Re: Jar signing support in Karaf
Hi All, Im using the following in my policy file: ALLOW { [ org.osgi.service.condpermadmin.BundleSignerCondition CN=\XYZ company\, OU=XXX, O=\XXX\, L=XXX, ST=XXX, C=XXX] ( java.security.AllPermission * *) } Signed by XYZ where the custom oraganisation certificate details are mentioned in the BundleSignerCondition. With this policy file, when I start my bundle, i get the following: In main loop, we have serious trouble: java.security.AccessControlException: access denied (org.osgi.framework.AdaptPermission org.osgi.framework.startlevel.FrameworkStartLevel adapt) java.security.AccessControlException: access denied (org.osgi.framework.AdaptPermission org.osgi.framework.startlevel.FrameworkStartLevel adapt) at java.security.AccessControlContext.checkPermission(AccessControlContext.java:366) at java.security.AccessController.checkPermission(AccessController.java:555) at java.lang.SecurityManager.checkPermission(SecurityManager.java:549) at org.apache.felix.framework.BundleImpl.checkAdapt(BundleImpl.java:1026) at org.apache.felix.framework.Felix.adapt(Felix.java:475) at org.apache.felix.fileinstall.internal.DirectoryWatcher.run(DirectoryWatcher.java:301) If I give a generic policy like : ALLOW { ( java.security.AllPermission * * ) } 3 It works fine. Any ideas on getting around the exception? Thanks, Sapna -- View this message in context: http://karaf.922171.n3.nabble.com/Jar-signing-support-in-Karaf-tp4040567p4040742.html Sent from the Karaf - Dev mailing list archive at Nabble.com.
Jar signing support in Karaf
Hi All, I want to deploy custom signed bundles (signed using organization specific jar signing authority) in Karaf 2.3.6 . Is this supported? I know I can configure the policy file giving AdminPermissions to the organisation specific jar signing authority, but I wanted to understand is how Karaf will pick up the right Certificate to validate the signed jars? I have the certifcate used udring jar signing. Where do I place this cert in Karaf configuration, that it is picked up during jar validation? Any help will be greatly appreciated. Thanks, SapnaB -- View this message in context: http://karaf.922171.n3.nabble.com/Jar-signing-support-in-Karaf-tp4040567.html Sent from the Karaf - Dev mailing list archive at Nabble.com.
Re: Jar signing support in Karaf
Hi Sapna, You can configure the cert as startup args (in bin/karaf), so it should work. regards JB On 05/25/2015 07:39 PM, SapnaB wrote: Hi All, I want to deploy custom signed bundles (signed using organization specific jar signing authority) in Karaf 2.3.6 . Is this supported? I know I can configure the policy file giving AdminPermissions to the organisation specific jar signing authority, but I wanted to understand is how Karaf will pick up the right Certificate to validate the signed jars? I have the certifcate used udring jar signing. Where do I place this cert in Karaf configuration, that it is picked up during jar validation? Any help will be greatly appreciated. Thanks, SapnaB -- View this message in context: http://karaf.922171.n3.nabble.com/Jar-signing-support-in-Karaf-tp4040567.html Sent from the Karaf - Dev mailing list archive at Nabble.com. -- Jean-Baptiste Onofré jbono...@apache.org http://blog.nanthrax.net Talend - http://www.talend.com