[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
[equinox-dev] Verification of signed jars during bundle installation


I've been looking into Equinox's support for dealing with signed jars and have a couple of queries with which I'd be grateful for some pointers.

I've figured out that I can enable SignedBundleHook by starting Equinox with -Dosgi.signedcontent.support=true. With the hook enabled I've then run the debugger through the installation of a bundle. This bundle is packaged in a Jar that's been signed but has since been modified such that the signatures are now wrong. I've observed SignedBundleHook.wrapBundleFile being invoked and a GeneralSecurityException being thrown, caught, and swallowed, when the tampering is discovered. Ideally I'd like the installation to fail at this point as the bundle's signatures are out of sync with its contents.

With this goal in mind I also looked at org.eclipse.osgi.internal.signedcontent.BundleInstallListener and experimented with enabling its policing of signed jars. I figured out that I can enable signed jar policing by starting Equinox with -Dosgi.signedcontent.authorization.engine.policy=signed but this appears to make things too restrictive as it requires every bundle that's installed to be signed, rather than just checking that those that are signed are signed correctly.

Is there any way to configure Equinox for the middle ground that I'm looking for? I'd like unsigned jars to be accepted, and signed jars to be accepted *unless* the signatures are incorrect in which case I'd like the attempt to install the bundle to fail.