From derby-commits-return-1202-apmail-db-derby-commits-archive=db.apache.org@db.apache.org Fri Aug 05 00:31:11 2005 Return-Path: Delivered-To: apmail-db-derby-commits-archive@www.apache.org Received: (qmail 70287 invoked from network); 5 Aug 2005 00:31:11 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (209.237.227.199) by minotaur.apache.org with SMTP; 5 Aug 2005 00:31:11 -0000 Received: (qmail 68981 invoked by uid 500); 5 Aug 2005 00:31:09 -0000 Delivered-To: apmail-db-derby-commits-archive@db.apache.org Received: (qmail 68928 invoked by uid 500); 5 Aug 2005 00:31:08 -0000 Mailing-List: contact derby-commits-help@db.apache.org; run by ezmlm Precedence: bulk list-help: list-unsubscribe: List-Post: Reply-To: "Derby Development" List-Id: Delivered-To: mailing list derby-commits@db.apache.org Received: (qmail 68890 invoked by uid 99); 5 Aug 2005 00:31:08 -0000 X-ASF-Spam-Status: No, hits=-9.8 required=10.0 tests=ALL_TRUSTED,NO_REAL_NAME X-Spam-Check-By: apache.org Received: from [209.237.227.194] (HELO minotaur.apache.org) (209.237.227.194) by apache.org (qpsmtpd/0.29) with SMTP; Thu, 04 Aug 2005 17:30:56 -0700 Received: (qmail 70134 invoked by uid 65534); 5 Aug 2005 00:30:54 -0000 Message-ID: <20050805003054.70133.qmail@minotaur.apache.org> Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Subject: svn commit: r230183 - in /db/derby/code/trunk/java: engine/org/apache/derby/iapi/services/loader/ engine/org/apache/derby/iapi/types/ engine/org/apache/derby/impl/services/reflect/ engine/org/apache/derby/impl/sql/compile/ engine/org/apache/derby/impl/... Date: Fri, 05 Aug 2005 00:30:51 -0000 To: derby-commits@db.apache.org From: djd@apache.org X-Mailer: svnmailer-1.0.3 X-Virus-Checked: Checked by ClamAV on apache.org X-Spam-Rating: minotaur.apache.org 1.6.2 0/1000/N Author: djd Date: Thu Aug 4 17:30:40 2005 New Revision: 230183 URL: http://svn.apache.org/viewcvs?rev=230183&view=rev Log: DERBY-485 Catch SecurityExceptions and LinkageExceptions consistently when loading application classes (e.g. procedures, functions) and report as a ClassNotFoundException with the text of the underlying exception. Enhance the test lang/dcl.jar to have a signed jar file as a database jar, a hacked version of the jar file and a jar file with an invalid class (for a LinkageError). Added: db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/master/jdk15/ db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/master/jdk15/dcl.out (with props) db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/lang/dcl_emc2l.jar (with props) db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/lang/dcl_emc2s.jar (with props) db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/lang/dcl_emc2sm.jar (with props) Modified: db/derby/code/trunk/java/engine/org/apache/derby/iapi/services/loader/ClassFactory.java db/derby/code/trunk/java/engine/org/apache/derby/iapi/services/loader/ClassInspector.java db/derby/code/trunk/java/engine/org/apache/derby/iapi/types/TypeId.java db/derby/code/trunk/java/engine/org/apache/derby/impl/services/reflect/DatabaseClasses.java db/derby/code/trunk/java/engine/org/apache/derby/impl/services/reflect/ReflectClassesJava2.java db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/compile/ColumnDefinitionNode.java db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/compile/QueryTreeNode.java db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/execute/CreateAliasConstantAction.java db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/master/dcl.out db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/lang/copyfiles.ant db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/lang/dcl.sql db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/lang/dcl_app.properties db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/lang/dcl_emc2.jar Modified: db/derby/code/trunk/java/engine/org/apache/derby/iapi/services/loader/ClassFactory.java URL: http://svn.apache.org/viewcvs/db/derby/code/trunk/java/engine/org/apache/derby/iapi/services/loader/ClassFactory.java?rev=230183&r1=230182&r2=230183&view=diff ============================================================================== --- db/derby/code/trunk/java/engine/org/apache/derby/iapi/services/loader/ClassFactory.java (original) +++ db/derby/code/trunk/java/engine/org/apache/derby/iapi/services/loader/ClassFactory.java Thu Aug 4 17:30:40 2005 @@ -51,7 +51,8 @@ /** Load an application class, or a class that is potentially an application class. - @exception ClassNotFoundException Class cannot be found + @exception ClassNotFoundException Class cannot be found, or + a SecurityException or LinkageException was thrown loading the class. */ public Class loadApplicationClass(String className) throws ClassNotFoundException; @@ -59,7 +60,8 @@ /** Load an application class, or a class that is potentially an application class. - @exception ClassNotFoundException Class cannot be found + @exception ClassNotFoundException Class cannot be found, or + a SecurityException or LinkageException was thrown loading the class. */ public Class loadApplicationClass(ObjectStreamClass classDescriptor) throws ClassNotFoundException; Modified: db/derby/code/trunk/java/engine/org/apache/derby/iapi/services/loader/ClassInspector.java URL: http://svn.apache.org/viewcvs/db/derby/code/trunk/java/engine/org/apache/derby/iapi/services/loader/ClassInspector.java?rev=230183&r1=230182&r2=230183&view=diff ============================================================================== --- db/derby/code/trunk/java/engine/org/apache/derby/iapi/services/loader/ClassInspector.java (original) +++ db/derby/code/trunk/java/engine/org/apache/derby/iapi/services/loader/ClassInspector.java Thu Aug 4 17:30:40 2005 @@ -794,7 +794,8 @@ and primitive types. This will attempt to load the class from the application set. - @exception ClassNotFoundException Class cannot be found. + @exception ClassNotFoundException Class cannot be found, or + a SecurityException or LinkageException was thrown loading the class. */ public Class getClass(String className) throws ClassNotFoundException { Modified: db/derby/code/trunk/java/engine/org/apache/derby/iapi/types/TypeId.java URL: http://svn.apache.org/viewcvs/db/derby/code/trunk/java/engine/org/apache/derby/iapi/types/TypeId.java?rev=230183&r1=230182&r2=230183&view=diff ============================================================================== --- db/derby/code/trunk/java/engine/org/apache/derby/iapi/types/TypeId.java (original) +++ db/derby/code/trunk/java/engine/org/apache/derby/iapi/types/TypeId.java Thu Aug 4 17:30:40 2005 @@ -1267,10 +1267,6 @@ { orderable = false; } - catch (LinkageError le) - { - orderable = false; - } break; default: Modified: db/derby/code/trunk/java/engine/org/apache/derby/impl/services/reflect/DatabaseClasses.java URL: http://svn.apache.org/viewcvs/db/derby/code/trunk/java/engine/org/apache/derby/impl/services/reflect/DatabaseClasses.java?rev=230183&r1=230182&r2=230183&view=diff ============================================================================== --- db/derby/code/trunk/java/engine/org/apache/derby/impl/services/reflect/DatabaseClasses.java (original) +++ db/derby/code/trunk/java/engine/org/apache/derby/impl/services/reflect/DatabaseClasses.java Thu Aug 4 17:30:40 2005 @@ -76,7 +76,7 @@ @see org.apache.derby.iapi.services.loader.ClassFactory */ -public abstract class DatabaseClasses +abstract class DatabaseClasses implements ClassFactory, ModuleControl { /* @@ -92,7 +92,7 @@ ** Constructor */ - public DatabaseClasses() { + DatabaseClasses() { } /* @@ -208,22 +208,36 @@ public final Class loadApplicationClass(String className) throws ClassNotFoundException { + Throwable loadError; try { - return loadClassNotInDatabaseJar(className); - } catch (ClassNotFoundException cnfe) { - if (applicationLoader == null) - throw cnfe; - Class c = applicationLoader.loadClass(className, true); - if (c == null) - throw cnfe; - return c; + try { + return loadClassNotInDatabaseJar(className); + } catch (ClassNotFoundException cnfe) { + if (applicationLoader == null) + throw cnfe; + Class c = applicationLoader.loadClass(className, true); + if (c == null) + throw cnfe; + return c; + } } + catch (SecurityException se) + { + // Thrown if the class has been comprimised in some + // way, e.g. modified in a signed jar. + loadError = se; + } + catch (LinkageError le) + { + // some error linking the jar, again could + // be malicious code inserted into a jar. + loadError = le; + } + throw new ClassNotFoundException(className + " : " + loadError.getMessage()); } - - Class loadClassNotInDatabaseJar(String className) throws ClassNotFoundException { - return Class.forName(className); - } - + + abstract Class loadClassNotInDatabaseJar(String className) + throws ClassNotFoundException; public final Class loadApplicationClass(ObjectStreamClass classDescriptor) throws ClassNotFoundException { Modified: db/derby/code/trunk/java/engine/org/apache/derby/impl/services/reflect/ReflectClassesJava2.java URL: http://svn.apache.org/viewcvs/db/derby/code/trunk/java/engine/org/apache/derby/impl/services/reflect/ReflectClassesJava2.java?rev=230183&r1=230182&r2=230183&view=diff ============================================================================== --- db/derby/code/trunk/java/engine/org/apache/derby/impl/services/reflect/ReflectClassesJava2.java (original) +++ db/derby/code/trunk/java/engine/org/apache/derby/impl/services/reflect/ReflectClassesJava2.java Thu Aug 4 17:30:40 2005 @@ -31,7 +31,7 @@ private java.util.HashMap preCompiled; - private int action; + private int action = -1; synchronized LoadedGeneratedClass loadGeneratedClassFromData(String fullyQualifiedName, ByteArray classDump) { @@ -62,21 +62,27 @@ } public final Object run() { - // SECURITY PERMISSION - MP2 - switch (action) { - case 1: - return new ReflectLoaderJava2(getClass().getClassLoader(), this); - case 2: - return Thread.currentThread().getContextClassLoader(); - default: - return null; + + try { + // SECURITY PERMISSION - MP2 + switch (action) { + case 1: + return new ReflectLoaderJava2(getClass().getClassLoader(), this); + case 2: + return Thread.currentThread().getContextClassLoader(); + default: + return null; + } + } finally { + action = -1; } + } - synchronized Class loadClassNotInDatabaseJar(String name) throws ClassNotFoundException { + Class loadClassNotInDatabaseJar(String name) throws ClassNotFoundException { Class foundClass = null; - action = 2; + // We may have two problems with calling getContextClassLoader() // when trying to find our own classes for aggregates. // 1) If using the URLClassLoader a ClassNotFoundException may be @@ -88,8 +94,12 @@ // (the classLoader that loaded Cloudscape). // So we call Class.forName to ensure that we find the class. try { - ClassLoader cl = ((ClassLoader) + ClassLoader cl; + synchronized(this) { + action = 2; + cl = ((ClassLoader) java.security.AccessController.doPrivileged(this)); + } foundClass = (cl != null) ? cl.loadClass(name) :Class.forName(name); Modified: db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/compile/ColumnDefinitionNode.java URL: http://svn.apache.org/viewcvs/db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/compile/ColumnDefinitionNode.java?rev=230183&r1=230182&r2=230183&view=diff ============================================================================== --- db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/compile/ColumnDefinitionNode.java (original) +++ db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/compile/ColumnDefinitionNode.java Thu Aug 4 17:30:40 2005 @@ -306,8 +306,6 @@ foundMatch = classInspector.accessible(columnTypeName); } catch (ClassNotFoundException cnfe) { reason = cnfe; - } catch (LinkageError le) { - reason = le; } if (!foundMatch) Modified: db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/compile/QueryTreeNode.java URL: http://svn.apache.org/viewcvs/db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/compile/QueryTreeNode.java?rev=230183&r1=230182&r2=230183&view=diff ============================================================================== --- db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/compile/QueryTreeNode.java (original) +++ db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/compile/QueryTreeNode.java Thu Aug 4 17:30:40 2005 @@ -1559,8 +1559,6 @@ } catch (ClassNotFoundException cnfe) { reason = cnfe; - } catch (LinkageError le) { - reason = le; } if (!foundMatch) Modified: db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/execute/CreateAliasConstantAction.java URL: http://svn.apache.org/viewcvs/db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/execute/CreateAliasConstantAction.java?rev=230183&r1=230182&r2=230183&view=diff ============================================================================== --- db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/execute/CreateAliasConstantAction.java (original) +++ db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/execute/CreateAliasConstantAction.java Thu Aug 4 17:30:40 2005 @@ -211,7 +211,7 @@ // Does the class exist? realClass = cf.loadApplicationClass(checkClassName); } - catch (Throwable t) + catch (ClassNotFoundException t) { throw StandardException.newException(SQLState.LANG_TYPE_DOESNT_EXIST2, t, checkClassName); } Modified: db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/master/dcl.out URL: http://svn.apache.org/viewcvs/db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/master/dcl.out?rev=230183&r1=230182&r2=230183&view=diff ============================================================================== --- db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/master/dcl.out (original) +++ db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/master/dcl.out Thu Aug 4 17:30:40 2005 @@ -97,6 +97,53 @@ big@blue.com |0 spammer@ripoff.com |0 open@source.org |1 +ij> -- function that gets the signers of the class (loaded from the jar) +create function EMC.GETSIGNERS(CLASS_NAME VARCHAR(256)) +RETURNS VARCHAR(60) +NO SQL +external name 'org.apache.derbyTesting.databaseclassloader.emc.getSigners' +language java parameter style java; +0 rows inserted/updated/deleted +ij> -- at this point the jar is not signed, NULL expected +VALUES EMC.GETSIGNERS('org.apache.derbyTesting.databaseclassloader.emc'); +1 +-------------------------------------------------------------------------------------------------------------------------------- +NULL +ij> -- Replace with a signed jar +-- (self signed certificate) +-- +-- Commands used to sign jar +-- keytool -genkey -dname "cn=EMC CTO, ou=EMC APP, o=Easy Mail Company, c=US" -alias emccto -keypass kpi135 -keystore emcks -storepass ab987c +-- keytool -selfcert -alias emccto -keypass kpi135 -keystore emcks -storepass ab987c +-- jarsigner -keystore emcks -storepass ab987c -keypass kpi135 -signedjar dcl_emc2s.jar dcl_emc2.jar emccto +-- +-- +CALL SQLJ.REPLACE_JAR('file:dcl_emc2s.jar', 'EMC.MAIL_APP'); +0 rows inserted/updated/deleted +ij> VALUES EMC.GETSIGNERS('org.apache.derbyTesting.databaseclassloader.emc'); +1 +-------------------------------------------------------------------------------------------------------------------------------- +CN=EMC CTO, OU=EMC APP, O=Easy Mail Company, C=US +ij> -- other jar should not be signed +VALUES EMC.GETSIGNERS('org.apache.derbyTesting.databaseclassloader.addon.vendor.util'); +1 +-------------------------------------------------------------------------------------------------------------------------------- +NULL +ij> -- replace with a hacked jar file, emc.class modified to diable +-- valid e-mail address check but using same signatures. +-- ie direct replacement of the .class file. +CALL SQLJ.REPLACE_JAR('file:dcl_emc2sm.jar', 'EMC.MAIL_APP'); +0 rows inserted/updated/deleted +ij> CALL EMC.ADDCONTACT(99, 'spamking@cracker.org'); +ERROR 42X51: The class 'org.apache.derbyTesting.databaseclassloader.emc' does not exist or is inaccessible. This can happen if the class is not public. +ERROR XJ001: Java exception: 'org.apache.derbyTesting.databaseclassloader.emc : Security exception thrown accessing class org.apache.derbyTesting.databaseclassloader.emc in jar "EMC"."MAIL_APP" : SHA1 digest error for org/apache/derbyTesting/databaseclassloader/emc.class: java.lang.ClassNotFoundException'. +ij> -- replace with a hacked jar file, emc.class modified to +-- be an invalid jar file (no signing on this jar). +CALL SQLJ.REPLACE_JAR('file:dcl_emc2l.jar', 'EMC.MAIL_APP'); +0 rows inserted/updated/deleted +ij> CALL EMC.ADDCONTACT(999, 'spamking2@cracker.org'); +ERROR 42X51: The class 'org.apache.derbyTesting.databaseclassloader.emc' does not exist or is inaccessible. This can happen if the class is not public. +ERROR XJ001: Java exception: 'org.apache.derbyTesting.databaseclassloader.emc : org/apache/derbyTesting/databaseclassloader/emc (Unsupported major.minor version 32558.32639): java.lang.ClassNotFoundException'. ij> -- cleanup CALL SQLJ.REMOVE_JAR('EMC.MAIL_APP', 0); ERROR X0X07: Cannot drop jar file '"EMC"."MAIL_APP"' because its on your db2j.database.classpath '"EMC"."MAIL_APP"'. @@ -108,6 +155,8 @@ ij> CALL SQLJ.REMOVE_JAR('EMC.MAIL_APP', 0); 0 rows inserted/updated/deleted ij> DROP PROCEDURE EMC.ADDCONTACT; +0 rows inserted/updated/deleted +ij> DROP FUNCTION EMC.GETSIGNERS; 0 rows inserted/updated/deleted ij> select e_mail, "emcAddOn".VALIDCONTACT(e_mail) from EMC.CONTACTS; E_MAIL |2 Added: db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/master/jdk15/dcl.out URL: http://svn.apache.org/viewcvs/db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/master/jdk15/dcl.out?rev=230183&view=auto ============================================================================== --- db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/master/jdk15/dcl.out (added) +++ db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/master/jdk15/dcl.out Thu Aug 4 17:30:40 2005 @@ -0,0 +1,180 @@ +ij> -- test database class loading. +create schema emc; +0 rows inserted/updated/deleted +ij> set schema emc; +0 rows inserted/updated/deleted +ij> create table contacts (id int primary key, e_mail varchar(30)); +0 rows inserted/updated/deleted +ij> create procedure EMC.ADDCONTACT(id INT, e_mail VARCHAR(30)) +MODIFIES SQL DATA +external name 'org.apache.derbyTesting.databaseclassloader.emc.addContact' +language java parameter style java; +0 rows inserted/updated/deleted +ij> -- fails because no class in classpath, +CALL EMC.ADDCONTACT(1, 'bill@somecompany.com'); +ERROR 42X51: The class 'org.apache.derbyTesting.databaseclassloader.emc' does not exist or is inaccessible. This can happen if the class is not public. +ERROR XJ001: Java exception: 'org.apache.derbyTesting.databaseclassloader.emc: java.lang.ClassNotFoundException'. +ij> -- install the jar, copied there by the magic of supportfiles +-- in the test harness (dcl_app.properties). The source for +-- the class is contained within the jar for reference. +CALL SQLJ.INSTALL_JAR('file:dcl_emc1.jar', 'EMC.MAIL_APP', 0); +0 rows inserted/updated/deleted +ij> -- fails because no class not in classpath, jar file not in database classpath. +CALL EMC.ADDCONTACT(1, 'bill@somecompany.com'); +ERROR 42X51: The class 'org.apache.derbyTesting.databaseclassloader.emc' does not exist or is inaccessible. This can happen if the class is not public. +ERROR XJ001: Java exception: 'org.apache.derbyTesting.databaseclassloader.emc: java.lang.ClassNotFoundException'. +ij> -- now add this into the database class path +call SYSCS_UTIL.SYSCS_SET_DATABASE_PROPERTY('derby.database.classpath', 'EMC.MAIL_APP'); +0 rows inserted/updated/deleted +ij> -- all should work now +CALL EMC.ADDCONTACT(1, 'bill@ruletheworld.com'); +0 rows inserted/updated/deleted +ij> CALL EMC.ADDCONTACT(2, 'penguin@antartic.com'); +0 rows inserted/updated/deleted +ij> SELECT id, e_mail from EMC.CONTACTS; +ID |E_MAIL +------------------------------------------ +1 |bill@ruletheworld.com +2 |penguin@antartic.com +ij> -- now the application needs to track if e-mails are valid +ALTER TABLE EMC.CONTACTS ADD COLUMN OK SMALLINT; +0 rows inserted/updated/deleted +ij> SELECT id, e_mail, ok from EMC.CONTACTS; +ID |E_MAIL |OK +------------------------------------------------- +1 |bill@ruletheworld.com |NULL +2 |penguin@antartic.com |NULL +ij> -- well written application, INSERT used explicit column names +-- ok defaults to NULL +CALL EMC.ADDCONTACT(3, 'big@blue.com'); +0 rows inserted/updated/deleted +ij> SELECT id, e_mail, ok from EMC.CONTACTS; +ID |E_MAIL |OK +------------------------------------------------- +1 |bill@ruletheworld.com |NULL +2 |penguin@antartic.com |NULL +3 |big@blue.com |NULL +ij> -- now change the application to run checks on the e-mail +-- address to ensure it is valid (in this case by seeing if +-- simply includes 'spam' in the title. +CALL SQLJ.REPLACE_JAR('file:dcl_emc2.jar', 'EMC.MAIL_APP'); +0 rows inserted/updated/deleted +ij> CALL EMC.ADDCONTACT(4, 'spammer@ripoff.com'); +0 rows inserted/updated/deleted +ij> CALL EMC.ADDCONTACT(5, 'open@source.org'); +0 rows inserted/updated/deleted +ij> SELECT id, e_mail, ok from EMC.CONTACTS; +ID |E_MAIL |OK +------------------------------------------------- +1 |bill@ruletheworld.com |NULL +2 |penguin@antartic.com |NULL +3 |big@blue.com |NULL +4 |spammer@ripoff.com |0 +5 |open@source.org |1 +ij> -- now add another jar in to test two jars and +-- a quoted identifer for the jar names. +create schema "emcAddOn"; +0 rows inserted/updated/deleted +ij> set schema emcAddOn; +ERROR 42Y07: Schema 'EMCADDON' does not exist +ij> set schema "emcAddOn"; +0 rows inserted/updated/deleted +ij> create function "emcAddOn".VALIDCONTACT(e_mail VARCHAR(30)) +RETURNS SMALLINT +READS SQL DATA +external name 'org.apache.derbyTesting.databaseclassloader.addon.vendor.util.valid' +language java parameter style java; +0 rows inserted/updated/deleted +ij> CALL SQLJ.INSTALL_JAR('file:dcl_emcaddon.jar', '"emcAddOn"."MailAddOn"', 0); +0 rows inserted/updated/deleted +ij> call SYSCS_UTIL.SYSCS_SET_DATABASE_PROPERTY('derby.database.classpath', 'EMC.MAIL_APP:"emcAddOn"."MailAddOn"'); +0 rows inserted/updated/deleted +ij> select e_mail, "emcAddOn".VALIDCONTACT(e_mail) from EMC.CONTACTS; +E_MAIL |2 +------------------------------------- +bill@ruletheworld.com |0 +penguin@antartic.com |0 +big@blue.com |0 +spammer@ripoff.com |0 +open@source.org |1 +ij> -- function that gets the signers of the class (loaded from the jar) +create function EMC.GETSIGNERS(CLASS_NAME VARCHAR(256)) +RETURNS VARCHAR(60) +NO SQL +external name 'org.apache.derbyTesting.databaseclassloader.emc.getSigners' +language java parameter style java; +0 rows inserted/updated/deleted +ij> -- at this point the jar is not signed, NULL expected +VALUES EMC.GETSIGNERS('org.apache.derbyTesting.databaseclassloader.emc'); +1 +-------------------------------------------------------------------------------------------------------------------------------- +NULL +ij> -- Replace with a signed jar +-- (self signed certificate) +-- +-- Commands used to sign jar +-- keytool -genkey -dname "cn=EMC CTO, ou=EMC APP, o=Easy Mail Company, c=US" -alias emccto -keypass kpi135 -keystore emcks -storepass ab987c +-- keytool -selfcert -alias emccto -keypass kpi135 -keystore emcks -storepass ab987c +-- jarsigner -keystore emcks -storepass ab987c -keypass kpi135 -signedjar dcl_emc2s.jar dcl_emc2.jar emccto +-- +-- +CALL SQLJ.REPLACE_JAR('file:dcl_emc2s.jar', 'EMC.MAIL_APP'); +0 rows inserted/updated/deleted +ij> VALUES EMC.GETSIGNERS('org.apache.derbyTesting.databaseclassloader.emc'); +1 +-------------------------------------------------------------------------------------------------------------------------------- +CN=EMC CTO, OU=EMC APP, O=Easy Mail Company, C=US +ij> -- other jar should not be signed +VALUES EMC.GETSIGNERS('org.apache.derbyTesting.databaseclassloader.addon.vendor.util'); +1 +-------------------------------------------------------------------------------------------------------------------------------- +NULL +ij> -- replace with a hacked jar file, emc.class modified to diable +-- valid e-mail address check but using same signatures. +-- ie direct replacement of the .class file. +CALL SQLJ.REPLACE_JAR('file:dcl_emc2sm.jar', 'EMC.MAIL_APP'); +0 rows inserted/updated/deleted +ij> CALL EMC.ADDCONTACT(99, 'spamking@cracker.org'); +ERROR 42X51: The class 'org.apache.derbyTesting.databaseclassloader.emc' does not exist or is inaccessible. This can happen if the class is not public. +ERROR XJ001: Java exception: 'org.apache.derbyTesting.databaseclassloader.emc : Security exception thrown accessing class org.apache.derbyTesting.databaseclassloader.emc in jar "EMC"."MAIL_APP" : SHA1 digest error for org/apache/derbyTesting/databaseclassloader/emc.class: java.lang.ClassNotFoundException'. +ij> -- replace with a hacked jar file, emc.class modified to +-- be an invalid jar file (no signing on this jar). +CALL SQLJ.REPLACE_JAR('file:dcl_emc2l.jar', 'EMC.MAIL_APP'); +0 rows inserted/updated/deleted +ij> CALL EMC.ADDCONTACT(999, 'spamking2@cracker.org'); +ERROR 42X51: The class 'org.apache.derbyTesting.databaseclassloader.emc' does not exist or is inaccessible. This can happen if the class is not public. +ERROR XJ001: Java exception: 'org.apache.derbyTesting.databaseclassloader.emc : Bad version number in .class file: java.lang.ClassNotFoundException'. +ij> -- cleanup +CALL SQLJ.REMOVE_JAR('EMC.MAIL_APP', 0); +ERROR X0X07: Cannot drop jar file '"EMC"."MAIL_APP"' because its on your db2j.database.classpath '"EMC"."MAIL_APP"'. +ij> call SYSCS_UTIL.SYSCS_SET_DATABASE_PROPERTY('derby.database.classpath', '"emcAddOn"."MailAddOn"'); +0 rows inserted/updated/deleted +ij> CALL EMC.ADDCONTACT(99, 'cash@venture.com'); +ERROR 42X51: The class 'org.apache.derbyTesting.databaseclassloader.emc' does not exist or is inaccessible. This can happen if the class is not public. +ERROR XJ001: Java exception: 'org.apache.derbyTesting.databaseclassloader.emc: java.lang.ClassNotFoundException'. +ij> CALL SQLJ.REMOVE_JAR('EMC.MAIL_APP', 0); +0 rows inserted/updated/deleted +ij> DROP PROCEDURE EMC.ADDCONTACT; +0 rows inserted/updated/deleted +ij> DROP FUNCTION EMC.GETSIGNERS; +0 rows inserted/updated/deleted +ij> select e_mail, "emcAddOn".VALIDCONTACT(e_mail) from EMC.CONTACTS; +E_MAIL |2 +------------------------------------- +bill@ruletheworld.com |0 +penguin@antartic.com |0 +big@blue.com |0 +spammer@ripoff.com |0 +open@source.org |1 +ij> call SYSCS_UTIL.SYSCS_SET_DATABASE_PROPERTY('derby.database.classpath', ''); +0 rows inserted/updated/deleted +ij> select e_mail, "emcAddOn".VALIDCONTACT(e_mail) from EMC.CONTACTS; +ERROR 42X51: The class 'org.apache.derbyTesting.databaseclassloader.addon.vendor.util' does not exist or is inaccessible. This can happen if the class is not public. +ERROR XJ001: Java exception: 'org.apache.derbyTesting.databaseclassloader.addon.vendor.util: java.lang.ClassNotFoundException'. +ij> CALL SQLJ.REMOVE_JAR('"emcAddOn"."MailAddOn"', 0); +0 rows inserted/updated/deleted +ij> DROP FUNCTION "emcAddOn".VALIDCONTACT; +0 rows inserted/updated/deleted +ij> DROP TABLE EMC.CONTACTS; +0 rows inserted/updated/deleted +ij> Propchange: db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/master/jdk15/dcl.out ------------------------------------------------------------------------------ svn:eol-style = native Modified: db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/lang/copyfiles.ant URL: http://svn.apache.org/viewcvs/db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/lang/copyfiles.ant?rev=230183&r1=230182&r2=230183&view=diff ============================================================================== --- db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/lang/copyfiles.ant (original) +++ db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/lang/copyfiles.ant Thu Aug 4 17:30:40 2005 @@ -53,6 +53,9 @@ dcl_app.properties dcl_emc1.jar dcl_emc2.jar +dcl_emc2l.jar +dcl_emc2s.jar +dcl_emc2sm.jar dcl_emcaddon.jar ddlTableLockMode.sql ddlTableLockMode_app.properties Modified: db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/lang/dcl.sql URL: http://svn.apache.org/viewcvs/db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/lang/dcl.sql?rev=230183&r1=230182&r2=230183&view=diff ============================================================================== --- db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/lang/dcl.sql (original) +++ db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/lang/dcl.sql Thu Aug 4 17:30:40 2005 @@ -67,6 +67,43 @@ select e_mail, "emcAddOn".VALIDCONTACT(e_mail) from EMC.CONTACTS; +-- function that gets the signers of the class (loaded from the jar) +create function EMC.GETSIGNERS(CLASS_NAME VARCHAR(256)) +RETURNS VARCHAR(60) +NO SQL +external name 'org.apache.derbyTesting.databaseclassloader.emc.getSigners' +language java parameter style java; + +-- at this point the jar is not signed, NULL expected +VALUES EMC.GETSIGNERS('org.apache.derbyTesting.databaseclassloader.emc'); + +-- Replace with a signed jar +-- (self signed certificate) +-- +-- Commands used to sign jar +-- keytool -genkey -dname "cn=EMC CTO, ou=EMC APP, o=Easy Mail Company, c=US" -alias emccto -keypass kpi135 -keystore emcks -storepass ab987c +-- keytool -selfcert -alias emccto -keypass kpi135 -keystore emcks -storepass ab987c +-- jarsigner -keystore emcks -storepass ab987c -keypass kpi135 -signedjar dcl_emc2s.jar dcl_emc2.jar emccto +-- +-- + +CALL SQLJ.REPLACE_JAR('file:dcl_emc2s.jar', 'EMC.MAIL_APP'); +VALUES EMC.GETSIGNERS('org.apache.derbyTesting.databaseclassloader.emc'); + +-- other jar should not be signed +VALUES EMC.GETSIGNERS('org.apache.derbyTesting.databaseclassloader.addon.vendor.util'); + +-- replace with a hacked jar file, emc.class modified to diable +-- valid e-mail address check but using same signatures. +-- ie direct replacement of the .class file. +CALL SQLJ.REPLACE_JAR('file:dcl_emc2sm.jar', 'EMC.MAIL_APP'); +CALL EMC.ADDCONTACT(99, 'spamking@cracker.org'); + +-- replace with a hacked jar file, emc.class modified to +-- be an invalid jar file (no signing on this jar). +CALL SQLJ.REPLACE_JAR('file:dcl_emc2l.jar', 'EMC.MAIL_APP'); +CALL EMC.ADDCONTACT(999, 'spamking2@cracker.org'); + -- cleanup CALL SQLJ.REMOVE_JAR('EMC.MAIL_APP', 0); @@ -74,6 +111,7 @@ CALL EMC.ADDCONTACT(99, 'cash@venture.com'); CALL SQLJ.REMOVE_JAR('EMC.MAIL_APP', 0); DROP PROCEDURE EMC.ADDCONTACT; +DROP FUNCTION EMC.GETSIGNERS; select e_mail, "emcAddOn".VALIDCONTACT(e_mail) from EMC.CONTACTS; call SYSCS_UTIL.SYSCS_SET_DATABASE_PROPERTY('derby.database.classpath', ''); Modified: db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/lang/dcl_app.properties URL: http://svn.apache.org/viewcvs/db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/lang/dcl_app.properties?rev=230183&r1=230182&r2=230183&view=diff ============================================================================== --- db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/lang/dcl_app.properties (original) +++ db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/lang/dcl_app.properties Thu Aug 4 17:30:40 2005 @@ -1,4 +1,4 @@ usedefaults=true -supportfiles=tests/lang/dcl_emc1.jar,tests/lang/dcl_emc2.jar,tests/lang/dcl_emcaddon.jar +supportfiles=tests/lang/dcl_emc1.jar,tests/lang/dcl_emc2.jar,tests/lang/dcl_emcaddon.jar,tests/lang/dcl_emc2s.jar,tests/lang/dcl_emc2sm.jar,tests/lang/dcl_emc2l.jar #Exclude for J2ME/Foundation - test requires java.sql.DriverManager for server side JDBC runwithfoundation=false Modified: db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/lang/dcl_emc2.jar URL: http://svn.apache.org/viewcvs/db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/lang/dcl_emc2.jar?rev=230183&r1=230182&r2=230183&view=diff ============================================================================== Binary files - no diff available. Added: db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/lang/dcl_emc2l.jar URL: http://svn.apache.org/viewcvs/db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/lang/dcl_emc2l.jar?rev=230183&view=auto ============================================================================== Binary file - no diff available. Propchange: db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/lang/dcl_emc2l.jar ------------------------------------------------------------------------------ svn:mime-type = application/octet-stream Added: db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/lang/dcl_emc2s.jar URL: http://svn.apache.org/viewcvs/db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/lang/dcl_emc2s.jar?rev=230183&view=auto ============================================================================== Binary file - no diff available. Propchange: db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/lang/dcl_emc2s.jar ------------------------------------------------------------------------------ svn:mime-type = application/octet-stream Added: db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/lang/dcl_emc2sm.jar URL: http://svn.apache.org/viewcvs/db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/lang/dcl_emc2sm.jar?rev=230183&view=auto ============================================================================== Binary file - no diff available. Propchange: db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/lang/dcl_emc2sm.jar ------------------------------------------------------------------------------ svn:mime-type = application/octet-stream