Skip to main content


Eclipse Community Forums
Forum Search:

Search      Help    Register    Login    Home
Home » Eclipse Projects » Equinox » disable bundle verification during P2 update(looking for a way to disable bundle verification during P2 update operation)
disable bundle verification during P2 update [message #848623] Wed, 18 April 2012 12:23 Go to next message
Christian Sell is currently offline Christian SellFriend
Messages: 51
Registered: August 2010
Member
Hello,

I am looking for a way to disable bundle certificate verification for signed bundles during P2 update, similar to the facility the old update system provided through the interface org.eclipse.update.core.IVerificationListener.

We need this, because we are maintaining a custom cacerts file with the JRE on the target systems, which cannot easily be replaced, and which does not contain the root CAs expected by bundle verification.

thanks,
Christian Sell

Report message to a moderator

Re: disable bundle verification during P2 update [message #849270 is a reply to message #848623] Thu, 19 April 2012 02:29 Go to previous messageGo to next message
Pascal Rapicault is currently offline Pascal RapicaultFriend
Messages: 333
Registered: July 2009
Location: Ottawa
Senior Member
The approach is slightly different in p2. The prompting for pwd and trust info is done using the org.eclipse.equinox.p2.core.UIServices.
The UIService needs to be registered against the provisioning agent (org.eclipse.equinox.p2.core.IProvisioningAgent).

HTH

Pascal

Report message to a moderator

Re: disable bundle verification during P2 update [message #849370 is a reply to message #849270] Thu, 19 April 2012 04:55 Go to previous messageGo to next message
Christian Sell is currently offline Christian SellFriend
Messages: 51
Registered: August 2010
Member
thanks. Now, is there way for me to override the default UIService, which seems to simply reject non-verifyable certificates?

Report message to a moderator

Re: disable bundle verification during P2 update [message #849573 is a reply to message #849370] Thu, 19 April 2012 09:08 Go to previous messageGo to next message
Christian Sell is currently offline Christian SellFriend
Messages: 51
Registered: August 2010
Member
specifically, I would like to ask:

- is there a way to extend the default implementation, and just selectively override individual methods?
- if I register a new UIServices implementation, how can I be sure it is used? Does the code that registers the default implementation check whether another service is already registered? Or do I have to do the registering at a specific point in time?

thanks,
chris

Report message to a moderator

Re: disable bundle verification during P2 update [message #849610 is a reply to message #849573] Thu, 19 April 2012 09:46 Go to previous messageGo to next message
Christian Sell is currently offline Christian SellFriend
Messages: 51
Registered: August 2010
Member
and, to continue:

I see examples on the web that simply return

new TrustInfo(new Certificate[0], true, true);

from the UIServices#getTrustInfo method. However, reading the comment on TrustInfo#getTrustedCertificates, it seems that would say that there are 0 trustred certificates, which sounds odd. Is it really sufficient to return an empty array?

thanks,
-C

Report message to a moderator

Re: disable bundle verification during P2 update [message #849626 is a reply to message #849610] Thu, 19 April 2012 10:07 Go to previous messageGo to next message
Christian Sell is currently offline Christian SellFriend
Messages: 51
Registered: August 2010
Member
ok, had a look into CertificateChecker. Seems like the algorithm below is better:

  public TrustInfo getTrustInfo(Certificate[][] untrustedChain, String[] unsignedDetail)
  {
    Certificate[] trusted = new Certificate[untrustedChain.length];
    for (int i = 0; i < untrustedChain.length; i++)
    {
      trusted[i] = untrustedChain[i][0];
    }
    return new TrustInfo(trusted, true, true);
}

Report message to a moderator

Re: disable bundle verification during P2 update [message #849932 is a reply to message #849626] Thu, 19 April 2012 15:37 Go to previous messageGo to next message
Pascal Rapicault is currently offline Pascal RapicaultFriend
Messages: 333
Registered: July 2009
Location: Ottawa
Senior Member
The last service that has been registered with the provisioning agent wins.
What you can do in your code is wrap the existing service.

Another possibility is to directly change the default implementation in p2 (ValidationDialogServiceUI or CertificateChecker) to have a preference that bypass this check. But this would mean that you would have to adapt a newer version of p2.

Report message to a moderator

Re: disable bundle verification during P2 update [message #849962 is a reply to message #849932] Thu, 19 April 2012 16:12 Go to previous message
Christian Sell is currently offline Christian SellFriend
Messages: 51
Registered: August 2010
Member
as far as my requirements go, I am ok. My service gets called, and it seems to do what its supposed to. Adopting a newer version of P2 wouldnt be an option anyway with my current employer. Now on to the cache issue Wink

thanks

Report message to a moderator

Previous Topic:[P2] RCP Export keeps old repo location in prefs
Next Topic:[P2] Extending RepositoryTrackerComponent
Goto Forum:
  

[ Syndicate this forum (XML) ] [ RSS ]

Current Time: Tue Apr 16 21:38:54 GMT 2024

Powered by FUDForum. Page generated in 1.21036 seconds
.:: Contact :: Home ::.

Powered by: FUDforum 3.0.2.
Copyright ©2001-2010 FUDforum Bulletin Board Software

Back to the top

Sign up to our Newsletter

A fresh new issue delivered monthly