Re: how to enable felix verify the contents of a signed bundle

2016-08-16 Thread Karl Pauls 
Hi Siddharth,

I'm not sure what is going on exactly but I'm guessing you signed the
bundle with a certificate that felix doesn't know about (i.e., its not
trusted). Could you try to import your root certificate into a keystore as
a trusted certificate and point felix to that keystore like this:

-Dfelix.keystore=file:certificates.ks -Dfelix.keystore.pass=foobar
-Dfelix.keystore.type=jks

and see if that makes a difference? If it doesn't help, could you maybe
share a failing set-up with me?

regards,

Karl

On Tue, Aug 16, 2016 at 1:31 PM, sid19039  wrote:
>
> Hello ,
>
> Could someone please tell how can i use this felix framework security
> bundle(mentioned in above posts) for signature verification?
> Do i need to declare any package provided by this security bundle into
> import-package manifest header of my bundle to enable it?
> From now onward, i am not able to find any direction where to proceed.
> Please someone tell how i can proceed further.
>
> Thanks
> Siddharth
>
>
>
> --
> View this message in context:
http://apache-felix.18485.x6.nabble.com/how-to-enable-felix-verify-the-contents-of-a-signed-bundle-tp5018089p5018116.html
> Sent from the Apache Felix - Users mailing list archive at Nabble.com.
>
> -
> To unsubscribe, e-mail: users-unsubscr...@felix.apache.org
> For additional commands, e-mail: users-h...@felix.apache.org
>



--
Karl Pauls
karlpa...@gmail.com
http://twitter.com/karlpauls
http://www.linkedin.com/in/karlpauls
https://profiles.google.com/karlpauls

Re: how to enable felix verify the contents of a signed bundle

2016-08-16 Thread Robert Onslow 
Sid

You need to tell the framework something about what to expect from the
signed bundles.

To do this, pick up the ConditionalPermssionAdmin service and register
a new ConditionalPermissionInfo.

Something like this in an Activator


ServiceReference ref =
context.getServiceReference(ConditionalPermissionAdmin.class);
ConditionalPermissionAdmin admin = context.getService(ref);
ConditionalPermissionUpdate update = admin.newConditionalPermissionUpdate();
List infos = update.getConditionalPermissionInfos();
// infos.clear();
infos.add(admin.newConditionalPermissionInfo(
"Signed Bundles",
new ConditionInfo[]
{
   new
ConditionInfo(BundleSignerCondition.class.getName(), new String[]
   {

  "CN=CommonName, O=OrgName, STREET=Top Street, ,
L=Newtown, ST=Kansas, OID.2.5.4.17=ZipCode, C=GB ; -"
   })
},
new PermissionInfo[]
{
   new PermissionInfo(AllPermission.class.getName(), "*", "*"),
},
ConditionalPermissionInfo.ALLOW));



update.commit();


Robert

On Sat, Aug 13, 2016 at 6:32 PM, sid19039  wrote:
> Hi Karl,
>
> for the test case, i myself corrupt the jar file. Following are the steps
> which I performed:
> - I simply extracted the content of valid signed .jar file then opened a
> .class file(extracted from the jar) in notepad++ and
>   corrupted the file, simply by removing some data and adding some garbage
> data and saved the file.
> - And then created a new jar again with name my_tempered.jar.
>
> To verify that the file is corrupt, i tested it with jarsigner tool as
> following:
> *jarsigner -verify my_tempered.jar*
> It then threw "jarsigner: java.lang.SecurityException: invalid SHA1
> signature file digest" for the corrupted .class file.
> I was expecting such a similar error when trying to install this .jar bundle
> file on felix but no error/exception was thrown.
>
> I don't know exactly how to enable that framework security bundle to verify
> a signed bundle  or do i need to install some thing else also in addition to
> that bundle  ? please give your some view points.
>
> Thanks
> sid
>
>
>
>
> --
> View this message in context: 
> http://apache-felix.18485.x6.nabble.com/how-to-enable-felix-verify-the-contents-of-a-signed-bundle-tp5018089p5018093.html
> Sent from the Apache Felix - Users mailing list archive at Nabble.com.
>
> -
> To unsubscribe, e-mail: users-unsubscr...@felix.apache.org
> For additional commands, e-mail: users-h...@felix.apache.org
>

-
To unsubscribe, e-mail: users-unsubscr...@felix.apache.org
For additional commands, e-mail: users-h...@felix.apache.org

Re: how to enable felix verify the contents of a signed bundle

2016-08-16 Thread sid19039 
Hello ,

Could someone please tell how can i use this felix framework security
bundle(mentioned in above posts) for signature verification?
Do i need to declare any package provided by this security bundle into
import-package manifest header of my bundle to enable it?
>From now onward, i am not able to find any direction where to proceed.
Please someone tell how i can proceed further.

Thanks
Siddharth



--
View this message in context: 
http://apache-felix.18485.x6.nabble.com/how-to-enable-felix-verify-the-contents-of-a-signed-bundle-tp5018089p5018116.html
Sent from the Apache Felix - Users mailing list archive at Nabble.com.

-
To unsubscribe, e-mail: users-unsubscr...@felix.apache.org
For additional commands, e-mail: users-h...@felix.apache.org