[jira] Commented: (FELIX-22) Implement support for digitally signed bundles
[ https://issues.apache.org/jira/browse/FELIX-22?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12472474 ] Karl Pauls commented on FELIX-22: - I removed the support for now. I will provided it as an extension bundle soon. > Implement support for digitally signed bundles > -- > > Key: FELIX-22 > URL: https://issues.apache.org/jira/browse/FELIX-22 > Project: Felix > Issue Type: New Feature > Components: Framework, Specification compliance >Reporter: Richard S. Hall > Assigned To: Karl Pauls > Attachments: patch.txt > > > This issue relates to section 2 of the OSGi R4 specification. This issue is > somewhat difficult in general, but even more difficult if we hope to create a > solution that works easily on J2ME and constrained devices. -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online.
[jira] Commented: (FELIX-22) Implement support for digitally signed bundles
[ http://issues.apache.org/jira/browse/FELIX-22?page=comments#action_12431075 ] Karl Pauls commented on FELIX-22: - The patch is in (as of revision 437838); minus the bit about making the Signer none public. BJ is right, we need to get this out of of the public available classes inside the osgi namespace in order to be compliant with the spec. The issue at the moment is twofold (and boils down to "I need more time" :-); first, by simply making the class none public we need to ensure we do any reflective instantiation inside a doPriv (what we don't currently do - for example in our ldap filter); and second, I'm busy working on some related stuff (namely, ConditionalPermissionAdmin) that will likely need the Signer class to be moved someplace else anyways. I'll get back to this shortly. > Implement support for digitally signed bundles > -- > > Key: FELIX-22 > URL: http://issues.apache.org/jira/browse/FELIX-22 > Project: Felix > Issue Type: New Feature > Components: Framework, Specification compliance >Reporter: Richard S. Hall > Assigned To: Karl Pauls > Attachments: patch.txt > > > This issue relates to section 2 of the OSGi R4 specification. This issue is > somewhat difficult in general, but even more difficult if we hope to create a > solution that works easily on J2ME and constrained devices. -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: http://issues.apache.org/jira/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] Commented: (FELIX-22) Implement support for digitally signed bundles
[ http://issues.apache.org/jira/browse/FELIX-22?page=comments#action_12430239 ] Karl Pauls commented on FELIX-22: - As of revision 434393 support for digitally signed bundles is implemented. For the time being the idea is to have the framework starter pass in a collection of trustedCaCerts that are used to verify the certificates a bundle has been signed with. The dn matching is implemented in our version of org.osgi.framework.AdminPermission while the actual certificate extraction and verification is done in org.apache.felix.framework.cache.BundleRevision and it's subclasses. While part of this is still work in progress (i.e., needs cleaning-up and will likely be relocated) it is actually already working (but in need of testing). I'll start a usage document once we have PermissionAdmin working (in case someone would like to play around with it now, do not hesitate to ask for help on the dev-list). > Implement support for digitally signed bundles > -- > > Key: FELIX-22 > URL: http://issues.apache.org/jira/browse/FELIX-22 > Project: Felix > Issue Type: New Feature > Components: Specification compliance, Framework >Reporter: Richard S. Hall > Assigned To: Karl Pauls > > This issue relates to section 2 of the OSGi R4 specification. This issue is > somewhat difficult in general, but even more difficult if we hope to create a > solution that works easily on J2ME and constrained devices. -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: http://issues.apache.org/jira/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira
