Bugscape bug 50033: make the KeyType class public and force it to load

during CryptoManager.initialize(), before we add JSS as a provider. The KeyType class was failing to load properly, because its static initializers force the class load of KeyWrapAlgorithm, whose signature needed to be verified, which invoked JSS's signature provider, which accessed KeyType. Basically, installing JSS as the default signature provider before its classes have loaded creates a possibility of circular dependencies in class initialization. The patch is due to Jamie Nicolson. r=wtc. Modified Files: CryptoManager.java pkcs11/KeyType.java
2024-11-30 00:01:50 +00:00 · 2003-08-15 01:00:35 +00:00 · 2003-08-15 01:00:35 +00:00 · ca9de7e2fa
commit ca9de7e2fa
parent 41e4d3e485
2 changed files with 19 additions and 7 deletions
--- a/security/jss/org/mozilla/jss/CryptoManager.java
+++ b/security/jss/org/mozilla/jss/CryptoManager.java
@ -39,6 +39,7 @@ import java.security.cert.CertificateException;
 import java.security.GeneralSecurityException;
 import org.mozilla.jss.pkcs11.PK11Cert;
 import java.util.*;
+import org.mozilla.jss.pkcs11.KeyType;
 import org.mozilla.jss.pkcs11.PK11Token;
 import org.mozilla.jss.pkcs11.PK11Module;
 import org.mozilla.jss.pkcs11.PK11SecureRandom;
@ -52,7 +53,7 @@ import org.mozilla.jss.provider.java.security.JSSMessageDigestSpi;
 * Initialization is done with static methods, and must be done before
 * an instance can be created.  All other operations are done with instance
 * methods.
- * @version $Revision: 1.18 $ $Date: 2003/05/09 18:57:15 $
+ * @version $Revision: 1.19 $ $Date: 2003/08/15 01:00:32 $
 */
 public final class CryptoManager implements TokenSupplier
 {
@ -853,12 +854,17 @@ public final class CryptoManager implements TokenSupplier
                instance.reloadModules();
            }
        }
-        if( values.installJSSProvider ) {
-            // Force class load before we install the provider. Otherwise we get
-            // an infinite loop as the Security manager tries to instantiate the
-            // digest to verify its own JAR file.
-            JSSMessageDigestSpi mds = new JSSMessageDigestSpi.SHA1();

+        // Force class load before we install the provider. Otherwise we get
+        // an infinite loop as the Security manager tries to instantiate the
+        // digest to verify its own JAR file.
+        JSSMessageDigestSpi mds = new JSSMessageDigestSpi.SHA1();
+        // Force the KeyType class to load before we can install JSS as a
+        // provider.  JSS's signature provider accesses KeyType.
+        KeyType kt = KeyType.getKeyTypeFromAlgorithm(
+            SignatureAlgorithm.RSASignatureWithSHA1Digest);
+
+        if( values.installJSSProvider ) {
            int position = java.security.Security.insertProviderAt(
                            new JSSProvider(), 1);
            // This returns -1 if the provider was already installed, in which
--- a/security/jss/org/mozilla/jss/pkcs11/KeyType.java
+++ b/security/jss/org/mozilla/jss/pkcs11/KeyType.java
@ -47,8 +47,14 @@ import org.mozilla.jss.crypto.EncryptionAlgorithm;
 * These are the possible types for keys in the
 * wrapper library.
 * Key types are implemented as flyweights.
+ *
+ * Although the KeyType class is public, it should
+ * be considered private. We made the KeyType class
+ * public so that we can force it to load during
+ * CryptoManager.initialize(), before we install JSS
+ * as a provider.
 **/
-final class KeyType {
+public final class KeyType {
    protected KeyType() {}

    protected KeyType(Algorithm[] algs, String name) {