[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
[equinox-dev] keystores and signature recognition

Hi,

 

I’ve been trying Equinox’s Conditional Permission Admin and can’t get it to run with signed bundles.

I’ve seen past threads in this ML but it seems a lot has changed, as most of the properties now have different names or accepted values. Looking at the Eclipse Runtime Options page was helpful but not enough.


I start the framework with Equinox launcher and pass these security properties:

-Declipse.security="osgi"

-Dosgi.signedcontent.support="runtime"

-Dosgi.framework.keystore=file:/C:/DEV/SEC/myKeystore – note the keystore is password protected.

I have a bunch of bundles in my p2 managed /plugins folder that are signed.

I also have a simple bundle that registers a conditional ALL permission to every bundle that is signed with my keystore. Here is the string I used:

Allow {

[org.osgi.service.condpermadmin.BundleSignerCondition "o=TEST" ]

( java.security.AllPermission “*” “*” )

}

 

The problem is that after my permissions bundle commits the changes everyone loses any permission. That’s probably because my bundle populates the conditional policy table so now it doesn’t default to <<all permission>> but obviously my signature isn’t recognized so all bundles lose their current permissions.

 

Can you help me? I must be missing something or doing it wrong…

 

Thank you,

Borislav