Sid
You need to tell the framework something about what to expect from the
signed bundles.
To do this, pick up the ConditionalPermssionAdmin service and register
a new ConditionalPermissionInfo.
Something like this in an Activator
ServiceReference ref =
context.getServiceReference(ConditionalPermissionAdmin.class);
ConditionalPermissionAdmin admin = context.getService(ref);
ConditionalPermissionUpdate update = admin.newConditionalPermissionUpdate();
List infos = update.getConditionalPermissionInfos();
// infos.clear();
infos.add(admin.newConditionalPermissionInfo(
"Signed Bundles",
new ConditionInfo[]
{
new
ConditionInfo(BundleSignerCondition.class.getName(), new String[]
{
"CN=CommonName, O=OrgName, STREET=Top Street, ,
L=Newtown, ST=Kansas, OID.2.5.4.17=ZipCode, C=GB ; -"
})
},
new PermissionInfo[]
{
new PermissionInfo(AllPermission.class.getName(), "*", "*"),
},
ConditionalPermissionInfo.ALLOW));
update.commit();
Robert
On Sat, Aug 13, 2016 at 6:32 PM, sid19039 wrote:
> Hi Karl,
>
> for the test case, i myself corrupt the jar file. Following are the steps
> which I performed:
> - I simply extracted the content of valid signed .jar file then opened a
> .class file(extracted from the jar) in notepad++ and
> corrupted the file, simply by removing some data and adding some garbage
> data and saved the file.
> - And then created a new jar again with name my_tempered.jar.
>
> To verify that the file is corrupt, i tested it with jarsigner tool as
> following:
> *jarsigner -verify my_tempered.jar*
> It then threw "jarsigner: java.lang.SecurityException: invalid SHA1
> signature file digest" for the corrupted .class file.
> I was expecting such a similar error when trying to install this .jar bundle
> file on felix but no error/exception was thrown.
>
> I don't know exactly how to enable that framework security bundle to verify
> a signed bundle or do i need to install some thing else also in addition to
> that bundle ? please give your some view points.
>
> Thanks
> sid
>
>
>
>
> --
> View this message in context:
> http://apache-felix.18485.x6.nabble.com/how-to-enable-felix-verify-the-contents-of-a-signed-bundle-tp5018089p5018093.html
> Sent from the Apache Felix - Users mailing list archive at Nabble.com.
>
> -
> To unsubscribe, e-mail: users-unsubscr...@felix.apache.org
> For additional commands, e-mail: users-h...@felix.apache.org
>
-
To unsubscribe, e-mail: users-unsubscr...@felix.apache.org
For additional commands, e-mail: users-h...@felix.apache.org