-
Type:
Bug
-
Resolution: Fixed
-
Priority:
P3
-
Affects Version/s: 1.4.1
-
Component/s: security-libs
-
hopper
-
generic
-
generic
-
Verified
Test Scenario
=================
statically register JsafeJCE provider into java.security
that means add the following line into $JAVA_HOME/jre/lib/security/java.security
security.provider.6=com.rsa.jsafe.provider.JsafeJCE
Then we try to use keytool command
How to Reproduce
=================
1. keytool -genkey -alias another -keyalg myKeyAlgo -keysize 768 -sigalg DSS -dname cn=YunKe -keypass keypasswd -keystore mykeystore -storepass storepasswd
2. you will see this --
Exception in thread "main" java.lang.LinkageError: duplicate class definition: com/rsa/jsafe/provider/JsafeJCE
at java.lang.ClassLoader.defineClass0(Native Method)
at java.lang.ClassLoader.defineClass(ClassLoader.java:509)
at java.security.SecureClassLoader.defineClass(SecureClassLoader.java:123)
at java.net.URLClassLoader.defineClass(URLClassLoader.java:246)
at java.net.URLClassLoader.access$100(URLClassLoader.java:54)
at java.net.URLClassLoader$1.run(URLClassLoader.java:193)
at java.security.AccessController.doPrivileged(Native Method)
at java.net.URLClassLoader.findClass(URLClassLoader.java:186)
at java.lang.ClassLoader.loadClass(ClassLoader.java:306)
at java.lang.ClassLoader.loadClass(ClassLoader.java:299)
at sun.misc.Launcher$AppClassLoader.loadClass(Launcher.java:265)
at java.lang.ClassLoader.loadClass(ClassLoader.java:262)
at java.security.Provider.loadProvider(Provider.java:145)
at java.security.Security$3.run(Security.java:342)
at java.security.AccessController.doPrivileged(Native Method)
at java.security.Security.loadOneMoreProvider(Security.java:339)
at java.security.Security.getEngineClassName(Security.java:559)
at java.security.Security.getEngineClassName(Security.java:581)
at java.security.Security.getImpl(Security.java:1030)
at java.security.KeyPairGenerator.getInstance(KeyPairGenerator.java:146)
at sun.security.x509.CertAndKeyGen.<init>(CertAndKeyGen.java:59)
at sun.security.tools.KeyTool.doGenKeyPair(KeyTool.java:687)
at sun.security.tools.KeyTool.doCommands(KeyTool.java:489)
at sun.security.tools.KeyTool.run(KeyTool.java:124)
at sun.security.tools.KeyTool.main(KeyTool.java:118)
Actually, we expect the following result --
keytool error: java.security.NoSuchAlgorithmException: MYKEYALGO KeyPairGenerator not available
Note:
It failed with Merlin and Hopper, but Passed with Ladybird (JDK 1.3.1)
=================
statically register JsafeJCE provider into java.security
that means add the following line into $JAVA_HOME/jre/lib/security/java.security
security.provider.6=com.rsa.jsafe.provider.JsafeJCE
Then we try to use keytool command
How to Reproduce
=================
1. keytool -genkey -alias another -keyalg myKeyAlgo -keysize 768 -sigalg DSS -dname cn=YunKe -keypass keypasswd -keystore mykeystore -storepass storepasswd
2. you will see this --
Exception in thread "main" java.lang.LinkageError: duplicate class definition: com/rsa/jsafe/provider/JsafeJCE
at java.lang.ClassLoader.defineClass0(Native Method)
at java.lang.ClassLoader.defineClass(ClassLoader.java:509)
at java.security.SecureClassLoader.defineClass(SecureClassLoader.java:123)
at java.net.URLClassLoader.defineClass(URLClassLoader.java:246)
at java.net.URLClassLoader.access$100(URLClassLoader.java:54)
at java.net.URLClassLoader$1.run(URLClassLoader.java:193)
at java.security.AccessController.doPrivileged(Native Method)
at java.net.URLClassLoader.findClass(URLClassLoader.java:186)
at java.lang.ClassLoader.loadClass(ClassLoader.java:306)
at java.lang.ClassLoader.loadClass(ClassLoader.java:299)
at sun.misc.Launcher$AppClassLoader.loadClass(Launcher.java:265)
at java.lang.ClassLoader.loadClass(ClassLoader.java:262)
at java.security.Provider.loadProvider(Provider.java:145)
at java.security.Security$3.run(Security.java:342)
at java.security.AccessController.doPrivileged(Native Method)
at java.security.Security.loadOneMoreProvider(Security.java:339)
at java.security.Security.getEngineClassName(Security.java:559)
at java.security.Security.getEngineClassName(Security.java:581)
at java.security.Security.getImpl(Security.java:1030)
at java.security.KeyPairGenerator.getInstance(KeyPairGenerator.java:146)
at sun.security.x509.CertAndKeyGen.<init>(CertAndKeyGen.java:59)
at sun.security.tools.KeyTool.doGenKeyPair(KeyTool.java:687)
at sun.security.tools.KeyTool.doCommands(KeyTool.java:489)
at sun.security.tools.KeyTool.run(KeyTool.java:124)
at sun.security.tools.KeyTool.main(KeyTool.java:118)
Actually, we expect the following result --
keytool error: java.security.NoSuchAlgorithmException: MYKEYALGO KeyPairGenerator not available
Note:
It failed with Merlin and Hopper, but Passed with Ladybird (JDK 1.3.1)