Re: [equinox-dev] Bundle Verification using custom TrustEngine

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]

Re: [equinox-dev] Bundle Verification using custom TrustEngine

From: David Lübbren - PRION Group <dluebbren@xxxxxxxx>
Date: Mon, 19 Jan 2009 18:20:50 +0100 (CET)
Delivered-to: equinox-dev@xxxxxxxxxxx
List-archive: <https://dev.eclipse.org/mailman/private/equinox-dev>
List-help: <mailto:equinox-dev-request@eclipse.org?subject=help>
List-subscribe: <https://dev.eclipse.org/mailman/listinfo/equinox-dev>, <mailto:equinox-dev-request@eclipse.org?subject=subscribe>
List-unsubscribe: <https://dev.eclipse.org/mailman/listinfo/equinox-dev>, <mailto:equinox-dev-request@eclipse.org?subject=unsubscribe>
Organization: PRION GmbH

Am Mo 19.01.2009 17:21 schrieb Thomas Watson <tjwatson@xxxxxxxxxx>:

>
>The property osgi.signedcontent.trust.engine is used to limit the trust
>engine services that the SignedBundleFile will use to determine if a
>signer
>is trusted. When you set that property to CECKeyStoreTrustEngine then
>only
>your trust engine will be used to establish trust. Do you know if your
>trust engine is called at all? Do you register your trust engine
>service
>with the same service property set? (i.e.
>osgi.signedcontent.trust.engine=CECKeyStoreTrustEngine).
Yes, the custom trust engine is registered with a property set including
     properties.put(Constants.SERVICE_RANKING, new
Integer(Integer.MAX_VALUE));       
     properties.put(SignedContentConstants.TRUST_ENGINE,
"CECKeyStoreTrustEngine");
and the external property
-Dosgi.signedcontent.trust.engine=CECKeyStoreTrustEngine
I confirmed the registration through console output and also trace
output of method "findTrustAnchor"
in the custom trust engine. Additionally I turned on tracing with an
.options file, with debug and security
turned on and I see the "Trust Anchor" output of the certificates.

The only difference in the launches is the property
osgi.signedcontent.trust.engine.
If not set the default mechanism via KeyStoreTrustEngine is used and it
works.
When set to the custom trust engine it doesn't.

The traces start differing at the point where
"org.eclipse.update.configurator" is installed ie.
 "install from inputstream:
initial@reference:file:plugins/org.eclipse.update.configurator_3.2.201.R34x_v20"
In the default KeyStoreTrustEngine prior to the above line the "Trust
Anchor" is printed out verbose wheras in the
custom trust engine it is not. For Bundles prior to this point "Trust
Anchor"s are printed out in both cases.

To me it feels like some kind of bootstrap/bundle/fragment load order
issue, as the only difference I see is that the
custom trust engine is registered from an osgi fragment, whereas
SignedBundleHook & Co are registered from the
system bundle itself. The trust engine code is exactly the same ie. a
copy & paste job (apart from trace output).

Thanks
David


>
>You will notice the code in

>>org.eclipse.osgi.internal.signedcontent.SignedBundleHook.getTrustEngines()
>uses a ServiceTracker to find the trust engine services. A filter is
>used
>when you set the osgi.signedcontent.trust.engine. property.
Yes, I did catch it.
>
>HTH.
>
>Tom
>
>
>
>
>
>From: David Lübbren - PRION Group <dluebbren@xxxxxxxx>
>
>To: equinox-dev@xxxxxxxxxxx
>
>Date: 01/19/2009 09:41 AM
>
>Subject: [equinox-dev] Bundle Verification using custom TrustEngine
>
>
>
>
>
>
>Hello,
>I am trying to use the signed content functionality in equinox to
>verify
>all bundles at load time.
>After patching Eclipse 3.4 org.eclipse.osgi system bundle to include
>the
>patch (https://bugs.eclipse.org/bugs/show_bug.cgi?id=252098)
>I am able to this out of the box using the following properties:
> -Dosgi.signedcontent.support=all
> -Dosgi.clean=true
> -Dosgi.signedcontent.authorization.engine.policy=validity
> -Dosgi.framework.keystore=file:/C:/myData/myKeystore
>with a local keystore. All jars are signed in the exported product
>plugin
>directory, so eclipse jars are signed (at least) twice, and my custom
>ones once.
>This seems to work fine now (I did a couple of tests replacing signed
>jars with unsigned ones etc...).
>
>My aim is to use a custom trust engine to be able to verify certificate
>trust independent of a local keystore.
>This is not working. Trying to track down why, I am using a copy of
>KeyStoreTrustEngine named CECKeyStoreTrustEngine. This Class is
>registered via a custom Adaptor Hook as an osgi service. I have
>confirmed
>that the service is registered and started via sysout and use the
>following
>properties to activate it:
> -Dosgi.signedcontent.trust.engine=CECKeyStoreTrustEngine
> -Dosgi.framework.extensions=cec.bundleverifier        (the custom hook
>package)
>
>Using this setup the application generates an exception:
> org.osgi.framework.BundleException: The bundle could not be resolved.
>Reason: The bundle is disabled: "org.eclipse.equinox.security:null"
>
>When I remove the Property 'osgi.signedcontent.trust.engine' all
>TrustEngines are called and the verification works again.
>
>My Question is: Why does the KeyStoreTrustEngine registerd from the
>SignedBundleHook work, but the same copy from my own hook fails ?
>
>Thanks
>David Luebbren
>
>_______________________________________________
>equinox-dev mailing list
>equinox-dev@xxxxxxxxxxx
>https://dev.eclipse.org/mailman/listinfo/equinox-dev
>

Follow-Ups:
- Re: [equinox-dev] Bundle Verification using custom TrustEngine
  - From: Thomas Watson

References:
- [equinox-dev] Bundle Verification using custom TrustEngine
  - From: David Lübbren - PRION Group
- Re: [equinox-dev] Bundle Verification using custom TrustEngine
  - From: Thomas Watson

Prev by Date: Re: [equinox-dev] Bundle Verification using custom TrustEngine
Next by Date: [equinox-dev] Starting an application (testing)
Previous by thread: Re: [equinox-dev] Bundle Verification using custom TrustEngine
Next by thread: Re: [equinox-dev] Bundle Verification using custom TrustEngine
Index(es):
- Date
- Thread

Breadcrumbs