The verfication is done in the security provider (only happens if installed).
regards, Karl On Thu, Mar 22, 2012 at 1:24 PM, Guillaume Nodet <[email protected]> wrote: > I'm trying to understand how Felix verify the classes signatures but I > don't see anything around that. > It seems to me that in a non OSGi environment, the classes will be verified > by the class loader when loaded from a jar mainly because the > java.util.jar.JarFile does the signature verification when loading an entry > (i.e. a class) from the jar file. However, Felix does not use the JarFile > class and uses a custom ZipFile instead. > So it looks like the whole signed jars mechanism does not really work. > Am I right, or do I miss something here ? > > -- > ------------------------ > Guillaume Nodet > ------------------------ > Blog: http://gnodet.blogspot.com/ > ------------------------ > FuseSource, Integration everywhere > http://fusesource.com -- Karl Pauls [email protected] http://twitter.com/karlpauls http://www.linkedin.com/in/karlpauls https://profiles.google.com/karlpauls
