Skip to main content
 
developerWorks
AIX and UNIX
Information Mgmt
Lotus
New to Lotus
Products
How to buy
Downloads
Live demos
Technical library
Training
Support
Forums & community
Events
Rational
Tivoli
WebSphere
Java™ technology
Linux
Open source
SOA and Web services
Web development
XML
My developerWorks
About dW
Submit content
Feedback



developerWorks  >  Lotus  >  Forums & community  >  Lotus Expeditor Forum

Lotus Expeditor Forum

 developerWorks

  

Sign in to participate PreviousPrevious NextNext


Akio Motoki 25.May.10 05:00 AM a Web browser
Client for Desktop 6.2.1 Windows XP


I'm testing signed plugin with self certification that made by ikeyman.

I found 2 problems about the signed plugin.
(1) Signed plugin with self certification is not treated as UNTRUSTED but UNSIGNED.
(2) EXPIRED_SIGNATURE_POLICY can't work properly.

----------------------------------------------------------------
Environment : Expeditor for Desktop 6.2.1 FP1 on Windows XP SP3

Self certification "herohero" is made by ikeyman and stored in default "cacerts" file:
[Expeditor]\rcp\eclipse\plugins\com.ibm.rcp.j2se.win32.x86_1.6.0.20090820c-201001210330\jre\lib\security\cacerts)

Plugin is signed with "herohero" by following command:
jarsigner.exe -keystore [Expeditor]\rcp\eclipse\plugins\com.ibm.rcp.j2se.win32.x86_1.6.0.20090820c-201001210330\jre\lib\security\cacerts -storepass changeit D:\update\plugins\com.ibm.rcp.samples.richapp_6.1.2.jar herohero

Signature Policy is set by adding following settings to [Expeditor]\rcp\plugin_customization.ini:

com.ibm.rcp.security.update/VERIFICATION_LISTENER=com.ibm.rcp.security.update.ui.PromptVerificationListener
com.ibm.rcp.security.update/EXPIRED_SIGNATURE_POLICY=ALLOW
com.ibm.rcp.security.update/UNSIGNED_PLUGIN_POLICY=ALLOW
com.ibm.rcp.security.update/UNTRUSTED_SIGNATURE_POLICY=ALLOW

Problem (1)
Signed plugin with self certification is not treated as UNTRUSTED but UNSIGNED.
Install the plugin is failed in the case of following settings:
com.ibm.rcp.security.update/EXPIRED_SIGNATURE_POLICY=ALLOW
com.ibm.rcp.security.update/UNSIGNED_PLUGIN_POLICY=DENY
com.ibm.rcp.security.update/UNTRUSTED_SIGNATURE_POLICY=ALLOW


Problem (2)
EXPIRED_SIGNATURE_POLICY can't work properly.

The plugin is installed even it is expired in the case of following settings:
com.ibm.rcp.security.update/EXPIRED_SIGNATURE_POLICY=DENY
com.ibm.rcp.security.update/UNSIGNED_PLUGIN_POLICY=ALLOW
com.ibm.rcp.security.update/UNTRUSTED_SIGNATURE_POLICY=ALLOW

I wonder if these are problem about verificationLister.

Best regards,
Akio






Signed Plugin (Akio Motoki 25.May.10)
. . RE: Signed Plugin (Brian Lillie 26.May.10)
. . . . RE: Signed Plugin (Akio Motoki 27.May.10)





  Document options
Print this pagePrint this page

 Search this forum

  Forum views and search
Date (threaded)
Date (flat)
With excerpt
Author
Category
Platform
Release
Advanced search

 Sign In or Register
Sign in
Forgot your password?
Forgot your user name?
Create new registration

 RSS feedsRSS
All forum posts RSS
All main topics RSS
More Lotus RSS feeds

Resources

 Resources
Forum use and etiquette
Native Notes Access
Web site Feedback

Lotus Support

 Lotus Support
 IBM Support Portal - Lotus software
Lotus Support documents
Lotus support by product
Lotus support downloads
Lotus support RSS feeds

Wikis

 Wikis
 IBM Composite Applications
IBM Mashup Center
IBM Connections
IBM Docs
IBM Forms
IBM Mobile Connect
IBM Sametime
IBM SmartCloud for Social Business
IBM Web Experience Factory
Lotus Domino
Lotus Domino Designer
Lotus Expeditor
Lotus Foundations
Lotus iNotes
Lotus Instructor Community Courseware
Lotus Notes
Lotus Notes & Domino Application Development
Lotus Notes Traveler
Lotus Protector
Lotus Quickr
Lotus Symphony
IBM Web Content Manager
WebSphere Portal

Lotus Forums


 Lotus Forums
Notes/Domino 9.0
Notes/Domino 8.5 + Traveler
Notes/Domino XPages development forum
Notes/Domino 8
Notes/Domino 6 and 7
Notes/Domino 4 and 5
IBM Connections
IBM Forms
IBM Mobile Connect
IBM Sametime
IBM SmartCloud Notes
IBM SmartCloud Meetings
IBM Web Content Manager
Lotus Domino Document Manager
Lotus e-learning
Lotus Enterprise Integration
Lotus Expeditor
Lotus Protector
Lotus Quickr
Lotus SmartSuite
Lotus Symphony
Lotus Symphony Developer Toolkit Support
Lotus Workflow