Can you explain what kind of certificate (chain) you are trying to match? The given filter:
*; o=ENIT would match bundles that have been signed by any certificate that has been signed by a CA that has a CN that _starts_ with o=ENIT. Not impossible but maybe not what you wanted? In case what you wanted to say is "if it is signed by a certificate that has o=ENIT in its CN then it should be: *, o=ENIT and if you want any certificate that has a CA that has o=ENIT somewhere in its CN then you should use: *;*,o=ENIT Again, please give some more information about your certificates. regards, Karl On Thu, Mar 26, 2009 at 6:17 PM, Omar MAHMOUD <[email protected]> wrote: > Hi All!! > > I'm working with OSGi security API under Felix. > I wanted to test 4 bundles: > > 1-a bundles that manages the permissions. > 2-RegisterService: a bundle that registers a service S. > 3-GoodBundle: a signed bundle that consumes S. > 4-MaliciousBundle: an unsigned bundles that attempts to consume S. > > I run Felix with run_felix.sh = *{java > -Dfelix.config.properties=file:lib/felix/conf/config.properties > -Dfelix.cache.profiledir=lib/felix/profile -Djava.security.manager > -Djava.security.policy=lib/all.policy -Dfelix.keystore=file:/home/me/myKS.ks > -Dfelix.keystore.pass=mypass -Dfelix.keystore.type=JKS -jar > lib/felix/felix.jar}* > > The problem is that my 'GoodBundle' cannot get the service! > > It worked well when I substitued: > > *{m_signed = condPermAdmin.addConditionalPermissionInfo(new ConditionInfo[]{ > new ConditionInfo(BundleSignerCondition.class.getName(), new > String[]{"* ; o=ENIT"}) > }, ALLPERMISSION_INFO); > } * > > by > *{m_signed = condPermAdmin.addConditionalPermissionInfo(new ConditionInfo[]{ > new ConditionInfo(BundleLocationCondition.class.getName(), > new String[]{context.getBundle(7).getLocation()}) > }, ALLPERMISSION_INFO); > }* (GoodBundle has id=7) > > > So I doubted that there is something wrong with Jarsigneing, but the command > : > > *{jarsigner -keystore /home/me/myKS.ks GoodBundle-1.0.jar myAlias}* > > returns tells me that there is nothing wrong with the signature and all the > fields appear as they are supposed to be. > > What might be the problem? > > Thank you very much in advance. > -- Karl Pauls [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
