Eclipse Community Forums: P2 » Bundle signing certificate handling in P2

Help

Home

Home » Eclipse Projects » P2 » Bundle signing certificate handling in P2

Show: Today's Messages :: Show Polls :: Message Navigator

Bundle signing certificate handling in P2 [message #1745199]

Thu, 06 October 2016 11:46

Steve Francisco

Messages: 4
Registered: July 2009

Junior Member

P2 will warn if unsigned jars are being installed, but it does not seem to check for certificate validity. I am able to install jars signed with an expired certificate without warnings or errors. From looking at the code, I suspect the same is true for revoked certificates. Can someone explain the current implementation and what the expected behaviour is?

Report message to a moderator

Re: Bundle signing certificate handling in P2 [message #1745225 is a reply to message #1745199]

Thu, 06 October 2016 16:29

Brian de Alwis

Messages: 837
Registered: January 2012

Senior Member

I was curious about this too. From looking at the code, the certificate verification is handled by the CertificateChecker, created by the CheckTrust phase implementation. The CertificateChecker uses the OSGi SignedContentFactory to check the signed status.

Equinox provides a single implementation, SignedBundleHook. It uses a osgi.signedcontent.support property, and maybe one of those options will help?

Eclipse Platform committer. Ask me about Eclipse support, training, and consulting.

Report message to a moderator

Previous Topic:	Download statistics server
Next Topic:	P2 Update - User Agent buildId

Goto Forum:

-=] Back to Top [=-

[ Syndicate this forum (XML) ] [

]

Current Time: Sun Jun 16 00:53:05 GMT 2019

.:: Contact :: Home ::.

Breadcrumbs

Sign up to our Newsletter