Harmony
  1. Harmony
  2. HARMONY-6357

[classlib][security] PermissionCollectionTest passes thanks to a bug in bcprov.jar

    Details

    • Type: Bug Bug
    • Status: Closed
    • Priority: Minor Minor
    • Resolution: Fixed
    • Affects Version/s: 5.0M11
    • Fix Version/s: 5.0M12
    • Component/s: Classlib
    • Labels:
      None
    • Environment:
      x86/redhat el5

      Description

      The junit test, test_impliesLjava_security_Permisson of the tests.api.java.security.PermissionCollectionTest passes thanks to a bug in bcprov-jdk15-141.jar. See http://www.bouncycastle.org/jira/browse/BJA-222. In the bcprov-jdk15-144.jar, the bug has been fixed.
      This means that if the dependency for bcprov is updated to use bcprov-jdk15-144.jar, the junit test will fail. Either the test case needs update or excluded.

        Activity

        Transition Time In Source Status Execution Times Last Executer Last Execution Date
        Open Open Resolved Resolved
        2d 15h 55m 1 Tim Ellison 22/Oct/09 14:58
        Resolved Resolved Closed Closed
        19h 34m 1 Tim Ellison 23/Oct/09 10:32
        Tim Ellison made changes -
        Status Resolved [ 5 ] Closed [ 6 ]
        Hide
        Kyle Cho added a comment -

        confirmed that the revison r828697 fixed the issue.

        Show
        Kyle Cho added a comment - confirmed that the revison r828697 fixed the issue.
        Hide
        Hudson added a comment -

        Integrated in Harmony-1.5-head-linux-x86_64 #510 (See http://hudson.zones.apache.org/hudson/job/Harmony-1.5-head-linux-x86_64/510/)
        Fix for ([classlib][security] PermissionCollectionTest passes thanks to a bug in bcprov.jar)

        Update BouncyCastle dependency to version 1.44, and

        fix the PermissionCollections test to:

        • write out the policy file in a valid format
        • assert the permissions implies correctly from the forked VM
        Show
        Hudson added a comment - Integrated in Harmony-1.5-head-linux-x86_64 #510 (See http://hudson.zones.apache.org/hudson/job/Harmony-1.5-head-linux-x86_64/510/ ) Fix for ( [classlib] [security] PermissionCollectionTest passes thanks to a bug in bcprov.jar) Update BouncyCastle dependency to version 1.44, and fix the PermissionCollections test to: write out the policy file in a valid format assert the permissions implies correctly from the forked VM
        Tim Ellison made changes -
        Status Open [ 1 ] Resolved [ 5 ]
        Fix Version/s 5.0M12 [ 12314191 ]
        Resolution Fixed [ 1 ]
        Hide
        Tim Ellison added a comment -

        I see the NPE is being thrown in the DefaultPolicyParser and handled away quietly by a catch Exception handler. Changing the parser to pass in a bogus password with bcprov 1.41 shows the test failing in the same way as null does with bcprov 1.44, e.g.

        Index: src/main/java/common/org/apache/harmony/security/fortress/DefaultPolicyParser.java
        ===================================================================
        — src/main/java/common/org/apache/harmony/security/fortress/DefaultPolicyParser.java (revision 828627)
        +++ src/main/java/common/org/apache/harmony/security/fortress/DefaultPolicyParser.java (working copy)
        @@ -466,7 +466,7 @@
        InputStream is = AccessController
        .doPrivileged(new PolicyUtils.URLLoader(location));
        try {

        • ks.load(is, null);
          + ks.load(is, new char[] {});
          }
          finally {
          is.close();

        This is the NPE that is being thrown and handled away...

        java.lang.NullPointerException
        at org.bouncycastle.crypto.PBEParametersGenerator.PKCS12PasswordToBytes(Unknown Source)
        at org.bouncycastle.jce.provider.JDKKeyStore.engineLoad(Unknown Source)
        at java.security.KeyStore.load(KeyStore.java:630)
        at org.apache.harmony.security.fortress.DefaultPolicyParser.initKeyStore(DefaultPolicyParser.java:469)
        at org.apache.harmony.security.fortress.DefaultPolicyParser.parse(DefaultPolicyParser.java:132)
        at org.apache.harmony.security.fortress.DefaultPolicy.refresh(DefaultPolicy.java:284)
        at org.apache.harmony.security.fortress.DefaultPolicy.<init>(DefaultPolicy.java:183)
        at org.apache.harmony.security.fortress.DefaultPolicy.<init>(DefaultPolicy.java:172)

        The fix was to update BouncyCastle and fix the test to create a valid policy file and fix the assertions for the implied permissions. Fixed at repo revision r828697.

        Please verify.

        Show
        Tim Ellison added a comment - I see the NPE is being thrown in the DefaultPolicyParser and handled away quietly by a catch Exception handler. Changing the parser to pass in a bogus password with bcprov 1.41 shows the test failing in the same way as null does with bcprov 1.44, e.g. Index: src/main/java/common/org/apache/harmony/security/fortress/DefaultPolicyParser.java =================================================================== — src/main/java/common/org/apache/harmony/security/fortress/DefaultPolicyParser.java (revision 828627) +++ src/main/java/common/org/apache/harmony/security/fortress/DefaultPolicyParser.java (working copy) @@ -466,7 +466,7 @@ InputStream is = AccessController .doPrivileged(new PolicyUtils.URLLoader(location)); try { ks.load(is, null); + ks.load(is, new char[] {}); } finally { is.close(); This is the NPE that is being thrown and handled away... java.lang.NullPointerException at org.bouncycastle.crypto.PBEParametersGenerator.PKCS12PasswordToBytes(Unknown Source) at org.bouncycastle.jce.provider.JDKKeyStore.engineLoad(Unknown Source) at java.security.KeyStore.load(KeyStore.java:630) at org.apache.harmony.security.fortress.DefaultPolicyParser.initKeyStore(DefaultPolicyParser.java:469) at org.apache.harmony.security.fortress.DefaultPolicyParser.parse(DefaultPolicyParser.java:132) at org.apache.harmony.security.fortress.DefaultPolicy.refresh(DefaultPolicy.java:284) at org.apache.harmony.security.fortress.DefaultPolicy.<init>(DefaultPolicy.java:183) at org.apache.harmony.security.fortress.DefaultPolicy.<init>(DefaultPolicy.java:172) The fix was to update BouncyCastle and fix the test to create a valid policy file and fix the assertions for the implied permissions. Fixed at repo revision r828697. Please verify.
        Hide
        Tim Ellison added a comment -

        For the record, the test failure I see with BouncyCastle 1.44 is

        Permission should be granted expected:<[fals]e> but was:<[tru]e>

        junit.framework.ComparisonFailure: Permission should be granted expected:<[fals]e> but was:<[tru]e>
        at tests.api.java.security.PermissionCollectionTest.test_impliesLjava_security_Permission(PermissionCollectionTest.java:166)
        at java.lang.reflect.AccessibleObject.invokeV(AccessibleObject.java:197)

        Show
        Tim Ellison added a comment - For the record, the test failure I see with BouncyCastle 1.44 is Permission should be granted expected:< [fals] e> but was:< [tru] e> junit.framework.ComparisonFailure: Permission should be granted expected:< [fals] e> but was:< [tru] e> at tests.api.java.security.PermissionCollectionTest.test_impliesLjava_security_Permission(PermissionCollectionTest.java:166) at java.lang.reflect.AccessibleObject.invokeV(AccessibleObject.java:197)
        Tim Ellison made changes -
        Field Original Value New Value
        Summary PermissionCollectionTest passes thanks to a bug in bcprov.jar [classlib][security] PermissionCollectionTest passes thanks to a bug in bcprov.jar
        Assignee Tim Ellison [ tellison ]
        Kyle Cho created issue -

          People

          • Assignee:
            Tim Ellison
            Reporter:
            Kyle Cho
          • Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved:

              Development