Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-4483049

Missing doPrivileged around getting "cert.provider.x509v1" property

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: P3
    • Resolution: Fixed
    • Affects Version/s: 1.0.2
    • Fix Version/s: 1.0.3
    • Component/s: security-libs
    • Labels:
      None
    • Subcomponent:
    • Resolved In Build:
      1.0.3
    • CPU:
      generic
    • OS:
      generic

      Backports

        Description

        It looks like the javax.security.cert.X509Certificate constructor (line 133) is trying to read the "cert.provider.x509v1" security property without wrapping the "java.security.Security.getProperty" call in a doPrivileged block (see stack trace below). As a result of this, non-JSSE code on the stack also requires the corresponding java.security.SecurityPermission ("getProperty.cert.provider.x509v1"), which is undesirable.

        access: access denied (java.security.SecurityPermission getProperty.cert.provider.x509v1 )
        java.lang.Exception: Stack trace
                at java.lang.Thread.dumpStack(Thread.java:983)
                at java.security.AccessControlContext.checkPermission(AccessControlContext.java:184)
                at java.security.AccessController.checkPermission(AccessController.java:403)
                at java.lang.SecurityManager.checkPermission(SecurityManager.java:549)
                at java.security.Security.getProperty(Security.java:695)
                at javax.security.cert.X509Certificate.<clinit>(X509Certificate.java:133)
                at com.sun.net.ssl.internal.ssl.SSLSessionImpl.getPeerCertificateChain([DashoPro-V1.2-120198])
                at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage([DashoPro-V1.2-120198])
                at com.sun.net.ssl.internal.ssl.Handshaker.process_record([DashoPro-V1.2-120198])
                at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a([DashoPro-V1.2-120198])
                at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a([DashoPro-V1.2-120198])
                at com.sun.net.ssl.internal.ssl.AppOutputStream.write([DashoPro-V1.2-120198])
                at java.io.OutputStream.write(OutputStream.java:65)
                at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake([DashoPro-V1.2-120198])
                at com.sun.net.ssl.internal.www.protocol.https.HttpsClient.doConnect([DashoPro-V1.2-120198])
                at com.sun.net.ssl.internal.www.protocol.https.NetworkClient.openServer([DashoPro-V1.2-120198])
                at com.sun.net.ssl.internal.www.protocol.https.HttpClient.l([DashoPro-V1.2-120198])
                at com.sun.net.ssl.internal.www.protocol.https.HttpClient.&lt;init&gt;([DashoPro-V1.2-120198])
                at com.sun.net.ssl.internal.www.protocol.https.HttpsClient.&lt;init&gt;([DashoPro-V1.2-120198])
                at com.sun.net.ssl.internal.www.protocol.https.HttpsClient.a([DashoPro-V1.2-120198])
                at com.sun.net.ssl.internal.www.protocol.https.HttpsClient.a([DashoPro-V1.2-120198])
                at com.sun.net.ssl.internal.www.protocol.https.HttpsURLConnection.connect([DashoPro-V1.2-120198])
                at com.sun.net.ssl.internal.www.protocol.https.HttpsURLConnection.getOutputStream([DashoPro-V1.2-120198])

          Attachments

            Issue Links

              Activity

                People

                Assignee:
                jdn Jeffrey Nisewanger (Inactive)
                Reporter:
                jlueheorcl Jan Luehe (Inactive)
                Votes:
                0 Vote for this issue
                Watchers:
                0 Start watching this issue

                  Dates

                  Created:
                  Updated:
                  Resolved:
                  Imported:
                  Indexed: