Re: Jar signing support in Karaf
Hi All,
Im using the following in my policy file:
ALLOW {
[ org.osgi.service.condpermadmin.BundleSignerCondition CN=\XYZ
company\, OU=XXX, O=\XXX\, L=XXX, ST=XXX, C=XXX]
( java.security.AllPermission * *)
} Signed by XYZ
where the custom oraganisation certificate details are mentioned in the
BundleSignerCondition.
With this policy file, when I start my bundle, i get the following:
In main loop, we have serious trouble: java.security.AccessControlException:
access denied (org.osgi.framework.AdaptPermission
org.osgi.framework.startlevel.FrameworkStartLevel adapt)
java.security.AccessControlException: access denied
(org.osgi.framework.AdaptPermission
org.osgi.framework.startlevel.FrameworkStartLevel adapt)
at
java.security.AccessControlContext.checkPermission(AccessControlContext.java:366)
at
java.security.AccessController.checkPermission(AccessController.java:555)
at
java.lang.SecurityManager.checkPermission(SecurityManager.java:549)
at
org.apache.felix.framework.BundleImpl.checkAdapt(BundleImpl.java:1026)
at org.apache.felix.framework.Felix.adapt(Felix.java:475)
at
org.apache.felix.fileinstall.internal.DirectoryWatcher.run(DirectoryWatcher.java:301)
If I give a generic policy like :
ALLOW {
( java.security.AllPermission * * )
} 3
It works fine.
Any ideas on getting around the exception?
Thanks,
Sapna
--
View this message in context:
http://karaf.922171.n3.nabble.com/Jar-signing-support-in-Karaf-tp4040567p4040742.html
Sent from the Karaf - Dev mailing list archive at Nabble.com.
Jar signing support in Karaf
Hi All, I want to deploy custom signed bundles (signed using organization specific jar signing authority) in Karaf 2.3.6 . Is this supported? I know I can configure the policy file giving AdminPermissions to the organisation specific jar signing authority, but I wanted to understand is how Karaf will pick up the right Certificate to validate the signed jars? I have the certifcate used udring jar signing. Where do I place this cert in Karaf configuration, that it is picked up during jar validation? Any help will be greatly appreciated. Thanks, SapnaB -- View this message in context: http://karaf.922171.n3.nabble.com/Jar-signing-support-in-Karaf-tp4040567.html Sent from the Karaf - Dev mailing list archive at Nabble.com.
Re: Jar signing support in Karaf
Hi Sapna, You can configure the cert as startup args (in bin/karaf), so it should work. regards JB On 05/25/2015 07:39 PM, SapnaB wrote: Hi All, I want to deploy custom signed bundles (signed using organization specific jar signing authority) in Karaf 2.3.6 . Is this supported? I know I can configure the policy file giving AdminPermissions to the organisation specific jar signing authority, but I wanted to understand is how Karaf will pick up the right Certificate to validate the signed jars? I have the certifcate used udring jar signing. Where do I place this cert in Karaf configuration, that it is picked up during jar validation? Any help will be greatly appreciated. Thanks, SapnaB -- View this message in context: http://karaf.922171.n3.nabble.com/Jar-signing-support-in-Karaf-tp4040567.html Sent from the Karaf - Dev mailing list archive at Nabble.com. -- Jean-Baptiste Onofré jbono...@apache.org http://blog.nanthrax.net Talend - http://www.talend.com
