[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[equinox-dev] Bundle Verification using custom TrustEngine
- From: David LÃbbren - PRION Group <dluebbren@xxxxxxxx>
- Date: Mon, 19 Jan 2009 16:38:18 +0100 (CET)
- Delivered-to: firstname.lastname@example.org
- Organization: PRION GmbH
I am trying to use the signed content functionality in equinox to verify
all bundles at load time.
After patching Eclipse 3.4 org.eclipse.osgi system bundle to include the
I am able to this out of the box using the following properties:
with a local keystore. All jars are signed in the exported product
directory, so eclipse jars are signed (at least) twice, and my custom
This seems to work fine now (I did a couple of tests replacing signed
jars with unsigned ones etc...).
My aim is to use a custom trust engine to be able to verify certificate
trust independent of a local keystore.
This is not working. Trying to track down why, I am using a copy of
KeyStoreTrustEngine named CECKeyStoreTrustEngine. This Class is
registered via a custom Adaptor Hook as an osgi service. I have
that the service is registered and started via sysout and use the
properties to activate it:
Â-Dosgi.framework.extensions=cec.bundleverifierÂÂÂÂÂÂÂ (the custom hook
Using this setup the application generates an exception:
Âorg.osgi.framework.BundleException: The bundle could not be resolved.
Reason: The bundle is disabled: "org.eclipse.equinox.security:null"
When I remove the Property 'osgi.signedcontent.trust.engine' all
TrustEngines are called and the verification works again.
My Question is: Why does the KeyStoreTrustEngine registerd from the
SignedBundleHook work, but the same copy from my own hook fails ?