) <jira@apache.org >:
> > > > >
> > > > > [classlib][security]Class.forName("
> > > > > org.bouncycastle.jce.provider.BouncyCastleProvider"); fails while
> > > > > org.bouncycastle.jce.provider.BouncyCastleProvider is added as a
> > > > security
> > > > > provider
> > > > >
> > > > >
> > > >
> > >
> >
> ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
> >
> > > > >
> > > > > Key: HARMONY-2940
> > > > > URL:
> > > https://issues.apache.org/jira/browse/HARMONY-2940
> > > > > Project: Harmony
> > > > > Issue Type: Bug
> > > > > Components: Classlib
> > > > > Reporter: Leo Li
> > > > > Priority: Critical
> > > > >
> > > > >
> > > > > Here is a testcase:
> > > > >
> > > > > public void test()
> > > > > {
> > > > > Class cls = Class.forName("
> > > > > org.bouncycastle.jce.provider.BouncyCastleProvider");
> > > > > }
> > > > >
> > > > > Harmony fails.
> > > > >
> > > > > After digging into it, I found that it is related with
> bcprov.jarhas
> > > a
> > > > > certificate signed by the signature provided by itself. I tried
> to
> > > > remove
> > > > > it signature and move it into the boot directory and it works.
> > > > >
> > > > > So I recommend to put an unsigned bcprov.jar into the boot
> > directory.
> > > > >
> > > > >
> > > > > --
> > > > > This message is automatically generated by JIRA.
> > > > > -
> > > > > If you think it was sent incorrectly contact one of the
> > > administrators:
> > > > > https://issues.apache.org/jira/secure/Administrators.jspa
> > > > > -
> > > > > For more information on JIRA, see:
> > > > http://www.atlassian.com/software/jira
> > > > >
> > > > >
> > > > >
> > > >
> > > >
> > > > --
> > > > Paulex Yang
> > > > China Software Development Labotary
> > > > IBM
> > > >
> > > >
> > >
> > >
> > > --
> > > Stepan Mishura
> > > Intel Enterprise Solutions Software Division
> > >
> > >
> >
> >
> > --
> > Paulex Yang
> > China Software Development Labotary
> > IBM
> >
> >
>
>
> --
> Stepan Mishura
> Intel Enterprise Solutions Software Division
>
>
--
Paulex Yang
China Software Development Labotary
IBM
Re: [jira] Created: (HARMONY-2940) [classlib][security]Class.forName("org.bouncycastle.jce.provider.BouncyCastleProvider"); fails while org.bouncycastle.jce.provider.BouncyCastleProvider is added as a security provider
Posted by Stepan Mishura <st...@gmail.com>.
On 1/15/07, Yang Paulex wrote:
>
> 2007/1/12, Stepan Mishura :
> <SNIP>
> > IMHO the case with BC provider only is just particular case of
> classloader
> > bug. As you pointed out URLClassloader caches JarFile instances - so
> the
> > problem is that during JarFile object initialization there may be
> request
> > to
> > load a class from the same jar-file. For example, the request may be
> > initiated by a security manager (not by Services class).
> >
> > So adding to static init block "Security.getProviders()" will resolve
> > problem only with "bouncycastle.jar".
>
>
> This workaround can resolve problems related with any security providers.
> But I agree this is just a special case, that's exactly why I have concern
> on it. And I thought that maybe URLClassLoader should not cache the
> JarFile
> instance until it is fully initiated, but because URLClassLoader is so
> widely used, so I need more tests to validate.
Hi Paulex,
I afraid that this workaround may not help, for example I've added to
HARMONY-2940 a test that reproduces the failure with SecurityManager. The
test may look odd but it just demonstrates possible failure conditions.
Thanks,
Stepan.
Thanks,
> > Stepan.
> >
> > 2007/1/4, Leo Li (JIRA) <jira@apache.org >:
> > > >
> > > > [classlib][security]Class.forName("
> > > > org.bouncycastle.jce.provider.BouncyCastleProvider"); fails while
> > > > org.bouncycastle.jce.provider.BouncyCastleProvider is added as a
> > > security
> > > > provider
> > > >
> > > >
> > >
> >
> ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
>
> > > >
> > > > Key: HARMONY-2940
> > > > URL:
> > https://issues.apache.org/jira/browse/HARMONY-2940
> > > > Project: Harmony
> > > > Issue Type: Bug
> > > > Components: Classlib
> > > > Reporter: Leo Li
> > > > Priority: Critical
> > > >
> > > >
> > > > Here is a testcase:
> > > >
> > > > public void test()
> > > > {
> > > > Class cls = Class.forName("
> > > > org.bouncycastle.jce.provider.BouncyCastleProvider");
> > > > }
> > > >
> > > > Harmony fails.
> > > >
> > > > After digging into it, I found that it is related with bcprov.jarhas
> > a
> > > > certificate signed by the signature provided by itself. I tried to
> > > remove
> > > > it signature and move it into the boot directory and it works.
> > > >
> > > > So I recommend to put an unsigned bcprov.jar into the boot
> directory.
> > > >
> > > >
> > > > --
> > > > This message is automatically generated by JIRA.
> > > > -
> > > > If you think it was sent incorrectly contact one of the
> > administrators:
> > > > https://issues.apache.org/jira/secure/Administrators.jspa
> > > > -
> > > > For more information on JIRA, see:
> > > http://www.atlassian.com/software/jira
> > > >
> > > >
> > > >
> > >
> > >
> > > --
> > > Paulex Yang
> > > China Software Development Labotary
> > > IBM
> > >
> > >
> >
> >
> > --
> > Stepan Mishura
> > Intel Enterprise Solutions Software Division
> >
> >
>
>
> --
> Paulex Yang
> China Software Development Labotary
> IBM
>
>
--
Stepan Mishura
Intel Enterprise Solutions Software Division
Re: [jira] Created: (HARMONY-2940) [classlib][security]Class.forName("org.bouncycastle.jce.provider.BouncyCastleProvider"); fails while org.bouncycastle.jce.provider.BouncyCastleProvider is added as a security provider
Posted by Yang Paulex <pa...@gmail.com>.
2007/1/12, Stepan Mishura <st...@gmail.com>:
>
> On 1/4/07, Yang Paulex wrote:
> >
> > This issue is interesting, because if you tried to load any classes in
> the
> > security provider jars by Class.forName(), it fails. But if you invoke
> the
> > Security.getProviders() at first, the issue disappears.
> >
> > After deeper look inside, I found the key is the time at which
> > o.a.h.security.fortress.Services is loaded, Services will try to load
> all
> > security provider classes, if you invoke the Class.forName("some class
> in
> > bouncycastle") at first, the stacktrace will look like:
> >
> > Class.forName()->URLClassLoader->JarFile(bouncycastle.jar
> > )->JarVerifier->Services->JarFile(bouncycastle.jaragain!)->JarVerifier...
> >
> > Please note that for good reasons, the JarFile instance for bc.jar are
> > cached by URLClassLoader, so it is reused when Services tries to load
> > security provider from bc.jar, but unfortunetely when Services returned,
> > the
> > internal status of that JarFile instance has been changed, so that NPE
> is
> > thrown.
> >
> > One workaround is to add "Security.getProviders()" to
> j.u.jar.JarVerifier
> > 's
> > static init block, so that it is guarenteed that the security providers
> > will
> > be loaded before any classes in certified jars are explicitly used. But
> > I'm
> > not sure it is the right thing to do. any security gurus to comment?
>
>
> IMHO the case with BC provider only is just particular case of classloader
> bug. As you pointed out URLClassloader caches JarFile instances - so the
> problem is that during JarFile object initialization there may be request
> to
> load a class from the same jar-file. For example, the request may be
> initiated by a security manager (not by Services class).
>
> So adding to static init block "Security.getProviders()" will resolve
> problem only with "bouncycastle.jar".
This workaround can resolve problems related with any security providers.
But I agree this is just a special case, that's exactly why I have concern
on it. And I thought that maybe URLClassLoader should not cache the JarFile
instance until it is fully initiated, but because URLClassLoader is so
widely used, so I need more tests to validate.
Thanks,
> Stepan.
>
> 2007/1/4, Leo Li (JIRA) <ji...@apache.org>:
> > >
> > > [classlib][security]Class.forName("
> > > org.bouncycastle.jce.provider.BouncyCastleProvider"); fails while
> > > org.bouncycastle.jce.provider.BouncyCastleProvider is added as a
> > security
> > > provider
> > >
> > >
> >
> ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
> > >
> > > Key: HARMONY-2940
> > > URL:
> https://issues.apache.org/jira/browse/HARMONY-2940
> > > Project: Harmony
> > > Issue Type: Bug
> > > Components: Classlib
> > > Reporter: Leo Li
> > > Priority: Critical
> > >
> > >
> > > Here is a testcase:
> > >
> > > public void test()
> > > {
> > > Class cls = Class.forName("
> > > org.bouncycastle.jce.provider.BouncyCastleProvider");
> > > }
> > >
> > > Harmony fails.
> > >
> > > After digging into it, I found that it is related with bcprov.jar has
> a
> > > certificate signed by the signature provided by itself. I tried to
> > remove
> > > it signature and move it into the boot directory and it works.
> > >
> > > So I recommend to put an unsigned bcprov.jar into the boot directory.
> > >
> > >
> > > --
> > > This message is automatically generated by JIRA.
> > > -
> > > If you think it was sent incorrectly contact one of the
> administrators:
> > > https://issues.apache.org/jira/secure/Administrators.jspa
> > > -
> > > For more information on JIRA, see:
> > http://www.atlassian.com/software/jira
> > >
> > >
> > >
> >
> >
> > --
> > Paulex Yang
> > China Software Development Labotary
> > IBM
> >
> >
>
>
> --
> Stepan Mishura
> Intel Enterprise Solutions Software Division
>
>
--
Paulex Yang
China Software Development Labotary
IBM
Re: [jira] Created: (HARMONY-2940) [classlib][security]Class.forName("org.bouncycastle.jce.provider.BouncyCastleProvider"); fails while org.bouncycastle.jce.provider.BouncyCastleProvider is added as a security provider
Posted by Stepan Mishura <st...@gmail.com>.
On 1/4/07, Yang Paulex wrote:
>
> This issue is interesting, because if you tried to load any classes in the
> security provider jars by Class.forName(), it fails. But if you invoke the
> Security.getProviders() at first, the issue disappears.
>
> After deeper look inside, I found the key is the time at which
> o.a.h.security.fortress.Services is loaded, Services will try to load all
> security provider classes, if you invoke the Class.forName("some class in
> bouncycastle") at first, the stacktrace will look like:
>
> Class.forName()->URLClassLoader->JarFile(bouncycastle.jar
> )->JarVerifier->Services->JarFile(bouncycastle.jar again!)->JarVerifier...
>
> Please note that for good reasons, the JarFile instance for bc.jar are
> cached by URLClassLoader, so it is reused when Services tries to load
> security provider from bc.jar, but unfortunetely when Services returned,
> the
> internal status of that JarFile instance has been changed, so that NPE is
> thrown.
>
> One workaround is to add "Security.getProviders()" to j.u.jar.JarVerifier
> 's
> static init block, so that it is guarenteed that the security providers
> will
> be loaded before any classes in certified jars are explicitly used. But
> I'm
> not sure it is the right thing to do. any security gurus to comment?
IMHO the case with BC provider only is just particular case of classloader
bug. As you pointed out URLClassloader caches JarFile instances - so the
problem is that during JarFile object initialization there may be request to
load a class from the same jar-file. For example, the request may be
initiated by a security manager (not by Services class).
So adding to static init block "Security.getProviders()" will resolve
problem only with "bouncycastle.jar".
Thanks,
Stepan.
2007/1/4, Leo Li (JIRA) <ji...@apache.org>:
> >
> > [classlib][security]Class.forName("
> > org.bouncycastle.jce.provider.BouncyCastleProvider"); fails while
> > org.bouncycastle.jce.provider.BouncyCastleProvider is added as a
> security
> > provider
> >
> >
> ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
> >
> > Key: HARMONY-2940
> > URL: https://issues.apache.org/jira/browse/HARMONY-2940
> > Project: Harmony
> > Issue Type: Bug
> > Components: Classlib
> > Reporter: Leo Li
> > Priority: Critical
> >
> >
> > Here is a testcase:
> >
> > public void test()
> > {
> > Class cls = Class.forName("
> > org.bouncycastle.jce.provider.BouncyCastleProvider");
> > }
> >
> > Harmony fails.
> >
> > After digging into it, I found that it is related with bcprov.jar has a
> > certificate signed by the signature provided by itself. I tried to
> remove
> > it signature and move it into the boot directory and it works.
> >
> > So I recommend to put an unsigned bcprov.jar into the boot directory.
> >
> >
> > --
> > This message is automatically generated by JIRA.
> > -
> > If you think it was sent incorrectly contact one of the administrators:
> > https://issues.apache.org/jira/secure/Administrators.jspa
> > -
> > For more information on JIRA, see:
> http://www.atlassian.com/software/jira
> >
> >
> >
>
>
> --
> Paulex Yang
> China Software Development Labotary
> IBM
>
>
--
Stepan Mishura
Intel Enterprise Solutions Software Division
Re: [jira] Created: (HARMONY-2940) [classlib][security]Class.forName("org.bouncycastle.jce.provider.BouncyCastleProvider"); fails while org.bouncycastle.jce.provider.BouncyCastleProvider is added as a security provider
Posted by Yang Paulex <pa...@gmail.com>.
This issue is interesting, because if you tried to load any classes in the
security provider jars by Class.forName(), it fails. But if you invoke the
Security.getProviders() at first, the issue disappears.
After deeper look inside, I found the key is the time at which
o.a.h.security.fortress.Services is loaded, Services will try to load all
security provider classes, if you invoke the Class.forName("some class in
bouncycastle") at first, the stacktrace will look like:
Class.forName()->URLClassLoader->JarFile(bouncycastle.jar
)->JarVerifier->Services->JarFile(bouncycastle.jar again!)->JarVerifier...
Please note that for good reasons, the JarFile instance for bc.jar are
cached by URLClassLoader, so it is reused when Services tries to load
security provider from bc.jar, but unfortunetely when Services returned, the
internal status of that JarFile instance has been changed, so that NPE is
thrown.
One workaround is to add "Security.getProviders()" to j.u.jar.JarVerifier's
static init block, so that it is guarenteed that the security providers will
be loaded before any classes in certified jars are explicitly used. But I'm
not sure it is the right thing to do. any security gurus to comment?
2007/1/4, Leo Li (JIRA) <ji...@apache.org>:
>
> [classlib][security]Class.forName("
> org.bouncycastle.jce.provider.BouncyCastleProvider"); fails while
> org.bouncycastle.jce.provider.BouncyCastleProvider is added as a security
> provider
>
> ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
>
> Key: HARMONY-2940
> URL: https://issues.apache.org/jira/browse/HARMONY-2940
> Project: Harmony
> Issue Type: Bug
> Components: Classlib
> Reporter: Leo Li
> Priority: Critical
>
>
> Here is a testcase:
>
> public void test()
> {
> Class cls = Class.forName("
> org.bouncycastle.jce.provider.BouncyCastleProvider");
> }
>
> Harmony fails.
>
> After digging into it, I found that it is related with bcprov.jar has a
> certificate signed by the signature provided by itself. I tried to remove
> it signature and move it into the boot directory and it works.
>
> So I recommend to put an unsigned bcprov.jar into the boot directory.
>
>
> --
> This message is automatically generated by JIRA.
> -
> If you think it was sent incorrectly contact one of the administrators:
> https://issues.apache.org/jira/secure/Administrators.jspa
> -
> For more information on JIRA, see: http://www.atlassian.com/software/jira
>
>
>
--
Paulex Yang
China Software Development Labotary
IBM
[jira] Commented: (HARMONY-2940)
[classlib][security]Class.forName("org.bouncycastle.jce.provider.BouncyCastleProvider");
fails while org.bouncycastle.jce.provider.BouncyCastleProvider is added as
a security provider
Posted by "Leo Li (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HARMONY-2940?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12473091 ]
Leo Li commented on HARMONY-2940:
---------------------------------
Hi, Stepan:
Thank you for pointing out that.
In fact it is no business with security module but a problem of reentering JarFile.getInputStream().
Because of the caching mechanism adopted by URLClassloader, it will reenter the same JarFile.getInputStream() when the class is in a signed jar and the provider to verify the jar is given by the same class. However the JarFile.getInputStream() actually is not designed to have the capability to be reentered.
Now, I have a plan to fix it. I will give a patch soon.
Good luck,
Leo
> [classlib][security]Class.forName("org.bouncycastle.jce.provider.BouncyCastleProvider"); fails while org.bouncycastle.jce.provider.BouncyCastleProvider is added as a security provider
> ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
>
> Key: HARMONY-2940
> URL: https://issues.apache.org/jira/browse/HARMONY-2940
> Project: Harmony
> Issue Type: Bug
> Components: Classlib
> Reporter: Leo Li
> Assigned To: Stepan Mishura
> Priority: Critical
>
> Here is a testcase:
> public void test()
> {
> Class cls = Class.forName("org.bouncycastle.jce.provider.BouncyCastleProvider");
> }
> Harmony fails.
> After digging into it, I found that it is related with bcprov.jar has a certificate signed by the signature provided by itself. I tried to remove it signature and move it into the boot directory and it works.
> So I recommend to put an unsigned bcprov.jar into the boot directory.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Closed: (HARMONY-2940)
[classlib][security]Class.forName("org.bouncycastle.jce.provider.BouncyCastleProvider");
fails while org.bouncycastle.jce.provider.BouncyCastleProvider is added as
a security provider
Posted by "Leo Li (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HARMONY-2940?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Leo Li closed HARMONY-2940.
---------------------------
Resolution: Fixed
Fixed in HARMONY-3332.
> [classlib][security]Class.forName("org.bouncycastle.jce.provider.BouncyCastleProvider"); fails while org.bouncycastle.jce.provider.BouncyCastleProvider is added as a security provider
> ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
>
> Key: HARMONY-2940
> URL: https://issues.apache.org/jira/browse/HARMONY-2940
> Project: Harmony
> Issue Type: Bug
> Components: Classlib
> Reporter: Leo Li
> Assigned To: Stepan Mishura
> Priority: Critical
>
> Here is a testcase:
> public void test()
> {
> Class cls = Class.forName("org.bouncycastle.jce.provider.BouncyCastleProvider");
> }
> Harmony fails.
> After digging into it, I found that it is related with bcprov.jar has a certificate signed by the signature provided by itself. I tried to remove it signature and move it into the boot directory and it works.
> So I recommend to put an unsigned bcprov.jar into the boot directory.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Assigned: (HARMONY-2940)
[classlib][security]Class.forName("org.bouncycastle.jce.provider.BouncyCastleProvider");
fails while org.bouncycastle.jce.provider.BouncyCastleProvider is added as
a security provider
Posted by "Stepan Mishura (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HARMONY-2940?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Stepan Mishura reassigned HARMONY-2940:
---------------------------------------
Assignee: Stepan Mishura
> [classlib][security]Class.forName("org.bouncycastle.jce.provider.BouncyCastleProvider"); fails while org.bouncycastle.jce.provider.BouncyCastleProvider is added as a security provider
> ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
>
> Key: HARMONY-2940
> URL: https://issues.apache.org/jira/browse/HARMONY-2940
> Project: Harmony
> Issue Type: Bug
> Components: Classlib
> Reporter: Leo Li
> Assigned To: Stepan Mishura
> Priority: Critical
>
> Here is a testcase:
> public void test()
> {
> Class cls = Class.forName("org.bouncycastle.jce.provider.BouncyCastleProvider");
> }
> Harmony fails.
> After digging into it, I found that it is related with bcprov.jar has a certificate signed by the signature provided by itself. I tried to remove it signature and move it into the boot directory and it works.
> So I recommend to put an unsigned bcprov.jar into the boot directory.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: https://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] Commented: (HARMONY-2940)
[classlib][security]Class.forName("org.bouncycastle.jce.provider.BouncyCastleProvider");
fails while org.bouncycastle.jce.provider.BouncyCastleProvider is added as
a security provider
Posted by "Stepan Mishura (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HARMONY-2940?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12465050 ]
Stepan Mishura commented on HARMONY-2940:
-----------------------------------------
The following test reproduces this race condition with BouncyCastle provider - Harmony throws NullPointerException and RI pass.(Please note it can be reproduced with any signed jar)
import java.io.IOException;
import java.security.Permission;
import java.security.Security;
import java.util.PropertyPermission;
import java.util.jar.JarFile;
public class test {
public static void main(String[] args) throws Exception {
// suggested workaround
Security.getProviders();
final JarFile f = new JarFile("bcprov.jar");
System.setSecurityManager(new SecurityManager() {
int i = 0;
public void checkPermission(Permission perm) {
// race conditions
if (perm instanceof PropertyPermission) {
i++;
try {
if (i == 2) {
f.getInputStream(
f.getEntry("org/bouncycastle/jce/provider/BouncyCastleProvider.class"));
}
} catch (IOException e) {
e.printStackTrace();
}
}
}
});
f.getInputStream(
f.getEntry("org/bouncycastle/jce/provider/BouncyCastleProvider.class"));
}
}
============ OUTPUT ==============
Exception in thread "main" java.lang.NullPointerException
at java.util.jar.JarVerifier.verifyCertificate(JarVerifier.java:316)
at java.util.jar.JarVerifier.readCertificates(JarVerifier.java:246)
at java.util.jar.JarFile.getInputStream(JarFile.java:349)
at test.main(test.java:34)
> [classlib][security]Class.forName("org.bouncycastle.jce.provider.BouncyCastleProvider"); fails while org.bouncycastle.jce.provider.BouncyCastleProvider is added as a security provider
> ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
>
> Key: HARMONY-2940
> URL: https://issues.apache.org/jira/browse/HARMONY-2940
> Project: Harmony
> Issue Type: Bug
> Components: Classlib
> Reporter: Leo Li
> Assigned To: Stepan Mishura
> Priority: Critical
>
> Here is a testcase:
> public void test()
> {
> Class cls = Class.forName("org.bouncycastle.jce.provider.BouncyCastleProvider");
> }
> Harmony fails.
> After digging into it, I found that it is related with bcprov.jar has a certificate signed by the signature provided by itself. I tried to remove it signature and move it into the boot directory and it works.
> So I recommend to put an unsigned bcprov.jar into the boot directory.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: https://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira