Details
-
New Feature
-
Status: Open
-
Major
-
Resolution: Unresolved
-
None
-
None
-
None
Description
It should have a possibilty to lock a Karaf instance to only accept bundles that are signed / encrypted with a predefined key.
This would allow a certain protection for the deployed bundles and application as not any user code can be deployed but only certified one.
Definition of Done:
We are able to configure a Karaf instance with a key / certificate and it then only accepts bundles that are signed / encrypted with a suitable key / certificate.
There was a short discussion about the matter in the Slack channel with JB0000000000001 and cschneider on 09/26/19 in #karaf:
Christian Schneider 15:33 You might experiment with a hook that only allows signed bundles. So at least you can implement a mandatory code check as you can control the signing Julian Feinauer 15:34 @Christian Schneider Is there already an implementation for that? For this sign checking stuff This would fit nicely into the karaf ecosystem JB Onofré 15:37 @Julian Feinauer we have this, but not in Karaf directly @Julian Feinauer it could be part of the security/encryption feature