Hi all, we are using bouncycastle as jce provider in our application setup based on AEM (Apache Sling) and I got an error during jar verification. (Something with MalformedURLException).
For my use case I fixed the issue by implementing a URLStreamHandlerService providing a URLConnection to the bundle location but during my work on this I thought about the topic more in general. As the comment in BundleProtectionDomain.java:38 says the CodeSource of a BundleProtectionDomain should be based on the revision of the bundle not the bundle itself. (for me the bundle location is "jcrinstall:/a/path/to/the/bundle.jar") Is there any reason why the bundle location is used here and not the file:///<file:///\\> URL of the revision located in the cache instead? I mentioned that unfortunatly the JceSecurity implementation has a WeakHashMap<Class,URL> that holds the URL to the location of the CodeSource. So I assume that it might be possible that the worng CodeSource location can be returned there when the cache points to a old revision location after a bundle update without garbage collection of the old revision. Am I right? Kind Regards, Dirk Rudolph T-Systems Multimedia Solutions GmbH Organisationseinheit CCS Dirk Rudolph Software-Entwicklung, OCJP Hausanschrift: Riesaer Straße 5, 01129 Dresden Postanschrift: Postfach 10 02 24, 01072 Dresden +49 351 2820-5363 (Tel) E-Mail: [email protected]<mailto:[email protected]> Internet: http://www.t-systems-mms.com<http://www.t-systems-mms.de/> T-Systems Multimedia Solutions GmbH Aufsichtsrat: Thilo Kusch (Vorsitzender) Geschäftsführung: Peter Klingenburg, Susanne Heger, Dr. Rolf Werner Handelsregister: Amtsgericht Dresden HRB 11433 Sitz der Gesellschaft: Dresden Ust-IdNr.: DE 811 807 949
