P3
A JCE SealedObject test fails on de-serialization now
that JCE 1.2.1 is an installed extension. (JCE 1.2 was
not required to be installed as an extension and thus
the test worked). The class which cannot be found
by getObject is external to the main test. It is
on the classpath and is found for serializing OK.
The stack trace :
java.lang.ClassNotFoundException: Obj1
at java.net.URLClassLoader$1.run(URLClassLoader.java:200)
at java.security.AccessController.doPrivileged(Native Method)
at java.net.URLClassLoader.findClass(URLClassLoader.java:188)
at java.lang.ClassLoader.loadClass(ClassLoader.java:297)
at java.lang.ClassLoader.loadClass(ClassLoader.java:253)
at java.lang.ClassLoader.loadClassInternal(ClassLoader.java:313)
at java.lang.Class.forName0(Native Method)
at java.lang.Class.forName(Class.java:195)
at java.io.ObjectInputStream.resolveClass(ObjectInputStream.java:654)
at java.io.ObjectInputStream.inputClassDescriptor(ObjectInputStream.java:918)
at java.io.ObjectInputStream.readObject(ObjectInputStream.java:366)
at java.io.ObjectInputStream.readObject(ObjectInputStream.java:236)
at java.io.ObjectInputStream.inputObject(ObjectInputStream.java:1186)
at java.io.ObjectInputStream.readObject(ObjectInputStream.java:386)
at java.io.ObjectInputStream.readObject(ObjectInputStream.java:236)
at javax.crypto.SealedObject.getObject(SealedObject.java:261)
at testSealedObject.main(testSealedObject.java:34)
Sharon Liu looked at ObjectInputStream.resolveClass() code
and believes that it only sees the extensnion class loader
when JCE is installed as an extension.
I have set up my own jdk with jce installed as an extension on
/home/krystyna. The main test code follows. Obj1.java is
attached. (It will not be possible to execute this test
code unless you have the same environment setup and have
the java.security file configured correctly.)
import java.security.*;
import javax.crypto.*;
import Obj1;
public class testSealedObject {
public static void main (String[] args) {
SealedObject so = null;
Obj1 obj1 = new Obj1(10, "sealedObjectTests",
"sealedObjectTests".getBytes());
Obj1 obj2;
try {
Cipher cp = Cipher.getInstance("Blowfish","SunJCE");
KeyGenerator kg = KeyGenerator.getInstance("Blowfish");
Key mykey = kg.generateKey();
cp.init(Cipher.ENCRYPT_MODE,mykey);
so = new SealedObject(obj1,cp);
cp.init(Cipher.DECRYPT_MODE,mykey);
obj2=(Obj1)so.getObject(cp);
}
catch (Exception e) {
e.printStackTrace();
System.out.println("Caught " + e);
System.exit(0);
}
System.out.println("Exiting without problem");
System.exit(0);
}
}
that JCE 1.2.1 is an installed extension. (JCE 1.2 was
not required to be installed as an extension and thus
the test worked). The class which cannot be found
by getObject is external to the main test. It is
on the classpath and is found for serializing OK.
The stack trace :
java.lang.ClassNotFoundException: Obj1
at java.net.URLClassLoader$1.run(URLClassLoader.java:200)
at java.security.AccessController.doPrivileged(Native Method)
at java.net.URLClassLoader.findClass(URLClassLoader.java:188)
at java.lang.ClassLoader.loadClass(ClassLoader.java:297)
at java.lang.ClassLoader.loadClass(ClassLoader.java:253)
at java.lang.ClassLoader.loadClassInternal(ClassLoader.java:313)
at java.lang.Class.forName0(Native Method)
at java.lang.Class.forName(Class.java:195)
at java.io.ObjectInputStream.resolveClass(ObjectInputStream.java:654)
at java.io.ObjectInputStream.inputClassDescriptor(ObjectInputStream.java:918)
at java.io.ObjectInputStream.readObject(ObjectInputStream.java:366)
at java.io.ObjectInputStream.readObject(ObjectInputStream.java:236)
at java.io.ObjectInputStream.inputObject(ObjectInputStream.java:1186)
at java.io.ObjectInputStream.readObject(ObjectInputStream.java:386)
at java.io.ObjectInputStream.readObject(ObjectInputStream.java:236)
at javax.crypto.SealedObject.getObject(SealedObject.java:261)
at testSealedObject.main(testSealedObject.java:34)
Sharon Liu looked at ObjectInputStream.resolveClass() code
and believes that it only sees the extensnion class loader
when JCE is installed as an extension.
I have set up my own jdk with jce installed as an extension on
/home/krystyna. The main test code follows. Obj1.java is
attached. (It will not be possible to execute this test
code unless you have the same environment setup and have
the java.security file configured correctly.)
import java.security.*;
import javax.crypto.*;
import Obj1;
public class testSealedObject {
public static void main (String[] args) {
SealedObject so = null;
Obj1 obj1 = new Obj1(10, "sealedObjectTests",
"sealedObjectTests".getBytes());
Obj1 obj2;
try {
Cipher cp = Cipher.getInstance("Blowfish","SunJCE");
KeyGenerator kg = KeyGenerator.getInstance("Blowfish");
Key mykey = kg.generateKey();
cp.init(Cipher.ENCRYPT_MODE,mykey);
so = new SealedObject(obj1,cp);
cp.init(Cipher.DECRYPT_MODE,mykey);
obj2=(Obj1)so.getObject(cp);
}
catch (Exception e) {
e.printStackTrace();
System.out.println("Caught " + e);
System.exit(0);
}
System.out.println("Exiting without problem");
System.exit(0);
}
}
- duplicates
-
JDK-4224921 ClassNotFoundException deserializing standard extension obj containing app obj
-
- Closed
-