Sid You need to tell the framework something about what to expect from the signed bundles.
To do this, pick up the ConditionalPermssionAdmin service and register a new ConditionalPermissionInfo. Something like this in an Activator ServiceReference<ConditionalPermissionAdmin> ref = context.getServiceReference(ConditionalPermissionAdmin.class); ConditionalPermissionAdmin admin = context.getService(ref); ConditionalPermissionUpdate update = admin.newConditionalPermissionUpdate(); List<ConditionalPermissionInfo> infos = update.getConditionalPermissionInfos(); // infos.clear(); infos.add(admin.newConditionalPermissionInfo( "Signed Bundles", new ConditionInfo[] { new ConditionInfo(BundleSignerCondition.class.getName(), new String[] { "CN=CommonName, O=OrgName, STREET=Top Street, , L=Newtown, ST=Kansas, OID.2.5.4.17=ZipCode, C=GB ; -" }) }, new PermissionInfo[] { new PermissionInfo(AllPermission.class.getName(), "*", "*"), }, ConditionalPermissionInfo.ALLOW)); update.commit(); Robert On Sat, Aug 13, 2016 at 6:32 PM, sid19039 <sid19...@gmail.com> wrote: > Hi Karl, > > for the test case, i myself corrupt the jar file. Following are the steps > which I performed: > - I simply extracted the content of valid signed .jar file then opened a > .class file(extracted from the jar) in notepad++ and > corrupted the file, simply by removing some data and adding some garbage > data and saved the file. > - And then created a new jar again with name my_tempered.jar. > > To verify that the file is corrupt, i tested it with jarsigner tool as > following: > *jarsigner -verify my_tempered.jar* > It then threw "jarsigner: java.lang.SecurityException: invalid SHA1 > signature file digest" for the corrupted .class file. > I was expecting such a similar error when trying to install this .jar bundle > file on felix but no error/exception was thrown. > > I don't know exactly how to enable that framework security bundle to verify > a signed bundle or do i need to install some thing else also in addition to > that bundle ? please give your some view points. > > Thanks > sid > > > > > -- > View this message in context: > http://apache-felix.18485.x6.nabble.com/how-to-enable-felix-verify-the-contents-of-a-signed-bundle-tp5018089p5018093.html > Sent from the Apache Felix - Users mailing list archive at Nabble.com. > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@felix.apache.org > For additional commands, e-mail: users-h...@felix.apache.org > --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@felix.apache.org For additional commands, e-mail: users-h...@felix.apache.org