felix-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Karl Pauls <karlpa...@gmail.com>
Subject Re: how to enable felix verify the contents of a signed bundle
Date Mon, 22 Aug 2016 20:55:54 GMT
Hi Siddharth,

as Robert is correctly pointing out: the next step is to actually define
your security policy. His example gives all permission to all bundles that
are correctly signed by a given certificate. Granted, that might be a
little broad but it would be a start. If you tell us more about what you
are actually try to get working we probably could help you with a more
specific policy (e.g., there is a way to only give install permission for
bundles that are signed iirc).

regards,

Karl

On Mon, Aug 22, 2016 at 6:53 PM, Robert Onslow <robert.onslow@gmail.com>
wrote:

> Sid
> Did you try my recipe?
> Robert
>
> On Mon, Aug 22, 2016 at 8:12 AM, sid19039 <sid19039@gmail.com> wrote:
> > Hello
> > @Robert and @Karl, Thank you so much for your answers.
> >
> > Via
> > -Dfelix.keystore=file:certificates.ks -Dfelix.keystore.pass=foobar
> > -Dfelix.keystore.type=jks
> > I am able to verify the bundle against its signature now. First, i was
> > mentioning the path to keystore file as
> > -Dfelix.keystore=file:my.keystore, didn't know absolute path is
> required to
> > be given, but then i mentioned the absolute path to my.keystore file as
> > -Dfelix.keystore=file:/D:A/B/my.keystore then i was able to verify the
> > signed bundle successfully.
> > But the problem is : an unsigned bundle is still being allowed to be
> > installed into the framework.
> > Also if i remove any of .SF and .DSA file or both files from jar file
> then
> > again no error occured while installing the jar file and it installed
> > successfully.
> > Is there any another configuration left to be set which prevents unsigned
> > bundle from being installed and show error on console?
> > please share view points.
> >
> > Thanks
> > siddharth
> >
> >
> >
> >
> > --
> > View this message in context: http://apache-felix.18485.x6.n
> abble.com/how-to-enable-felix-verify-the-contents-of-a-
> signed-bundle-tp5018089p5018178.html
> > Sent from the Apache Felix - Users mailing list archive at Nabble.com.
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: users-unsubscribe@felix.apache.org
> > For additional commands, e-mail: users-help@felix.apache.org
> >
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@felix.apache.org
> For additional commands, e-mail: users-help@felix.apache.org
>
>


-- 
Karl Pauls
karlpauls@gmail.com

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message