Hello, I am trying to use the signed content functionality in equinox to verify all bundles at load time. After patching Eclipse 3.4 org.eclipse.osgi system bundle to include the patch (https://bugs.eclipse.org/bugs/show_bug.cgi?id=252098) I am able to this out of the box using the following properties: -Dosgi.signedcontent.support=all -Dosgi.clean=true -Dosgi.signedcontent.authorization.engine.policy=validity -Dosgi.framework.keystore=file:/C:/myData/myKeystore with a local keystore. All jars are signed in the exported product plugin directory, so eclipse jars are signed (at least) twice, and my custom ones once. This seems to work fine now (I did a couple of tests replacing signed jars with unsigned ones etc...).
My aim is to use a custom trust engine to be able to verify certificate trust independent of a local keystore. This is not working. Trying to track down why, I am using a copy of KeyStoreTrustEngine named CECKeyStoreTrustEngine. This Class is registered via a custom Adaptor Hook as an osgi service. I have confirmed that the service is registered and started via sysout and use the following properties to activate it: -Dosgi.signedcontent.trust.engine=CECKeyStoreTrustEngine -Dosgi.framework.extensions=cec.bundleverifier (the custom hook package) Using this setup the application generates an exception: org.osgi.framework.BundleException: The bundle could not be resolved. Reason: The bundle is disabled: "org.eclipse.equinox.security:null" When I remove the Property 'osgi.signedcontent.trust.engine' all TrustEngines are called and the verification works again. My Question is: Why does the KeyStoreTrustEngine registerd from the SignedBundleHook work, but the same copy from my own hook fails ? Thanks David Luebbren _______________________________________________ equinox-dev mailing list [email protected] https://dev.eclipse.org/mailman/listinfo/equinox-dev
