If you need an example that is publicly available, the Apache Directory Studio plugin is signed with an Apache certificate that shows up as untrusted when I attempt to install it:
On Eclipse 4.2, the pop-up window asking to trust easily gets hidden and can't be called back again, which means that the installation of that (and anything else in the same provisioning operation) fails.
Alex On 3 Jan 2013, at 14:55, John Arthorne wrote: I really don't remember the details here.
I suspect once we got all Eclipse projects signing with a real cert verified
by an authority trusted by the JVM, this wasn't a big issue for us. In
the end, asking an end user to make a trust decision on a self-signed or
unverified cert is silly anyway. There is no way an end user could make
an informed trust decision based on that information, and if we did persist
the decision, it would essentially be "I know it's not trusted but
please stop asking me". It looks like KeyStoreTrustEngine
registered by the framework is capable of persisting changes though, if
the system is configured properly. If Scott or anyone else is interested
in the trust persistence aspect I suggest opening a bug and we go from
there.
John
From:
Thomas Watson <tjwatson@xxxxxxxxxx>
To:
Equinox development
mailing list <equinox-dev@xxxxxxxxxxx>,
Date:
01/02/2013 10:20 AM
Subject:
Re: [equinox-dev]
TrustEngine and other security services
Sent by:
equinox-dev-bounces@xxxxxxxxxxx
Thanks John,
I see that the code you mention does use a TrustEngine to attempt to persist
newly trusted certificates. But I wonder if there are any implementations
of the TrustEngine service that are not read-only. The framework
registers a built-in TrustEngine that is backed by the CA certs that are
configured with the VM but this TrustEngine is read-only.
Tom
<Mail Attachment.gif>John
Arthorne ---01/02/2013 08:43:48 AM---p2 uses the TrustEngine to persist
newly trusted certificates after prompting the user. See org.ecl
From: John Arthorne <John_Arthorne@xxxxxxxxxx>
To: Equinox development mailing list
<equinox-dev@xxxxxxxxxxx>,
Date: 01/02/2013 08:43 AM
Subject: Re: [equinox-dev] TrustEngine
and other security services
Sent by: equinox-dev-bounces@xxxxxxxxxxx
p2 uses the TrustEngine to persist newly trusted certificates after prompting
the user. See org.eclipse.equinox.internal.p2.engine.phases.CertificateChecker.
http://git.eclipse.org/c/equinox/rt.equinox.p2.git/tree/bundles/org.eclipse.equinox.p2.engine/src/org/eclipse/equinox/internal/p2/engine/phases/CertificateChecker.java
John
From: Thomas
Watson <tjwatson@xxxxxxxxxx>
To: Equinox
development mailing list <equinox-dev@xxxxxxxxxxx>,
Date: 01/02/2013
09:28 AM
Subject: Re:
[equinox-dev] TrustEngine and other security services
Sent by: equinox-dev-bounces@xxxxxxxxxxx
The TrustEngine is largely used as an implementation detail behind the
org.eclipse.osgi.signedcontent package. OSGi services published with
using the org.eclipse.osgi.service.security.TrustEngine interface are used
to determine the authenticity of a certificate chain used to sign content
(jars, bundles etc.). I did not remember p2 using the TrustEngine
directly, but perhaps it does for authenticating other types of certificates.
Sorry, other than the javadoc published for the packages there is not a
lot of documentation here.
Tom
<Mail Attachment.gif>Pascal
Rapicault ---12/29/2012 03:51:46 AM---The p2 engine makes use of the TrustEngine,
however I don't remember the details of how it works. Yo
From: Pascal Rapicault <pascal@xxxxxxxxxxxxx>
To: Equinox development mailing list
<equinox-dev@xxxxxxxxxxx>,
Date: 12/29/2012 03:51 AM
Subject: Re: [equinox-dev] TrustEngine
and other security services
Sent by: equinox-dev-bounces@xxxxxxxxxxx
The p2 engine makes use of the TrustEngine, however I don't remember the
details of how it works.
You may also want to poke around at other parts of p2 as I just happen
to remember about this ref in the engine, but there may be others.
HTH
Pascal
On 2012-12-29, at 5:47 AM, Scott Lewis wrote:
> Hello,
>
> Is there documentation on Equinox security services like org.eclipse.osgi.service.security.TrustEngine
service...and implementation? I looked in the Equinox Security area
[1], but didn't find a lot of service/API docs. Is/are there examples
of using the TrustEngine service(s)?
>
> Thanks,
>
> Scott
>
>
>
> _______________________________________________
> equinox-dev mailing list
> equinox-dev@xxxxxxxxxxx
> https://dev.eclipse.org/mailman/listinfo/equinox-dev
_______________________________________________
equinox-dev mailing list
equinox-dev@xxxxxxxxxxx
https://dev.eclipse.org/mailman/listinfo/equinox-dev
_______________________________________________
equinox-dev mailing list
equinox-dev@xxxxxxxxxxx
https://dev.eclipse.org/mailman/listinfo/equinox-dev
_______________________________________________
equinox-dev mailing list
equinox-dev@xxxxxxxxxxx
https://dev.eclipse.org/mailman/listinfo/equinox-dev
_______________________________________________
equinox-dev mailing list
equinox-dev@xxxxxxxxxxx
https://dev.eclipse.org/mailman/listinfo/equinox-dev
_______________________________________________ equinox-dev mailing list equinox-dev@xxxxxxxxxxx https://dev.eclipse.org/mailman/listinfo/equinox-dev
|