[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
[equinox-dev] Don't get BundleSignerCondition to work

Hi all,

I want to use a BundleSignerCondition to configure permissions for
bundles. I'm using Equinox 3.5.1R35x_v20090827 (if this matters in any
case).

I've created a free trial certificate from VeriSign and imported it
into my keystore.

I'm starting Equinox, a "permission manager" bundle and a testing
bundle which is trying to write to a file located in /tmp.

The "permission manager" bundle is providing AllPermission for the
system bundle and the "permission manager" bundle itself. It then
reads a file to provide any other security policy.

That file consists of:

ALLOW {
#  [ org.osgi.service.condpermadmin.BundleSignerCondition "cn=*,
o='VeriSign, Inc.'" ]
  [org.osgi.service.condpermadmin.BundleLocationCondition
"*permTest-1.0.0.jar/"]
  (org.osgi.framework.ServicePermission "*" "get, register")
  (java.io.FilePermission "/tmp/*" "write")
  (org.osgi.framework.PackagePermission "*" "*")
  (java.security.AllPermission "*" "*")
} "x"

Using BundleLocationCondition (as shown) works as intended,
BundleSignerCondition isn't working :(.

Equinox is started with the following parameters:

java -Xdebug -Xrunjdwp:transport=dt_socket,server=y,suspend=n,address=8000 \
  -Declipse.security=osgi \
  -Djava.security.policy=all.policy \
  -Dosgi.signedcontent.support=all \
  -Dosgi.framework.keystore=file:///~/devel/permissiontests/myKeystore.ks \
  -Dcom.openmatics.box.policy.file=permissions.policy \
  -Djava.security.debug=access:failure \
  -jar org.eclipse.osgi-3.5.1.R35x_v20090827.jar -configuration $PWD -console

Any help to get BundleSignerCondition working will be appreciated!

Thanks in advance,
Ingo