Hello Today I've found the reason of why drlvm currently cannot use jar files signed with jarsigner in classpath. When it is done it throws "SecurityException: K00ec" :) . The reason is that SHA1 provider cannot be found by security API to check the signature.
It cannot be found because now bootclasspath.properties is taken from classlib and it does not mention bcprov-jdk14-129.jar where this provider should be found. As a workaround this jar file may be added to bootclasspath, but this is not really correct. The class of SHA1 provider org.bouncycastle.jce.provider.JDKMessageDigest$SHA1 shouldn't really appear in bootclasspath because security provider is an extension and should be loaded by an extension class loader, not bootstrap. This is AFAIK something that drlvm doesn't have in kernel classes at the moment. I think the correct way to fix the problem would be to add one and invoke it somehow... but I don't really know the subtleties of classloader hierarchy so I am not sure how and when it should be invoked. The workaround like adding bcprov-jdk14-129.jar to bootclasspath is not enough, the directory lib/boot/security has to be copied from classlib as well or security engine cannot find the provider. This is pretty simple to fix I think. One more interesting thing is that first after clean rebuild of drlvm I had "SecurityException: K00ec" thrown. But after several incremental rebuilds when I just changed classlib and rebuilt drlvm to copy changed jar files to its deploy directory the exception appeared to have a normal message like java.lang.SecurityException: META-INF/TESTKEY.SF has invalid digest for Hello.class in /home/gregory/work/tests/Hello.jar So some resources don't appear in drlvm deploy dir by default, but I couldn't find which files make the difference. This is something to be fixed separately. -- Gregory Shimansky, Intel Middleware Products Division --------------------------------------------------------------------- Terms of use : http://incubator.apache.org/harmony/mailing.html To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
