[sip-comm-dev] Msn and crypto functions


#1

Hi Werner,

recently Emil added an issue (https://sip-communicator.dev.java.net/issues/show_bug.cgi?id=647). Today I can see the same exception in the sip-communicator cruisecontrol builds. I think that the exception is the reason for failing builds.
By the way I cannot reproduce it on my machine.
The exception is comming from the crypto package. The problem url is the actual url of the jar bundle in which the code is executed - msn protocol.
Do you have an idea what maybe the problem and why the crypto classes need the current jar url.
Here is the code from which the exception comes (net.sf.jml.protocol.soap.SSO$SSOticket.DES3(SSO.java:520)) :

516 Cipher cipher = Cipher.getInstance("DESede/CBC/NoPadding");
517 SecretKeySpec sk = new SecretKeySpec(key, "DESede");
518
519 IvParameterSpec sr = new IvParameterSpec(iv);
520 cipher.init(Cipher.ENCRYPT_MODE, sk, sr);

And here is the exception:

[java] java.net.MalformedURLException: invalid url:
reference:file:sc-bundles/protocol-msn.jar!/ (java.net.MalformedURLException:
Unknown protocol: reference)
     [java] at java.net.URL.<init>(URL.java:601)
     [java] at
org.apache.felix.framework.URLHandlersStreamHandlerProxy.parseURL(URLHandlersStreamHandlerProxy.java:281)
     [java] at java.net.URL.<init>(URL.java:596)
     [java] at java.net.URL.<init>(URL.java:464)
     [java] at java.net.URL.<init>(URL.java:413)
     [java] at javax.crypto.SunJCE_c.b(DashoA13*..)
     [java] at javax.crypto.SunJCE_c.a(DashoA13*..)
     [java] at javax.crypto.SunJCE_b.a(DashoA13*..)
     [java] at javax.crypto.SunJCE_h.a(DashoA13*..)
     [java] at javax.crypto.Cipher.c(DashoA13*..)
     [java] at javax.crypto.Cipher.b(DashoA13*..)
     [java] at javax.crypto.Cipher.a(DashoA13*..)
     [java] at javax.crypto.Cipher.init(DashoA13*..)
     [java] at net.sf.jml.protocol.soap.SSO$SSOticket.DES3(SSO.java:520)

···

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@sip-communicator.dev.java.net
For additional commands, e-mail: dev-help@sip-communicator.dev.java.net


#2

Damian,

to be honest - I have no idea. If it is a real security problem,
for example illegal key length or something, then we would see this
every time, not just now and then.

What comes into my mind is that somebody could check the security
policy JAR files in $JAVA_HOME/jre/lib/security, if they exist and
if they look ok (don't touch them otherwise, they are signed).
On my system they look like this:

-rw-r--r-- 1 root root 2940 9. M�r 20:10 /usr/lib64/jvm-private/java-1_6_0-sun/jce/vanilla/local_policy.jar
-rw-r--r-- 1 root root 2469 9. M�r 20:10 /usr/lib64/jvm-private/java-1_6_0-sun/jce/vanilla/US_export_policy.jar

(don't mind the path name, it's due to this "alternatives" stuff)

Regards,
Werner

Damian Minkov schrieb:

···

Hi Werner,

recently Emil added an issue
(https://sip-communicator.dev.java.net/issues/show_bug.cgi?id=647).
Today I can see the same exception in the sip-communicator cruisecontrol
builds. I think that the exception is the reason for failing builds.
By the way I cannot reproduce it on my machine.
The exception is comming from the crypto package. The problem url is the
actual url of the jar bundle in which the code is executed - msn protocol.
Do you have an idea what maybe the problem and why the crypto classes
need the current jar url.
Here is the code from which the exception comes
(net.sf.jml.protocol.soap.SSO$SSOticket.DES3(SSO.java:520)) :

516 Cipher cipher =
Cipher.getInstance("DESede/CBC/NoPadding");
517 SecretKeySpec sk = new SecretKeySpec(key, "DESede");
518
519 IvParameterSpec sr = new IvParameterSpec(iv);
520 cipher.init(Cipher.ENCRYPT_MODE, sk, sr);

And here is the exception:

[java] java.net.MalformedURLException: invalid url:
reference:file:sc-bundles/protocol-msn.jar!/
(java.net.MalformedURLException:
Unknown protocol: reference)
    [java] at java.net.URL.<init>(URL.java:601)
    [java] at
org.apache.felix.framework.URLHandlersStreamHandlerProxy.parseURL(URLHandlersStreamHandlerProxy.java:281)

    [java] at java.net.URL.<init>(URL.java:596)
    [java] at java.net.URL.<init>(URL.java:464)
    [java] at java.net.URL.<init>(URL.java:413)
    [java] at javax.crypto.SunJCE_c.b(DashoA13*..)
    [java] at javax.crypto.SunJCE_c.a(DashoA13*..)
    [java] at javax.crypto.SunJCE_c.a(DashoA13*..)
    [java] at javax.crypto.SunJCE_b.a(DashoA13*..)
    [java] at javax.crypto.SunJCE_h.a(DashoA13*..)
    [java] at javax.crypto.SunJCE_h.a(DashoA13*..)
    [java] at javax.crypto.Cipher.c(DashoA13*..)
    [java] at javax.crypto.Cipher.b(DashoA13*..)
    [java] at javax.crypto.Cipher.a(DashoA13*..)
    [java] at javax.crypto.Cipher.init(DashoA13*..)
    [java] at javax.crypto.Cipher.init(DashoA13*..)
    [java] at net.sf.jml.protocol.soap.SSO$SSOticket.DES3(SSO.java:520)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@sip-communicator.dev.java.net
For additional commands, e-mail: dev-help@sip-communicator.dev.java.net

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@sip-communicator.dev.java.net
For additional commands, e-mail: dev-help@sip-communicator.dev.java.net