Hi Karl, for the test case, i myself corrupt the jar file. Following are the steps which I performed: - I simply extracted the content of valid signed .jar file then opened a .class file(extracted from the jar) in notepad++ and corrupted the file, simply by removing some data and adding some garbage data and saved the file. - And then created a new jar again with name my_tempered.jar.
To verify that the file is corrupt, i tested it with jarsigner tool as following: *jarsigner -verify my_tempered.jar* It then threw "jarsigner: java.lang.SecurityException: invalid SHA1 signature file digest" for the corrupted .class file. I was expecting such a similar error when trying to install this .jar bundle file on felix but no error/exception was thrown. I don't know exactly how to enable that framework security bundle to verify a signed bundle or do i need to install some thing else also in addition to that bundle ? please give your some view points. Thanks sid -- View this message in context: http://apache-felix.18485.x6.nabble.com/how-to-enable-felix-verify-the-contents-of-a-signed-bundle-tp5018089p5018093.html Sent from the Apache Felix - Users mailing list archive at Nabble.com. --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
