Some Eclipse Foundation services are deprecated, or will be soon. Please ensure you've read this important communication.

Bug 153847

Summary: [sec] Support for signature checking at bundle load-time
Product: [Eclipse Project] Equinox Reporter: Matt Flaherty <mwflaher>
Component: SecurityAssignee: Security Inbox <equinox.security-inbox>
Status: RESOLVED FIXED QA Contact:
Severity: enhancement    
Priority: P2 CC: albert_silliman, gunnar, habeck, jeffmcaffer, jwells, Mike_Wilson, ob1.eclipse, pascal, philippe_mulet, remy.suen, tjwatson
Version: unspecifiedKeywords: plan
Target Milestone: 3.4   
Hardware: All   
OS: All   
Whiteboard:
Bug Depends on: 199943, 201417, 201419    
Bug Blocks:    

Description Matt Flaherty CLA 2006-08-14 21:31:28 EDT 
Lotus has a need to restrict the plugins that are allowed to load to be from a list of approved and trusted signers. This will require continued investigation into the issues that prevented the platform from running with signed bundles in 3.2. There will also likely be enhancements to the API for the OSGi JarVerifier to abstract trust to external decision point (a la JSSE TrustManager).
Comment 1 Philipe Mulet CLA 2007-03-26 10:00:56 EDT 
Is anything planned for 3.3 ?
Comment 2 Jeff McAffer CLA 2007-03-26 10:09:57 EDT 
There is partial support for this but we need more help from the community to get this one complete.  For 3.3 nothing further is planned.
Comment 3 Matt Flaherty CLA 2007-08-08 18:12:06 EDT 
Consistent language with Equinox site
Comment 4 Matt Flaherty CLA 2008-03-10 15:50:44 EDT 
Moving to Security component
Comment 5 Mike Wilson CLA 2008-04-12 14:59:20 EDT 
This is marked "P2", which in general means "we'd rather not ship without fixing this". Is the expectation that we are going to do something about this for R3.4?
Comment 6 Matt Flaherty CLA 2008-04-12 16:59:23 EDT 
Yep, and barring documentation this task is complete. We've added the SignedContent, TrustEngine and AuthorizationEngine interfaces to Equinox, and some basic UI for manipulating the default policy (allow-all, only-allow-signed, only-allow-trusted).

We scaled back a bit from what I imagined in terms of associated certificate management UI based on P2's related needs.

I need to sit down and see what this means to this bug and the ones it blocks, but yes - this is in for 3.4.
Comment 7 Mike Wilson CLA 2008-04-12 21:26:38 EDT 
Nice. (You got polled because I'm going through all the P1/P2 bugs.)
Comment 8 Philipe Mulet CLA 2008-05-16 04:11:32 EDT 
Is this still planned for 3.4 ? The bug is open, and we are finished with RC1. Feels late for an 'enhancement'...
Comment 9 Thomas Watson CLA 2008-05-16 11:10:44 EDT 
This has been in for a while.  Still needs documentation.