Hi Siddharth, as Robert is correctly pointing out: the next step is to actually define your security policy. His example gives all permission to all bundles that are correctly signed by a given certificate. Granted, that might be a little broad but it would be a start. If you tell us more about what you are actually try to get working we probably could help you with a more specific policy (e.g., there is a way to only give install permission for bundles that are signed iirc).
regards, Karl On Mon, Aug 22, 2016 at 6:53 PM, Robert Onslow <[email protected]> wrote: > Sid > Did you try my recipe? > Robert > > On Mon, Aug 22, 2016 at 8:12 AM, sid19039 <[email protected]> wrote: > > Hello > > @Robert and @Karl, Thank you so much for your answers. > > > > Via > > -Dfelix.keystore=file:certificates.ks -Dfelix.keystore.pass=foobar > > -Dfelix.keystore.type=jks > > I am able to verify the bundle against its signature now. First, i was > > mentioning the path to keystore file as > > -Dfelix.keystore=file:my.keystore, didn't know absolute path is > required to > > be given, but then i mentioned the absolute path to my.keystore file as > > -Dfelix.keystore=file:/D:A/B/my.keystore then i was able to verify the > > signed bundle successfully. > > But the problem is : an unsigned bundle is still being allowed to be > > installed into the framework. > > Also if i remove any of .SF and .DSA file or both files from jar file > then > > again no error occured while installing the jar file and it installed > > successfully. > > Is there any another configuration left to be set which prevents unsigned > > bundle from being installed and show error on console? > > please share view points. > > > > Thanks > > siddharth > > > > > > > > > > -- > > View this message in context: http://apache-felix.18485.x6.n > abble.com/how-to-enable-felix-verify-the-contents-of-a- > signed-bundle-tp5018089p5018178.html > > Sent from the Apache Felix - Users mailing list archive at Nabble.com. > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: [email protected] > > For additional commands, e-mail: [email protected] > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [email protected] > For additional commands, e-mail: [email protected] > > -- Karl Pauls [email protected]
