Thank you very much for your reply.
I am signing my bundle with a keystore that I have created, and which
contains my school (organization field): ENIT.
I tried with *, o=ENIT before and it doesn't work either.
here is the output of jarsigner command:
*jarsigner -keystore /home/mycompany/myKeystore.ks -verify -verbose -certs
registerservice-1.0.jar
1386 Thu Mar 26 14:58:40 CET 2009 META-INF/MANIFEST.MF
880 Thu Mar 26 14:58:40 CET 2009 META-INF/OMARMAHM.SF
1035 Thu Mar 26 14:58:40 CET 2009 META-INF/OMARMAHM.DSA
0 Thu Mar 26 11:50:42 CET 2009 META-INF/
0 Thu Mar 26 11:50:42 CET 2009 META-INF/maven/
0 Thu Mar 26 11:50:42 CET 2009
META-INF/maven/com.mycompany.osgisecuritytuto/
0 Thu Mar 26 11:50:42 CET 2009 META-INF/maven/com.**mycompany**
.osgisecuritytuto/registerservice/
smk 148 Thu Mar 26 11:50:42 CET 2009 META-INF/maven/com.**mycompany**
.osgisecuritytuto/registerservice/pom.properties
X.509, CN=Omar MAHMOUD, OU=TIC, O=ENIT, L=Beni Khalled, ST=Nabeul,
C=TN (omarmahmoud)
[certificate will expire on 24/06/09 13:10]
smk 1804 Wed Feb 25 11:37:58 CET 2009 META-INF/maven/com.**mycompany**
.osgisecuritytuto/registerservice/pom.xml
X.509, CN=Omar MAHMOUD, OU=TIC, O=ENIT, L=Beni Khalled, ST=Nabeul,
C=TN (omarmahmoud)
[certificate will expire on 24/06/09 13:10]
0 Thu Mar 26 11:50:42 CET 2009 com/
0 Thu Mar 26 11:50:42 CET 2009 com/**mycompany**/
0 Thu Mar 26 11:50:42 CET 2009 com/**mycompany**
/osgisecuritytuto/
0 Thu Mar 26 11:50:42 CET 2009 com/**mycompany**
/osgisecuritytuto/registerservice/
0 Thu Mar 26 11:50:42 CET 2009 com/**mycompany**
/osgisecuritytuto/registerservice/iservice/
smk 243 Thu Mar 26 11:50:40 CET 2009 com/**mycompany**
/osgisecuritytuto/registerservice/iservice/GSMService.class
X.509, CN=Omar MAHMOUD, OU=TIC, O=ENIT, L=Beni Khalled, ST=Nabeul,
C=TN (omarmahmoud)
[certificate will expire on 24/06/09 13:10]
0 Thu Mar 26 11:50:42 CET 2009 com/**mycompany**
/osgisecuritytuto/registerservice/service/
smk 2307 Thu Mar 26 11:50:40 CET 2009 com/**mycompany**
/osgisecuritytuto/registerservice/service/Activator.class
X.509, CN=Omar MAHMOUD, OU=TIC, O=ENIT, L=Beni Khalled, ST=Nabeul,
C=TN (omarmahmoud)
[certificate will expire on 24/06/09 13:10]
smk 677 Thu Mar 26 11:50:40 CET 2009 com/**mycompany**
/osgisecuritytuto/registerservice/service/NokiaGSMImpl.class
X.509, CN=Omar MAHMOUD, OU=TIC, O=ENIT, L=Beni Khalled, ST=Nabeul,
C=TN (omarmahmoud)
[certificate will expire on 24/06/09 13:10]
0 Thu Mar 26 11:50:42 CET 2009 util/
smk 1617 Thu Mar 26 11:50:40 CET 2009 util/Util.class
X.509, CN=Omar MAHMOUD, OU=TIC, O=ENIT, L=Beni Khalled, ST=Nabeul,
C=TN (omarmahmoud)
[certificate will expire on 24/06/09 13:10]
s = signature was verified
m = entry is listed in manifest
k = at least one certificate was found in keystore
i = at least one certificate was found in identity scope
jar verified.
Warning:
This jar contains entries whose signer certificate will expire within six
months. *
is there something wrong with the signature?
Thank you very much for your help.
Best regards.
Omar MAHMOUD
2009/3/26 Karl Pauls <[email protected]>
> Can you explain what kind of certificate (chain) you are trying to
> match? The given filter:
>
> *; o=ENIT
>
> would match bundles that have been signed by any certificate that has
> been signed by a CA that has a CN that _starts_ with o=ENIT. Not
> impossible but maybe not what you wanted? In case what you wanted to
> say is "if it is signed by a certificate that has o=ENIT in its CN
> then it should be:
>
> *, o=ENIT
>
> and if you want any certificate that has a CA that has o=ENIT
> somewhere in its CN then you should use:
>
> *;*,o=ENIT
>
> Again, please give some more information about your certificates.
>
> regards,
>
> Karl
>
> On Thu, Mar 26, 2009 at 6:17 PM, Omar MAHMOUD <[email protected]>
> wrote:
> > Hi All!!
> >
> > I'm working with OSGi security API under Felix.
> > I wanted to test 4 bundles:
> >
> > 1-a bundles that manages the permissions.
> > 2-RegisterService: a bundle that registers a service S.
> > 3-GoodBundle: a signed bundle that consumes S.
> > 4-MaliciousBundle: an unsigned bundles that attempts to consume S.
> >
> > I run Felix with run_felix.sh = *{java
> > -Dfelix.config.properties=file:lib/felix/conf/config.properties
> > -Dfelix.cache.profiledir=lib/felix/profile -Djava.security.manager
> > -Djava.security.policy=lib/all.policy
> -Dfelix.keystore=file:/home/me/myKS.ks
> > -Dfelix.keystore.pass=mypass -Dfelix.keystore.type=JKS -jar
> > lib/felix/felix.jar}*
> >
> > The problem is that my 'GoodBundle' cannot get the service!
> >
> > It worked well when I substitued:
> >
> > *{m_signed = condPermAdmin.addConditionalPermissionInfo(new
> ConditionInfo[]{
> > new ConditionInfo(BundleSignerCondition.class.getName(),
> new
> > String[]{"* ; o=ENIT"})
> > }, ALLPERMISSION_INFO);
> > } *
> >
> > by
> > *{m_signed = condPermAdmin.addConditionalPermissionInfo(new
> ConditionInfo[]{
> > new ConditionInfo(BundleLocationCondition.class.getName(),
> > new String[]{context.getBundle(7).getLocation()})
> > }, ALLPERMISSION_INFO);
> > }* (GoodBundle has id=7)
> >
> >
> > So I doubted that there is something wrong with Jarsigneing, but the
> command
> > :
> >
> > *{jarsigner -keystore /home/me/myKS.ks GoodBundle-1.0.jar myAlias}*
> >
> > returns tells me that there is nothing wrong with the signature and all
> the
> > fields appear as they are supposed to be.
> >
> > What might be the problem?
> >
> > Thank you very much in advance.
> >
>
>
>
> --
> Karl Pauls
> [email protected]
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [email protected]
> For additional commands, e-mail: [email protected]
>
>
