Bug ID: JDK-5108353 The equivalent API function of Command line option -DtrustProxy is not working

Type: Bug
Component: security-libs
Sub-Component: javax.net.ssl
Affected Version: 5.0

Priority: P4
Status: Resolved
Resolution: Not an Issue
OS: solaris_9
CPU: sparc

Submitted: 2004-09-28
Updated: 2017-04-13
Resolved: 2017-04-13

The networking property trustProxy can be set using command line option -DtrustProxy=true or programmatic using  System.setProperty("trustProxy", "true");

The command line option is working properly, but the programmatic way is not.

The test program can be found here:

http://sqeweb/sec/ws_1.5.0_01_int/security/src/JSSE/Interop/https/TestHttpsKnownHost.java

The test is part of the sqe production test suite. It can run in stand alone mode or as part of the test suite. 

Test case testKnownHttpsSite fails if -DtrustProxy=true is not included at command line. Here is the stacktrace:

java.security.AccessControlException: access denied (java.net.SocketPermission www.verisign.com resolve)
        at java.security.AccessControlContext.checkPermission(AccessControlContext.java:264)
        at java.security.AccessController.checkPermission(AccessController.java:427)
        at java.lang.SecurityManager.checkPermission(SecurityManager.java:532)
        at java.lang.SecurityManager.checkConnect(SecurityManager.java:1031)
        at java.net.InetAddress.getAllByName0(InetAddress.java:1117)
        at java.net.InetAddress.getAllByName0(InetAddress.java:1098)
        at java.net.InetAddress.getAllByName(InetAddress.java:1061)
        at java.net.InetAddress.getByName(InetAddress.java:958)
        at sun.net.www.protocol.https.HttpsClient.<init>(HttpsClient.java:262)
        at sun.net.www.protocol.https.HttpsClient.New(HttpsClient.java:337)
        at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.getNewHttpClient(AbstractDelegateHttpsURLConnection.java:176)
        at sun.net.www.protocol.http.HttpURLConnection.plainConnect(HttpURLConnection.java:736)
        at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:162)
        at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:905)
        at sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(HttpsURLConnectionImpl.java:234)
        at java.net.URL.openStream(URL.java:1007)
        at TestHttpsKnownHost.testKnownHttpsSite(TestHttpsKnownHost.java:75)
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
        at java.lang.reflect.Method.invoke(Method.java:585)
        at junit.framework.TestCase.runTest(TestCase.java:154)
        at junit.framework.TestCase.runBare(TestCase.java:127)
        at junit.framework.TestResult$1.protect(TestResult.java:106)
        at junit.framework.TestResult.runProtected(TestResult.java:124)
        at junit.framework.TestResult.run(TestResult.java:109)
        at junit.framework.TestCase.run(TestCase.java:118)
        at junit.framework.TestSuite.runTest(TestSuite.java:208)
        at junit.framework.TestSuite.run(TestSuite.java:203)
        at junit.textui.TestRunner.doRun(TestRunner.java:116)
        at junit.textui.TestRunner.doRun(TestRunner.java:109)
        at junit.textui.TestRunner.run(TestRunner.java:72)
        at TestHttpsKnownHost.main(TestHttpsKnownHost.java:25)





###@###.### 2004-09-28

The trustProxy system property was removed in JDK-7042550. Thus, this issue no longer applies.

13-04-2017

EVALUATION The programmatic setting of trustProxy property doesn't work because inside SocketPermission class, the code for checking this particular property lives inside the static class initializer. So if the class has already been loaded, it won't check the "trustProxy" property again. This could be fixed after we properly evaluate the related bug 4975882. ###@###.### 2004-09-28

28-09-2004