audtjddld / javapns

Automatically exported from code.google.com/p/javapns
0 stars 0 forks source link

AccessControlException thrown on Security.getProperty on App Engine (with sockets support on) #148

Closed GoogleCodeExporter closed 8 years ago

GoogleCodeExporter commented 8 years ago
What steps will reproduce the problem?
1. Load the javapns jars into an App Engine apps' WEB-INF/lib directory
2. Attempt to use the simple example code for javapns.

Offending cod here:
https://code.google.com/p/javapns/source/browse/trunk/src/javapns/communication/
ConnectionToAppleServer.java#27

It appears that the property key "ssl.KeyManagerFactory.algorithm" is used by 
KeyManagerFactory.getDefaultAlgorithm() in a similar way that the javapns code 
does, however, in getDefaultAlgorithm(), the call is surrounded by a 
AccessController.doPrivileged call which would mean that had javapns used 
KeyManagerFactory.getDefaultAlgorithm, we would not be seeing the failure.

The following stack trace is seen:

java.security.AccessControlException: access denied 
(java.security.SecurityPermission getProperty.ssl.KeyManagerFactory.algorithm)
       at java.security.AccessControlContext.checkPermission(AccessControlContext.java:393)
       at java.security.AccessController.checkPermission(AccessController.java:553)
       at java.lang.SecurityManager.checkPermission(SecurityManager.java:549)
       at com.google.appengine.tools.development.DevAppServerFactory$CustomSecurityManager.checkPermission(DevAppServerFactory.java:289)
       at java.security.Security.getProperty(Security.java:762)

Tested with Google App Engine v 1.7.2 dev server (on linux) with sockets 
enabled and also on Google App Engine v 1.7.2 production although the stack 
trace is different but the exception is the same.

For the record, working around this issue seemed to result in a working javapns 
on App Engine.  

The only other issue was that App Engine does not support signed jars which 
meant we needed to remove the META-INF/MANIFEST.MF file from 
bcprov-jdk15-146.jar. i.e.:

zip -d bcprov-jdk15-146.jar META-INF/MANIFEST.MF

Original issue reported on code.google.com by gmari...@google.com on 3 Oct 2012 at 12:52

GoogleCodeExporter commented 8 years ago
Class and library fixed in r378 (in the trunk).  New builds containing these 
fixes will be made and uploaded soon.

Original comment by sype...@gmail.com on 5 Oct 2012 at 2:51

GoogleCodeExporter commented 8 years ago
Thanks for the fix.  BTW KeyManagerFactory.getDefaultAlgorithm() never returns 
null - by default it returns "SunX509" ...

BTW - I tested the one line fix on appengine 1.7.2 and it works fine. Nice...

Original comment by gmari...@google.com on 5 Oct 2012 at 4:00