[kaffe] repost: help w/ java.security + gnucrypto

Dalibor Topic robilad at kaffe.org
Mon Sep 6 16:12:51 PDT 2004


D greene wrote:
> Hello all (sorry for the repost):

Hi Dgreene,

thanks for the repost - if you can not manage to solve a problem that 
bothers you, reposting within a week is OK, as a reminder, in my opinion.

> I need some pointers to docs on how to use the java.security file 
> (below) with Kaffe 1.1.4:
> 
> # Security configuration file for Kaffe
> #
> # You'll need to have kaffe configured to use GNU Crypto for the GNU 
> Crypto provider
> # to be picked up.
> security.provider.1=gnu.crypto.jce.GnuCrypto
> security.provider.2=kaffe.security.provider.Kaffe

I've merged in GNU Crypto directy into kaffe's sources now, so if you 
use the CVS head, you'll have GNU Crypto right in;)

> I've had trouble finding any docs or references in mailing list on 
> configuration and usage as I need to add permission to use 
> Runtime.exec() to avoid:
> 
> java.lang.SecurityException: Invalid FileDescriptor
>  at java.io.FileOutputStream.<init> (FileOutputStream.java:184)
>  at kaffe.lang.UNIXProcess.<init> (UNIXProcess.java:114)
>  at java.lang.Runtime.execInternal (Runtime.java)
>  at java.lang.Runtime.exec (Runtime.java:86)
> 
> I'd appreciate any pointers to not only add an AllPermissions allowed 
> policy but on exactly how to "configure" the crypto provider to provide 
> a keystore for SSLServerSockets (is this possible with 1.1.4?)

  java -Djava.security.manager -Djava.security.policy=someURL SomeApp is 
what Sun's docs[1] say, but I haven't tried it myself. There is a free 
JSSE implemenetation, Jessie[2], that has also been merged into CVS, and 
*should*[3] work. I've CC:ed Casey as he should be able to tell you more 
about Jessie's status.

cheers,
dalibor topic

[1] http://java.sun.com/j2se/1.4.2/docs/guide/security/PolicyFiles.html
[2] http://www.nongnu.org/jessie/
[3] http://lists.gnu.org/archive/html/jessie-discuss/2004-07/msg00003.html




More information about the kaffe mailing list