483581 – californium-osgi fails jar validation

Bug 483581 - californium-osgi fails jar validation

Summary: californium-osgi fails jar validation

Status:	UNCONFIRMED

Alias:	None

Product:	Californium
Classification:	IoT
Component:	Californium (show other bugs)
Version:	unspecified
Hardware:	PC Windows NT

Importance:	P3 blocker
Target Milestone:	---
Assignee:	Project Inbox
QA Contact:

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2015-12-03 10:52 EST by Valentin Valchev
Modified:	2015-12-17 10:26 EST (History)
CC List:	0 users

See Also:

Attachments
patch that fixes the problem (614 bytes, application/octet-stream) 2015-12-03 10:52 EST, Valentin Valchev	no flags	Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Valentin Valchev

2015-12-03 10:52:29 EST

Created attachment 258441 [details]
patch that fixes the problem

The californium-osgi bundle cannot be used at all, because the jar doesn't validate against the build-in signature:

---
jarsigner.exe -verify californium-osgi-1.0.0.jar
jarsigner: java.lang.SecurityException: Invalid signature file digest for Manifest main attributes
---

I've been investigating the problem and found, that the signature comes from californium-core jar file, which is inlined.

The problem can be easily fix in the pom.xml, replacing the line:
<Embed-Dependency>californium-core;inline=true,element-connector;inline=!about.html</Embed-Dependency>

With:
<Embed-Dependency>californium-core;inline=org/eclipse/californium/*|*.html,element-connector;inline=inline=org/eclipse/californium/*</Embed-Dependency>


A patch is attached to this issue.