Sid

You need to tell the framework something about what to expect from the
signed bundles.

To do this, pick up the ConditionalPermssionAdmin service and register
a new ConditionalPermissionInfo.

Something like this in an Activator


ServiceReference<ConditionalPermissionAdmin> ref =
context.getServiceReference(ConditionalPermissionAdmin.class);
ConditionalPermissionAdmin admin = context.getService(ref);
ConditionalPermissionUpdate update = admin.newConditionalPermissionUpdate();
List<ConditionalPermissionInfo> infos = update.getConditionalPermissionInfos();
// infos.clear();
infos.add(admin.newConditionalPermissionInfo(
                "Signed Bundles",
                new ConditionInfo[]
                {
                   new
ConditionInfo(BundleSignerCondition.class.getName(), new String[]
                           {

                      "CN=CommonName, O=OrgName, STREET=Top Street, ,
L=Newtown, ST=Kansas, OID.2.5.4.17=ZipCode, C=GB ; -"
                           })
                },
                new PermissionInfo[]
                {
                   new PermissionInfo(AllPermission.class.getName(), "*", "*"),
                },
                ConditionalPermissionInfo.ALLOW));



update.commit();


Robert

On Sat, Aug 13, 2016 at 6:32 PM, sid19039 <sid19...@gmail.com> wrote:
> Hi Karl,
>
> for the test case, i myself corrupt the jar file. Following are the steps
> which I performed:
> - I simply extracted the content of valid signed .jar file then opened a
> .class file(extracted from the jar) in notepad++ and
>   corrupted the file, simply by removing some data and adding some garbage
> data and saved the file.
> - And then created a new jar again with name my_tempered.jar.
>
> To verify that the file is corrupt, i tested it with jarsigner tool as
> following:
> *jarsigner -verify my_tempered.jar*
> It then threw "jarsigner: java.lang.SecurityException: invalid SHA1
> signature file digest" for the corrupted .class file.
> I was expecting such a similar error when trying to install this .jar bundle
> file on felix but no error/exception was thrown.
>
> I don't know exactly how to enable that framework security bundle to verify
> a signed bundle  or do i need to install some thing else also in addition to
> that bundle  ? please give your some view points.
>
> Thanks
> sid
>
>
>
>
> --
> View this message in context: 
> http://apache-felix.18485.x6.nabble.com/how-to-enable-felix-verify-the-contents-of-a-signed-bundle-tp5018089p5018093.html
> Sent from the Apache Felix - Users mailing list archive at Nabble.com.
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscr...@felix.apache.org
> For additional commands, e-mail: users-h...@felix.apache.org
>

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@felix.apache.org
For additional commands, e-mail: users-h...@felix.apache.org

Reply via email to