search

mwkirk / javapns

Test import of svn javapns repo from Google Code
3 stars 0 forks source link

AccessControlException thrown on Security.getProperty on App Engine (with sockets support on) #148

Closed mwkirk closed 11 years ago

mwkirk commented 11 years ago

Original author: gmari...@google.com (October 03, 2012 00:52:52)

What steps will reproduce the problem?

  1. Load the javapns jars into an App Engine apps' WEB-INF/lib directory
  2. Attempt to use the simple example code for javapns.

Offending cod here: https://code.google.com/p/javapns/source/browse/trunk/src/javapns/communication/ConnectionToAppleServer.java#27

It appears that the property key "ssl.KeyManagerFactory.algorithm" is used by KeyManagerFactory.getDefaultAlgorithm() in a similar way that the javapns code does, however, in getDefaultAlgorithm(), the call is surrounded by a AccessController.doPrivileged call which would mean that had javapns used KeyManagerFactory.getDefaultAlgorithm, we would not be seeing the failure.

The following stack trace is seen:

java.security.AccessControlException: access denied (java.security.SecurityPermission getProperty.ssl.KeyManagerFactory.algorithm) at java.security.AccessControlContext.checkPermission(AccessControlContext.java:393) at java.security.AccessController.checkPermission(AccessController.java:553) at java.lang.SecurityManager.checkPermission(SecurityManager.java:549) at com.google.appengine.tools.development.DevAppServerFactory$CustomSecurityManager.checkPermission(DevAppServerFactory.java:289) at java.security.Security.getProperty(Security.java:762)

Tested with Google App Engine v 1.7.2 dev server (on linux) with sockets enabled and also on Google App Engine v 1.7.2 production although the stack trace is different but the exception is the same.

For the record, working around this issue seemed to result in a working javapns on App Engine.

The only other issue was that App Engine does not support signed jars which meant we needed to remove the META-INF/MANIFEST.MF file from bcprov-jdk15-146.jar. i.e.:

zip -d bcprov-jdk15-146.jar META-INF/MANIFEST.MF

Original issue: http://code.google.com/p/javapns/issues/detail?id=148

mwkirk commented 11 years ago

From sype...@gmail.com on October 05, 2012 02:51:50 Class and library fixed in r378 (in the trunk). New builds containing these fixes will be made and uploaded soon.

mwkirk commented 11 years ago

From gmari...@google.com on October 05, 2012 04:00:18 Thanks for the fix. BTW KeyManagerFactory.getDefaultAlgorithm() never returns null - by default it returns "SunX509" ...

BTW - I tested the one line fix on appengine 1.7.2 and it works fine. Nice...