[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
Re: [equinox-dev] TrustEngine in supplemental?


> From: Scott Lewis <slewis@xxxxxxxxxxxxx>

>> My thought was that some other fragment could be implemented that
>> provides an alternative implementation of ECFTrustManager that
>> simply looks at the CA certs keystore themselves instead of using a
>> TrustEngine service to do that work for them.

>
> I see.   Another alternative:  if the TrustEngine service interface
> (only) were added to the supplemental, I (or contributors/consumers)
> could look into providing a non-Equinox TrustEngine implementation
> as part of ECF's ssl support.
>
> Thanks,
>
> Scott
>

This sounds like a possibility except for the fact that TrustEngine is not an interface, it is an abstract class that has some internal dependencies on a TrustEngineListener class in the framework.  This was a way to allow the framework to track any changes to certificate trust for the signed bundles.  We would have to come up with an alternative way to break this internal dependency in order to move TrustEngine to the supplement bundle.

Tom