building secure osgi applications - cwiki.apache.org€¦ · luminis agenda • introduction to...
TRANSCRIPT
![Page 1: Building Secure OSGi Applications - cwiki.apache.org€¦ · luminis Agenda • Introduction to OSGi layers and Security • Java and OSGi Security • Enabling Security in Equinox](https://reader035.vdocuments.mx/reader035/viewer/2022070711/5ec827f969ee91782538aac8/html5/thumbnails/1.jpg)
luminis
Building Secure OSGi ApplicationsKarl PaulsMarcel Offermans
![Page 2: Building Secure OSGi Applications - cwiki.apache.org€¦ · luminis Agenda • Introduction to OSGi layers and Security • Java and OSGi Security • Enabling Security in Equinox](https://reader035.vdocuments.mx/reader035/viewer/2022070711/5ec827f969ee91782538aac8/html5/thumbnails/2.jpg)
luminis
Who are we?
image © 2008 Google Earth
![Page 3: Building Secure OSGi Applications - cwiki.apache.org€¦ · luminis Agenda • Introduction to OSGi layers and Security • Java and OSGi Security • Enabling Security in Equinox](https://reader035.vdocuments.mx/reader035/viewer/2022070711/5ec827f969ee91782538aac8/html5/thumbnails/3.jpg)
luminis
Who are we?
• Karl Pauls
• Marcel Offermans
image © 2008 Google Earth
![Page 4: Building Secure OSGi Applications - cwiki.apache.org€¦ · luminis Agenda • Introduction to OSGi layers and Security • Java and OSGi Security • Enabling Security in Equinox](https://reader035.vdocuments.mx/reader035/viewer/2022070711/5ec827f969ee91782538aac8/html5/thumbnails/4.jpg)
luminis
Who are we?
• Karl Pauls
• Marcel Offermans
EnschedeArnhem
image © 2008 Google Earth
![Page 5: Building Secure OSGi Applications - cwiki.apache.org€¦ · luminis Agenda • Introduction to OSGi layers and Security • Java and OSGi Security • Enabling Security in Equinox](https://reader035.vdocuments.mx/reader035/viewer/2022070711/5ec827f969ee91782538aac8/html5/thumbnails/5.jpg)
luminis
Agenda
• Introduction to OSGi layers and Security
• Java and OSGi Security
• Enabling Security in Equinox and Apache Felix
• PermissionAdmin and OSGi specific permissions
• ConditionalPermissionAdmin
• Signed Bundles and Local Permissions
• Custom and postponed conditions
![Page 6: Building Secure OSGi Applications - cwiki.apache.org€¦ · luminis Agenda • Introduction to OSGi layers and Security • Java and OSGi Security • Enabling Security in Equinox](https://reader035.vdocuments.mx/reader035/viewer/2022070711/5ec827f969ee91782538aac8/html5/thumbnails/6.jpg)
luminis
Agenda
• Introduction to OSGi layers and Security
• Java and OSGi Security
• Enabling Security in Equinox and Apache Felix
• PermissionAdmin and OSGi specific permissions
• ConditionalPermissionAdmin
• Signed Bundles and Local Permissions
• Custom and postponed conditions
![Page 7: Building Secure OSGi Applications - cwiki.apache.org€¦ · luminis Agenda • Introduction to OSGi layers and Security • Java and OSGi Security • Enabling Security in Equinox](https://reader035.vdocuments.mx/reader035/viewer/2022070711/5ec827f969ee91782538aac8/html5/thumbnails/7.jpg)
luminis
OSGi today
OSGi technology is the dynamic module system for Java™
OSGi technology is Universal Middleware.
OSGi technology provides a service-oriented, component-based environment for developers and offers standardized ways to manage the software lifecycle. These capabilities greatly increase the value of a wide range of computers and devices that use the Java™ platform.
![Page 8: Building Secure OSGi Applications - cwiki.apache.org€¦ · luminis Agenda • Introduction to OSGi layers and Security • Java and OSGi Security • Enabling Security in Equinox](https://reader035.vdocuments.mx/reader035/viewer/2022070711/5ec827f969ee91782538aac8/html5/thumbnails/8.jpg)
luminis
OSGi Specification
!"#$%"&'($)&%*+,-./'0"&'($)&%1/02&34$5067&%!"#$%8++$,3)&
9&+&,:&%;<%=&':$/3%;>?82'$+%@AAB
OSGi Alliance
Digitally signed by OSGi Alliance DN: cn=OSGi Alliance, c=US Date: 2007.02.22 14:44:10 + 01'00'
Signatu re Not Verified
!"#$%"&'($)&%*+,-./'01/'&%"2&)$.$),-$/345&%!"#$%6++$,3)&
7&+&,8&%9:%;&'8$/3%9<=62'$+%>??@
OSGi Alliance
Digitally signed by OSGi Alliance DN: cn=OSGi Alliance, c=US Date: 2007.02.22 14:45:47 + 01'00'
Signatur e Not Verified
![Page 9: Building Secure OSGi Applications - cwiki.apache.org€¦ · luminis Agenda • Introduction to OSGi layers and Security • Java and OSGi Security • Enabling Security in Equinox](https://reader035.vdocuments.mx/reader035/viewer/2022070711/5ec827f969ee91782538aac8/html5/thumbnails/9.jpg)
luminis
OSGi Framework Layering
SERVICE MODEL
MODULE
LIFECYCLE
ExecutionEnvironment
L3 - Provides a publish/find/bind service model to decouple bundles
L2 - Manages the life cycle of a bundle in a framework without requiring the vm to be restarted
L1 - Creates the concept of a module (aka. bundles) that use classes from each other in a controlled way according to system and bundle constraints
L0 - OSGi Minimum Execution EnvironmentCDC/FoundationJavaSE
![Page 10: Building Secure OSGi Applications - cwiki.apache.org€¦ · luminis Agenda • Introduction to OSGi layers and Security • Java and OSGi Security • Enabling Security in Equinox](https://reader035.vdocuments.mx/reader035/viewer/2022070711/5ec827f969ee91782538aac8/html5/thumbnails/10.jpg)
luminis
Module Layer (1/3)
• Unit of deploymentis the bundle i.e., a JAR
• Separate class loaderper bundle
• Class loader graph
• Independent namespaces
• Class sharing at the Java package level
![Page 11: Building Secure OSGi Applications - cwiki.apache.org€¦ · luminis Agenda • Introduction to OSGi layers and Security • Java and OSGi Security • Enabling Security in Equinox](https://reader035.vdocuments.mx/reader035/viewer/2022070711/5ec827f969ee91782538aac8/html5/thumbnails/11.jpg)
luminis
Module Layer (1/3)
• Unit of deploymentis the bundle i.e., a JAR
• Separate class loaderper bundle
• Class loader graph
• Independent namespaces
• Class sharing at the Java package level
Module
ModuleBundle Bundle Bundle
org.apache.utils 1.0
org.apache.utils 1.1org.apache.log 2.3
org.apache.db 1.4
Bundle
exports
imports
exports
imports
exports
exports
![Page 12: Building Secure OSGi Applications - cwiki.apache.org€¦ · luminis Agenda • Introduction to OSGi layers and Security • Java and OSGi Security • Enabling Security in Equinox](https://reader035.vdocuments.mx/reader035/viewer/2022070711/5ec827f969ee91782538aac8/html5/thumbnails/12.jpg)
luminis
Module Layer (2/3)
• Multi-version support
• i.e., side-by-side versions
• Explicit code boundaries and dependencies
• i.e., package imports and exports
• Support for various sharing policies
• i.e., arbitrary version range support
• Arbitrary export/import attributes
• Influence package selection Module
![Page 13: Building Secure OSGi Applications - cwiki.apache.org€¦ · luminis Agenda • Introduction to OSGi layers and Security • Java and OSGi Security • Enabling Security in Equinox](https://reader035.vdocuments.mx/reader035/viewer/2022070711/5ec827f969ee91782538aac8/html5/thumbnails/13.jpg)
luminis
Module Layer (3/3)
• Sophisticated class space consistency model
• Ensures code constraints are not violated
• Package filtering for fine-grained class visibility
• Exporters may include/exclude specific classes from exported package
• Bundle fragments
• A single logical module in multiple physical bundles
• Bundle dependencies
• Allows for tight coupling when required Module
![Page 14: Building Secure OSGi Applications - cwiki.apache.org€¦ · luminis Agenda • Introduction to OSGi layers and Security • Java and OSGi Security • Enabling Security in Equinox](https://reader035.vdocuments.mx/reader035/viewer/2022070711/5ec827f969ee91782538aac8/html5/thumbnails/14.jpg)
luminis
Life-cycle Layer
• Managed life cycle
• States for each bundle;
• Allows updates of existing bundles.
• Dynamically install, start, update, and uninstall
Module
![Page 15: Building Secure OSGi Applications - cwiki.apache.org€¦ · luminis Agenda • Introduction to OSGi layers and Security • Java and OSGi Security • Enabling Security in Equinox](https://reader035.vdocuments.mx/reader035/viewer/2022070711/5ec827f969ee91782538aac8/html5/thumbnails/15.jpg)
luminis
Life-cycle Layer
• Managed life cycle
• States for each bundle;
• Allows updates of existing bundles.
• Dynamically install, start, update, and uninstall
Life-cycle
Life-cycle
start
end
installedinstall
startingstart
stopping stop
activeresolved
uninstalled
uninstall
Module
![Page 16: Building Secure OSGi Applications - cwiki.apache.org€¦ · luminis Agenda • Introduction to OSGi layers and Security • Java and OSGi Security • Enabling Security in Equinox](https://reader035.vdocuments.mx/reader035/viewer/2022070711/5ec827f969ee91782538aac8/html5/thumbnails/16.jpg)
luminis
Service Layer
• OSGi framework promotes service oriented interaction pattern among bundles
Service Provider
Service Requester
Service Registry
interact
publish find
Life-cycle
Module
![Page 17: Building Secure OSGi Applications - cwiki.apache.org€¦ · luminis Agenda • Introduction to OSGi layers and Security • Java and OSGi Security • Enabling Security in Equinox](https://reader035.vdocuments.mx/reader035/viewer/2022070711/5ec827f969ee91782538aac8/html5/thumbnails/17.jpg)
luminis
Service Layer
• OSGi framework promotes service oriented interaction pattern among bundles
Service
Service
Log Database
Bundle Bundle Bundle
publish useuse
publish
Bundle
Prefs
publish
use
Service Provider
Service Requester
Service Registry
interact
publish find
Life-cycle
Module
![Page 18: Building Secure OSGi Applications - cwiki.apache.org€¦ · luminis Agenda • Introduction to OSGi layers and Security • Java and OSGi Security • Enabling Security in Equinox](https://reader035.vdocuments.mx/reader035/viewer/2022070711/5ec827f969ee91782538aac8/html5/thumbnails/18.jpg)
luminis
Security
• Optional Security Layer based on Java permissions
• Infrastructure to define, deploy, and manage fine-grained application permissions
• Code authenticated by location or signer
• Well defined API to manage permissions
• PermissionAdmin
• ConditionalPermissionAdmin
Security
Module
Life-cycle
Service
![Page 19: Building Secure OSGi Applications - cwiki.apache.org€¦ · luminis Agenda • Introduction to OSGi layers and Security • Java and OSGi Security • Enabling Security in Equinox](https://reader035.vdocuments.mx/reader035/viewer/2022070711/5ec827f969ee91782538aac8/html5/thumbnails/19.jpg)
luminis
Agenda
• Introduction to OSGi layers and Security
• Java and OSGi Security
• Enabling Security in Equinox and Apache Felix
• PermissionAdmin and OSGi specific permissions
• ConditionalPermissionAdmin
• Signed Bundles and Local Permissions
• Custom and postponed conditions
![Page 20: Building Secure OSGi Applications - cwiki.apache.org€¦ · luminis Agenda • Introduction to OSGi layers and Security • Java and OSGi Security • Enabling Security in Equinox](https://reader035.vdocuments.mx/reader035/viewer/2022070711/5ec827f969ee91782538aac8/html5/thumbnails/20.jpg)
luminis
Security Concepts Overview
• OSGi uses codebased security following the Java Security Model
• Makes use of Protection Domain
• The stack walk based Permission Check
• Signed bundles
• User based security is supported by the UserAdmin service but not integrated in the standard permission check as with JAAS
• Additionally, PermissionAdmin and ConditionalPermissionAdmin provide sophisticated management infrastructure
![Page 21: Building Secure OSGi Applications - cwiki.apache.org€¦ · luminis Agenda • Introduction to OSGi layers and Security • Java and OSGi Security • Enabling Security in Equinox](https://reader035.vdocuments.mx/reader035/viewer/2022070711/5ec827f969ee91782538aac8/html5/thumbnails/21.jpg)
luminis
Protection Domain
• Encapsulates characteristics of a domain
• One protection domain per bundle
• Encloses a set of classes whose instances are granted a set of permissions
• Set of permissions associated with each bundle
• Permission check consults all protection domains on the stack
![Page 22: Building Secure OSGi Applications - cwiki.apache.org€¦ · luminis Agenda • Introduction to OSGi layers and Security • Java and OSGi Security • Enabling Security in Equinox](https://reader035.vdocuments.mx/reader035/viewer/2022070711/5ec827f969ee91782538aac8/html5/thumbnails/22.jpg)
luminis
Permission Check
• Invoked either by call to SecurityManager.check* or AccessController.checkPermission
• SecurityManager is old way to do it
• OSGi requires usage of the SecurityManager for full functionality
• Privileged calls used to cut off stack walk
• Disregard code on the stack earlier then the latest privileged call.
• Merges context of parent thread as well
![Page 23: Building Secure OSGi Applications - cwiki.apache.org€¦ · luminis Agenda • Introduction to OSGi layers and Security • Java and OSGi Security • Enabling Security in Equinox](https://reader035.vdocuments.mx/reader035/viewer/2022070711/5ec827f969ee91782538aac8/html5/thumbnails/23.jpg)
luminis
Algorithm
AccessController.checkPermission(Permission p)
A.class
C.class
B.class
D.class
Protection Domain:Bundle A
Protection Domain:Bundle B
![Page 24: Building Secure OSGi Applications - cwiki.apache.org€¦ · luminis Agenda • Introduction to OSGi layers and Security • Java and OSGi Security • Enabling Security in Equinox](https://reader035.vdocuments.mx/reader035/viewer/2022070711/5ec827f969ee91782538aac8/html5/thumbnails/24.jpg)
luminis
Algorithm
AccessController.checkPermission(Permission p)
A.class
C.class
B.class
D.class
E.class
Protection Domain:Bundle A
Protection Domain:Bundle B
![Page 25: Building Secure OSGi Applications - cwiki.apache.org€¦ · luminis Agenda • Introduction to OSGi layers and Security • Java and OSGi Security • Enabling Security in Equinox](https://reader035.vdocuments.mx/reader035/viewer/2022070711/5ec827f969ee91782538aac8/html5/thumbnails/25.jpg)
luminis
Algorithm
AccessController.checkPermission(Permission p)
A.class
C.class
B.class
D.class
E.class
Protection Domain:Bundle A
Protection Domain:Bundle B
Privileged Call
![Page 26: Building Secure OSGi Applications - cwiki.apache.org€¦ · luminis Agenda • Introduction to OSGi layers and Security • Java and OSGi Security • Enabling Security in Equinox](https://reader035.vdocuments.mx/reader035/viewer/2022070711/5ec827f969ee91782538aac8/html5/thumbnails/26.jpg)
luminis
Algorithm
AccessController.checkPermission(Permission p)
A.class
C.class
B.class
D.class
E.class
Protection Domain:Bundle A
Protection Domain:Bundle B
Privileged Call
![Page 27: Building Secure OSGi Applications - cwiki.apache.org€¦ · luminis Agenda • Introduction to OSGi layers and Security • Java and OSGi Security • Enabling Security in Equinox](https://reader035.vdocuments.mx/reader035/viewer/2022070711/5ec827f969ee91782538aac8/html5/thumbnails/27.jpg)
luminis
Algorithm
AccessController.checkPermission(Permission p)
A.class
C.class
B.class
D.class
E.class
Protection Domain:Bundle A
Protection Domain:Bundle B
Privileged Call
PermissionsA
![Page 28: Building Secure OSGi Applications - cwiki.apache.org€¦ · luminis Agenda • Introduction to OSGi layers and Security • Java and OSGi Security • Enabling Security in Equinox](https://reader035.vdocuments.mx/reader035/viewer/2022070711/5ec827f969ee91782538aac8/html5/thumbnails/28.jpg)
luminis
Algorithm
AccessController.checkPermission(Permission p)
A.class
C.class
B.class
D.class
E.class
Protection Domain:Bundle A
Protection Domain:Bundle B
Privileged Call
PermissionsA
PermissionsB
![Page 29: Building Secure OSGi Applications - cwiki.apache.org€¦ · luminis Agenda • Introduction to OSGi layers and Security • Java and OSGi Security • Enabling Security in Equinox](https://reader035.vdocuments.mx/reader035/viewer/2022070711/5ec827f969ee91782538aac8/html5/thumbnails/29.jpg)
luminis
Algorithm
AccessController.checkPermission(Permission p)
A.class
C.class
B.class
D.class
E.class
Protection Domain:Bundle A
Protection Domain:Bundle B
Privileged Call
PermissionsA
PermissionsB
![Page 30: Building Secure OSGi Applications - cwiki.apache.org€¦ · luminis Agenda • Introduction to OSGi layers and Security • Java and OSGi Security • Enabling Security in Equinox](https://reader035.vdocuments.mx/reader035/viewer/2022070711/5ec827f969ee91782538aac8/html5/thumbnails/30.jpg)
luminis
Algorithm
AccessController.checkPermission(Permission p)
A.class
C.class
B.class
D.class
E.class
Protection Domain:Bundle A
Protection Domain:Bundle B
Privileged Call
PermissionsA
PermissionsB
![Page 31: Building Secure OSGi Applications - cwiki.apache.org€¦ · luminis Agenda • Introduction to OSGi layers and Security • Java and OSGi Security • Enabling Security in Equinox](https://reader035.vdocuments.mx/reader035/viewer/2022070711/5ec827f969ee91782538aac8/html5/thumbnails/31.jpg)
luminis
Algorithm
AccessController.checkPermission(Permission p)
A.class
C.class
B.class
D.class
E.class
Protection Domain:Bundle A
Protection Domain:Bundle B
Privileged Call if (!(PermissionsA.implies(p) && PermissionsB.implies(p))
{throw new SecurityException();
}
PermissionsA
PermissionsB
![Page 32: Building Secure OSGi Applications - cwiki.apache.org€¦ · luminis Agenda • Introduction to OSGi layers and Security • Java and OSGi Security • Enabling Security in Equinox](https://reader035.vdocuments.mx/reader035/viewer/2022070711/5ec827f969ee91782538aac8/html5/thumbnails/32.jpg)
luminis
Deployment Topology
• Management Agent, responsible for:
• life cycle management of the framework
• security
• Can use SynchronousBundleListener for on the fly configuration
OSGi framework
Provisioning Server
OBR ma
na
ge
me
nt
ag
en
t
bu
nd
le A
bu
nd
le B
bu
nd
le C
![Page 33: Building Secure OSGi Applications - cwiki.apache.org€¦ · luminis Agenda • Introduction to OSGi layers and Security • Java and OSGi Security • Enabling Security in Equinox](https://reader035.vdocuments.mx/reader035/viewer/2022070711/5ec827f969ee91782538aac8/html5/thumbnails/33.jpg)
luminis
Agenda
• Introduction to OSGi layers and Security
• Java and OSGi Security
• Enabling Security in Equinox and Apache Felix
• PermissionAdmin and OSGi specific permissions
• ConditionalPermissionAdmin
• Signed Bundles and Local Permissions
• Custom and postponed conditions
![Page 34: Building Secure OSGi Applications - cwiki.apache.org€¦ · luminis Agenda • Introduction to OSGi layers and Security • Java and OSGi Security • Enabling Security in Equinox](https://reader035.vdocuments.mx/reader035/viewer/2022070711/5ec827f969ee91782538aac8/html5/thumbnails/34.jpg)
luminis
Enable Security: Equinox
• Properties for security manager, keystore, signed bundles support
• -Djava.security.manager=""
• -Dosgi.framework.keystore=file:lib/keystore.ks
• -Dosgi.signedcontent.support=true
• Java Security Policy must give AllPermission
• -Djava.security.policy=all.policy
• grant { permission java.lang.AllPermission };
![Page 35: Building Secure OSGi Applications - cwiki.apache.org€¦ · luminis Agenda • Introduction to OSGi layers and Security • Java and OSGi Security • Enabling Security in Equinox](https://reader035.vdocuments.mx/reader035/viewer/2022070711/5ec827f969ee91782538aac8/html5/thumbnails/35.jpg)
luminis
Enable Security: Equinox
• Properties for security manager, keystore, signed bundles support
• -Djava.security.manager=""
• -Dosgi.framework.keystore=file:lib/keystore.ks
• -Dosgi.signedcontent.support=true
• Java Security Policy must give AllPermission
• -Djava.security.policy=all.policy
• grant { permission java.lang.AllPermission };
java -Djava.security.manager="" -Djava.security.policy=all.policy \ -Dosgi.framework.keystore=file:keystore.ks -Dosgi.signedcontent.support=true -jar org.eclipse.equinox.launcher.jar -noExit
![Page 36: Building Secure OSGi Applications - cwiki.apache.org€¦ · luminis Agenda • Introduction to OSGi layers and Security • Java and OSGi Security • Enabling Security in Equinox](https://reader035.vdocuments.mx/reader035/viewer/2022070711/5ec827f969ee91782538aac8/html5/thumbnails/36.jpg)
luminis
Enable Security: Felix
• Felix security is still experimental
• Not all permission checks implemented
• Configuration and documentation needs improvements
• Properties for security manager, keystore, keystore password, keystore type
• Java Security Policy must give AllPermission
• -Djava.security.policy=all.policy
• grant { permission java.lang.AllPermission };
![Page 37: Building Secure OSGi Applications - cwiki.apache.org€¦ · luminis Agenda • Introduction to OSGi layers and Security • Java and OSGi Security • Enabling Security in Equinox](https://reader035.vdocuments.mx/reader035/viewer/2022070711/5ec827f969ee91782538aac8/html5/thumbnails/37.jpg)
luminis
Enable Security: Felix
• Felix security is still experimental
• Not all permission checks implemented
• Configuration and documentation needs improvements
• Properties for security manager, keystore, keystore password, keystore type
• Java Security Policy must give AllPermission
• -Djava.security.policy=all.policy
• grant { permission java.lang.AllPermission };
java -Djava.security.manager -Djava.security.policy=all.policy -Dfelix.keystore=keystore.ks -Dfelix.keystore.pass=luminis -jar felix.jar
![Page 38: Building Secure OSGi Applications - cwiki.apache.org€¦ · luminis Agenda • Introduction to OSGi layers and Security • Java and OSGi Security • Enabling Security in Equinox](https://reader035.vdocuments.mx/reader035/viewer/2022070711/5ec827f969ee91782538aac8/html5/thumbnails/38.jpg)
luminis
Example - Running Secure
public class Activator implements BundleActivator { public void start(BundleContext context) throws Exception { // Check for a security manager SecurityManager sm = System.getSecurityManager(); if (sm == null) { throw new BundleException("No SecurityManager installed"); } // Check for AllPermission sm.checkPermission(new AllPermission()); }
public void stop(BundleContext context) throws Exception { }}
![Page 39: Building Secure OSGi Applications - cwiki.apache.org€¦ · luminis Agenda • Introduction to OSGi layers and Security • Java and OSGi Security • Enabling Security in Equinox](https://reader035.vdocuments.mx/reader035/viewer/2022070711/5ec827f969ee91782538aac8/html5/thumbnails/39.jpg)
luminis
Agenda
• Introduction to OSGi layers and Security
• Java and OSGi Security
• Enabling Security in Equinox and Apache Felix
• PermissionAdmin and OSGi specific permissions
• ConditionalPermissionAdmin
• Signed Bundles and Local Permissions
• Custom and postponed conditions
![Page 40: Building Secure OSGi Applications - cwiki.apache.org€¦ · luminis Agenda • Introduction to OSGi layers and Security • Java and OSGi Security • Enabling Security in Equinox](https://reader035.vdocuments.mx/reader035/viewer/2022070711/5ec827f969ee91782538aac8/html5/thumbnails/40.jpg)
luminis
Permission Admin (1/3)
• Old (pre 4.0) way of managing permissions
• Provides information about current permissions
• Allows a management agent to set permissions per bundle
• Permissions are based on bundle locations with a fallback to a set of default permissions
![Page 41: Building Secure OSGi Applications - cwiki.apache.org€¦ · luminis Agenda • Introduction to OSGi layers and Security • Java and OSGi Security • Enabling Security in Equinox](https://reader035.vdocuments.mx/reader035/viewer/2022070711/5ec827f969ee91782538aac8/html5/thumbnails/41.jpg)
luminis
PermissionAdmin (2/3)!"#$%&&%'()*+$%()&"#,%-") !"#$%&&%'()*+$%()."#,%-")./"-%0%-12%'()3"#&%'()456
67896:; <.=%)."#,%-")!>120'#$)?">"1&")8
!"#$%&'()*+, -./00'1"/#%/2'3%#*30#"*0&%4"5&*6&%2"00"37/82"7*'
!"#!#$ %&'()*+,-
!"#$%&'(#)*&+$(',-.',-/$'$�*/,.*&1$*2$0#&(,//,*-/3$!"#/#$0#&(,//,*-/$
'&#$/.*$5-4#&$."#$65-47#$7*8'.,*-$/.&,-93$:/,-9$."#$65-47#$7*8'.,*-$
'77*)/$."#$0#&(,//,*-/$.*$6#$/#.$9&:3%&$'$65-47#$,/$4*)-7*'4#43$!"#$%&'(#;
)*&+$(5/.$8*-/57.$.",/$�*/,.*&1$)"#-$,.$-##4/$."#$0#&(,//,*-/$*2$'$65-;
47#3$<"#-$-*$/0#8,2,8$0#&(,//,*-/$'&#$/#.=$."#$65-47#$(5/.$5/#$."#$4#2'57.$
0#&(,//,*-/3$>2$-*$4#2'57.$,/$/#.=$."#$65-47#$(5/.$5/#$
!"#"$%&'()*+, $-. ./&)0*%%*12 3$>2$."#$4#2'57.$0#&(,//,*-/$'&#$8"'-9#4=$'$65-;
47#$),."$-*$/0#8,2,8$0#&(,//,*-/$(5/.$,((#4,'.#71$/.'&.$5/,-9$."#$-#)$
4#2'57.$0#&(,//,*-/3
!"#$?#&(,//,*-$@4(,-$/#&A,8#$,/$	,/.#$61$."#$%&'(#)*&+B/$/1/.#($65-;
47#$5-4#&$."#$1)3$1%3 *$%&)#*'& $4&)0*%% *12"50*2$/&)0*%%*12-50*2 $,-.#&;
2'8#3$!",/$,/$'-$*0.,*-'7$/,-97#.*-$/#&A,8#=$/*$'.$(*/.$*-#$?#&(,//,*-$@4(,-$
/#&A,8#$,/$	,/.#$'.$'-1$(*(#-.$,-$.,(#3
!"#$?#&(,//,*-$@4(,-$/#&A,8#$0&*A,4#/$'88#//$.*$."#$0#&(,//,*-$�*/,.*&13$
@$C'-'9#(#-.$@9#-.$8'-$9#.=$/#.=$504'.#=$'-4$4#7#.#$0#&(,//,*-/$2&*($.",/$
�*/,.*&13$@$C'-'9#(#-.$@9#-.$8'-$'7/*$5/#$'$
6,2'7)121(%8(25.&9*%+&2&) $*6D#8.$.*$/#.$."#$0#&(,//,*-/$45&,-9$."#$,-/.'7;
7'.,*-$*&$504'.,-9$*2$'$65-47#3
!"#. /'(0+11+,-2340+-21'(5+6'
!"#$?#&(,//,*-$@4(,-$/#&A,8#$-##4/$.*$('-,057'.#$."#$4#2'57.$0#&(,//,*-/$
'-4$."#$0#&(,//,*-/$'//*8,'.#4$),."$'$/0#8,2,8$65-47#3$!"#$4#2'57.$0#&(,/;
/,*-/$'-4$."#$65-47#;/0#8,2,8$0#&(,//,*-/$'&#$/.*$0#&/,/.#-.713$>.$,/$0*//,;
67#$.*$/#.$'$65-47#B/$0#&(,//,*-/$6#2*&#$."#$65-47#$,/$,-/.'77#4$,-$."#$
%&'(#)*&+$6#8'5/#$."#$65-47#B/$7*8'.,*-$,/$5/#4$.*$/#.$."#$65-47#B/$0#&(,/;
/,*-/3
!"#$('-,057'.,*-$*2$'$65-47#B/$0#&(,//,*-/=$"*)#A#&=$('1$'7/*$6#$4*-#$,-$
&#'7$.,(#$)"#-$'$65-47#$,/$4*)-7*'4#4$*&$D5/.$6#2*&#$."#$65-47#$,/$4*)-;
7*'4#43$!*$/500*&.$.",/$27#E,6,7,.1=$'$6,2'7)121(%8(25.&9*%+&2&) $*6D#8.$('1$
6#$5/#4$61$'$C'-'9#(#-.$@9#-.$.*$4#.#8.$."#$,-/.'77'.,*-$*&$504'.#$*2$'$
65-47#=$'-4$/#.$."#$&#F5,$0#&(,//,*-/$6#2*&#$."#$,-/.'77'.,*-$8*(07#.#/3
?#&(,//,*-/$'&#$'8.,A'.#4$6#2*&#$."#$2,&/.$.,(#$'$0#&(,//,*-$8"#8+$2*&$'$65-;
47#$,/$0#&2*&(#43$!",/$(#'-/$."'.$,2$'$65-47#$"'/$*0#-#4$'$2,7#=$.",/$2,7#$(5/.$
&#(',-$5/'67#$#A#-$,2$."#$0#&(,//,*-$.*$*0#-$."'.$2,7#$,/$&#(*A#4$'.$'$7'.#&$
.,(#3
::*2+&);"'&<</'(0+11+,-340+-
::'."%%<</'(0+11+,-7-8,
@55(4
!"#"$%&'()*+,$/&)0*%%*12
-'(&2#A-2&
4
4
BA(+>")>'-12%'(
![Page 42: Building Secure OSGi Applications - cwiki.apache.org€¦ · luminis Agenda • Introduction to OSGi layers and Security • Java and OSGi Security • Enabling Security in Equinox](https://reader035.vdocuments.mx/reader035/viewer/2022070711/5ec827f969ee91782538aac8/html5/thumbnails/42.jpg)
luminis
PermissionAdmin (3/3)
• Relative FilePermissions are assumed to be relative to the bundle storage area
• All permission changes need AllPermission
• the first thing a management agent has to do is give itself AllPermission
• If ConditionalPermissionAdmin is present (as is the case in our environment) then default permissions are ignored unless the ConditionalPermissionAdmin has not been set-up with at least one entry
![Page 43: Building Secure OSGi Applications - cwiki.apache.org€¦ · luminis Agenda • Introduction to OSGi layers and Security • Java and OSGi Security • Enabling Security in Equinox](https://reader035.vdocuments.mx/reader035/viewer/2022070711/5ec827f969ee91782538aac8/html5/thumbnails/43.jpg)
luminis
PermissionInfo
• Permission representation used
• Encapsulates three pieces of information
• type - class name of the permission
• name - name argument of the permission
• actions - actions argument of the permission
![Page 44: Building Secure OSGi Applications - cwiki.apache.org€¦ · luminis Agenda • Introduction to OSGi layers and Security • Java and OSGi Security • Enabling Security in Equinox](https://reader035.vdocuments.mx/reader035/viewer/2022070711/5ec827f969ee91782538aac8/html5/thumbnails/44.jpg)
luminis
PermissionInfo
• Permission representation used
• Encapsulates three pieces of information
• type - class name of the permission
• name - name argument of the permission
• actions - actions argument of the permission
new PermissionInfo(AdminPermission.class.getName(), "(id=10)", AdminPermission.EXECUTE);
![Page 45: Building Secure OSGi Applications - cwiki.apache.org€¦ · luminis Agenda • Introduction to OSGi layers and Security • Java and OSGi Security • Enabling Security in Equinox](https://reader035.vdocuments.mx/reader035/viewer/2022070711/5ec827f969ee91782538aac8/html5/thumbnails/45.jpg)
luminis
Example
PermissionAdmin admin = getPermissionAdmin();
admin.setPermissions(context.getBundle().getLocation(), new PermissionInfo[]{new PermissionInfo(
AllPermission.class.getName(), "", "")});
PermissionInfo[] previous = admin.getDefaultPermissions();
admin.setDefaultPermissions(new PermissionInfo[0]);
// unsetadmin.setDefaultPermissions(previous);
![Page 46: Building Secure OSGi Applications - cwiki.apache.org€¦ · luminis Agenda • Introduction to OSGi layers and Security • Java and OSGi Security • Enabling Security in Equinox](https://reader035.vdocuments.mx/reader035/viewer/2022070711/5ec827f969ee91782538aac8/html5/thumbnails/46.jpg)
luminis
Agenda
• Introduction to OSGi layers and Security
• Java and OSGi Security
• Enabling Security in Equinox and Apache Felix
• PermissionAdmin and OSGi specific permissions
• ConditionalPermissionAdmin
• Signed Bundles and Local Permissions
• Custom and postponed conditions
![Page 47: Building Secure OSGi Applications - cwiki.apache.org€¦ · luminis Agenda • Introduction to OSGi layers and Security • Java and OSGi Security • Enabling Security in Equinox](https://reader035.vdocuments.mx/reader035/viewer/2022070711/5ec827f969ee91782538aac8/html5/thumbnails/47.jpg)
luminis
OSGi specific permissions
• OSGi specifications define special permissions for framework and service related tasks
• The core framework specification defines:
• AdminPermission - for all framework specific actions
• PackagePermission - for package import and export
• ServicePermission - for service providing and usage
• BundlePermission - for extensions/fragments
• Custom permissions can be used if they have been exported by a bundle or the classpath
![Page 48: Building Secure OSGi Applications - cwiki.apache.org€¦ · luminis Agenda • Introduction to OSGi layers and Security • Java and OSGi Security • Enabling Security in Equinox](https://reader035.vdocuments.mx/reader035/viewer/2022070711/5ec827f969ee91782538aac8/html5/thumbnails/48.jpg)
luminis
PackagePermission
• A bundle‘s authority to import/export a package
• Name is the package as dot-separated string
• Wildcards are supported
• Two actions: EXPORT and IMPORT.
• EXPORT implies IMPORT
![Page 49: Building Secure OSGi Applications - cwiki.apache.org€¦ · luminis Agenda • Introduction to OSGi layers and Security • Java and OSGi Security • Enabling Security in Equinox](https://reader035.vdocuments.mx/reader035/viewer/2022070711/5ec827f969ee91782538aac8/html5/thumbnails/49.jpg)
luminis
PackagePermission
• A bundle‘s authority to import/export a package
• Name is the package as dot-separated string
• Wildcards are supported
• Two actions: EXPORT and IMPORT.
• EXPORT implies IMPORT
Import-Package: net.luminis.pub.foo, net.luminis.barExport-Package: net.luminis.bar
![Page 50: Building Secure OSGi Applications - cwiki.apache.org€¦ · luminis Agenda • Introduction to OSGi layers and Security • Java and OSGi Security • Enabling Security in Equinox](https://reader035.vdocuments.mx/reader035/viewer/2022070711/5ec827f969ee91782538aac8/html5/thumbnails/50.jpg)
luminis
PackagePermission
• A bundle‘s authority to import/export a package
• Name is the package as dot-separated string
• Wildcards are supported
• Two actions: EXPORT and IMPORT.
• EXPORT implies IMPORT
Import-Package: net.luminis.pub.foo, net.luminis.barExport-Package: net.luminis.bar
System.getSecurityManager().checkPermission( new PackagePermission("net.luminis.pub.foo", PackagePermission.IMPORT));System.getSecurityManager().checkPermission( new PackagePermission("net.luminis.bar", PackagePermission.EXPORT));
![Page 51: Building Secure OSGi Applications - cwiki.apache.org€¦ · luminis Agenda • Introduction to OSGi layers and Security • Java and OSGi Security • Enabling Security in Equinox](https://reader035.vdocuments.mx/reader035/viewer/2022070711/5ec827f969ee91782538aac8/html5/thumbnails/51.jpg)
luminis
PackagePermission
• A bundle‘s authority to import/export a package
• Name is the package as dot-separated string
• Wildcards are supported
• Two actions: EXPORT and IMPORT.
• EXPORT implies IMPORT
Import-Package: net.luminis.pub.foo, net.luminis.barExport-Package: net.luminis.bar
new PackagePermission("net.luminis.pub.*", PackagePermission.IMPORT);new PackagePermission("net.luminis.bar", PackagePermission.EXPORT);
System.getSecurityManager().checkPermission( new PackagePermission("net.luminis.pub.foo", PackagePermission.IMPORT));System.getSecurityManager().checkPermission( new PackagePermission("net.luminis.bar", PackagePermission.EXPORT));
![Page 52: Building Secure OSGi Applications - cwiki.apache.org€¦ · luminis Agenda • Introduction to OSGi layers and Security • Java and OSGi Security • Enabling Security in Equinox](https://reader035.vdocuments.mx/reader035/viewer/2022070711/5ec827f969ee91782538aac8/html5/thumbnails/52.jpg)
luminis
ServicePermission
• A bundle‘s authority to register/get a service
• Name is the name of the service interface as a dot separated string
• Wildcards may be used for the classname
• Two Actions: GET and REGISTER
![Page 53: Building Secure OSGi Applications - cwiki.apache.org€¦ · luminis Agenda • Introduction to OSGi layers and Security • Java and OSGi Security • Enabling Security in Equinox](https://reader035.vdocuments.mx/reader035/viewer/2022070711/5ec827f969ee91782538aac8/html5/thumbnails/53.jpg)
luminis
ServicePermission
• A bundle‘s authority to register/get a service
• Name is the name of the service interface as a dot separated string
• Wildcards may be used for the classname
• Two Actions: GET and REGISTER
context.getServiceReference("net.luminis.pub.Foo");context.registerService("net.luminis.pub.Bar", new Bar(), null);
![Page 54: Building Secure OSGi Applications - cwiki.apache.org€¦ · luminis Agenda • Introduction to OSGi layers and Security • Java and OSGi Security • Enabling Security in Equinox](https://reader035.vdocuments.mx/reader035/viewer/2022070711/5ec827f969ee91782538aac8/html5/thumbnails/54.jpg)
luminis
ServicePermission
• A bundle‘s authority to register/get a service
• Name is the name of the service interface as a dot separated string
• Wildcards may be used for the classname
• Two Actions: GET and REGISTER
context.getServiceReference("net.luminis.pub.Foo");context.registerService("net.luminis.pub.Bar", new Bar(), null);
System.getSecurityManager().checkPermission( new ServicePermission("net.luminis.pub.Foo", ServicePermission.GET));System.getSecurityManager().checkPermission( new ServicePermission("net.luminis.pub.Bar", ServicePermission.REGISTER));
![Page 55: Building Secure OSGi Applications - cwiki.apache.org€¦ · luminis Agenda • Introduction to OSGi layers and Security • Java and OSGi Security • Enabling Security in Equinox](https://reader035.vdocuments.mx/reader035/viewer/2022070711/5ec827f969ee91782538aac8/html5/thumbnails/55.jpg)
luminis
ServicePermission
• A bundle‘s authority to register/get a service
• Name is the name of the service interface as a dot separated string
• Wildcards may be used for the classname
• Two Actions: GET and REGISTER
new ServicePermission("net.luminis.pub.*", ServicePermission.GET);new ServicePermission("net.luminis.pub.Bar", ServicePermission.REGISTER);
context.getServiceReference("net.luminis.pub.Foo");context.registerService("net.luminis.pub.Bar", new Bar(), null);
System.getSecurityManager().checkPermission( new ServicePermission("net.luminis.pub.Foo", ServicePermission.GET));System.getSecurityManager().checkPermission( new ServicePermission("net.luminis.pub.Bar", ServicePermission.REGISTER));
![Page 56: Building Secure OSGi Applications - cwiki.apache.org€¦ · luminis Agenda • Introduction to OSGi layers and Security • Java and OSGi Security • Enabling Security in Equinox](https://reader035.vdocuments.mx/reader035/viewer/2022070711/5ec827f969ee91782538aac8/html5/thumbnails/56.jpg)
luminis
BundlePermission
• A bundle‘s authority to require/provide/attach a bundle/fragment
• Name is the bundle symbolic name
• Wildcards may be used
• Four Actions: PROVIDE, REQUIRE, HOST, and FRAGMENT
• PROVIDE implies REQUIRE
![Page 57: Building Secure OSGi Applications - cwiki.apache.org€¦ · luminis Agenda • Introduction to OSGi layers and Security • Java and OSGi Security • Enabling Security in Equinox](https://reader035.vdocuments.mx/reader035/viewer/2022070711/5ec827f969ee91782538aac8/html5/thumbnails/57.jpg)
luminis
AdminPermission (1/3)
• A bundle‘s authority to perform specific privileged administrative operations or get sensitive informations about a bundle.
• Name is a filter expression. The filter gives access to the following parameters:
• signer - A DN chain of bundle signers
• location - The location of a bundle
• id - The bundle ID of the bundle
• name - The symbolic name of a bundle
![Page 58: Building Secure OSGi Applications - cwiki.apache.org€¦ · luminis Agenda • Introduction to OSGi layers and Security • Java and OSGi Security • Enabling Security in Equinox](https://reader035.vdocuments.mx/reader035/viewer/2022070711/5ec827f969ee91782538aac8/html5/thumbnails/58.jpg)
luminis
AdminPermission (2/3)
• There are eleven Actions:
• class - load a class from a bundle
• execute - start/stop bundle and set bundle startlevel
• extensionLifecycle - manage extension bundle
• lifecycle - manage bundle (update/uninstall/etc.)
• listener - add/remove synchronous bundle listeners
• metadata - get manifest and location
• resolve - refresh and resolve a bundle
• resource - get/find resources from a bundle
• startlevel - set startlevel and initial bundle startlevel
• context - get bundle context
![Page 59: Building Secure OSGi Applications - cwiki.apache.org€¦ · luminis Agenda • Introduction to OSGi layers and Security • Java and OSGi Security • Enabling Security in Equinox](https://reader035.vdocuments.mx/reader035/viewer/2022070711/5ec827f969ee91782538aac8/html5/thumbnails/59.jpg)
luminis
AdminPermission (3/3)
context.installBundle("file:bundle.jar").start();
![Page 60: Building Secure OSGi Applications - cwiki.apache.org€¦ · luminis Agenda • Introduction to OSGi layers and Security • Java and OSGi Security • Enabling Security in Equinox](https://reader035.vdocuments.mx/reader035/viewer/2022070711/5ec827f969ee91782538aac8/html5/thumbnails/60.jpg)
luminis
AdminPermission (3/3)
context.installBundle("file:bundle.jar").start();
System.getSecurityManager().checkPermission(new AdminPermission(bundle));
![Page 61: Building Secure OSGi Applications - cwiki.apache.org€¦ · luminis Agenda • Introduction to OSGi layers and Security • Java and OSGi Security • Enabling Security in Equinox](https://reader035.vdocuments.mx/reader035/viewer/2022070711/5ec827f969ee91782538aac8/html5/thumbnails/61.jpg)
luminis
AdminPermission (3/3)
context.installBundle("file:bundle.jar").start();
new AdminPermission( "(&(signer=o=luminis)(name=net.luminis.*)(location=file://*)(id>=10))", AdminPermission.LIFECYCLE + "," + AdminPermission.EXECUTE);
System.getSecurityManager().checkPermission(new AdminPermission(bundle));
![Page 62: Building Secure OSGi Applications - cwiki.apache.org€¦ · luminis Agenda • Introduction to OSGi layers and Security • Java and OSGi Security • Enabling Security in Equinox](https://reader035.vdocuments.mx/reader035/viewer/2022070711/5ec827f969ee91782538aac8/html5/thumbnails/62.jpg)
luminis
Example - Configure Security
admin.setDefaultPermissions(new PermissionInfo[] {
new PermissionInfo(PackagePermission.class.getName(), "*", PackagePermission.IMPORT)
}); admin.setPermissions(context.getBundle(1).getLocation(),
new PermissionInfo[] {new PermissionInfo(AdminPermission.class.getName(), "*", "*"), new PermissionInfo(ServicePermission.class.getName(), "*",
ServicePermission.GET ), new PermissionInfo(ServicePermission.class.getName(), "org.apache.felix.shell.*",
ServicePermission.REGISTER), new PermissionInfo(PackagePermission.class.getName(), "org.apache.felix.shell",
PackagePermission.EXPORT), new PermissionInfo(PropertyPermission.class.getName(), "*", "read"), new PermissionInfo(NetPermission.class.getName(), "specifyStreamHandler", "")};
![Page 63: Building Secure OSGi Applications - cwiki.apache.org€¦ · luminis Agenda • Introduction to OSGi layers and Security • Java and OSGi Security • Enabling Security in Equinox](https://reader035.vdocuments.mx/reader035/viewer/2022070711/5ec827f969ee91782538aac8/html5/thumbnails/63.jpg)
luminis
Agenda
• Introduction to OSGi layers and Security
• Java and OSGi Security
• Enabling Security in Equinox and Apache Felix
• PermissionAdmin and OSGi specific permissions
• ConditionalPermissionAdmin
• Signed Bundles and Local Permissions
• Custom and postponed conditions
![Page 64: Building Secure OSGi Applications - cwiki.apache.org€¦ · luminis Agenda • Introduction to OSGi layers and Security • Java and OSGi Security • Enabling Security in Equinox](https://reader035.vdocuments.mx/reader035/viewer/2022070711/5ec827f969ee91782538aac8/html5/thumbnails/64.jpg)
luminis
Conditional Permission Admin
• New (4.0) way of doing permission management
• use this exclusively for new implementations
• interoperability when both PA and CPA are present
• IF all conditions of a set of conditions match THEN apply the supplied permissions
• More flexible, extensible model
• Conditions evaluation is highly optimized
![Page 65: Building Secure OSGi Applications - cwiki.apache.org€¦ · luminis Agenda • Introduction to OSGi layers and Security • Java and OSGi Security • Enabling Security in Equinox](https://reader035.vdocuments.mx/reader035/viewer/2022070711/5ec827f969ee91782538aac8/html5/thumbnails/65.jpg)
luminis
CondPermAdmin (1/4)
!"#$%"&'($)&%*+,-./'0%1&+&,2&%3 4567468
9/:;$-$/:,+%*&'0$22$/:%<;0$:%"=&)$.$),-$/:%%>&'2$/:%5?@ A:-'/;B)-$/:
!"#$%&'()*+ ,%#),-#")-&%."/&)/,012&%3413"0'24/54#&
!"#"$ %&'()*+*
!"#$%&'('$%)*"+,-.'//'$%"!&.'%"/,-0'1,".)'%()'%/")"/2/(,."3'&,"()4*,"$5"
!"#$%& %"#'()*+,%--%"#.#/" "$46,1(/7"38'18")-,")%",%1$&,&"5$-."$5"1$%&'9
('$%/")%&":,-.'//'$%/;"!".)%)<,-"1)%",%=.,-)(,7"&,*,(,7")%&")&&"%,3"
(=:*,/"($"(8'/"()4*,;
>8,%")"4=%&*,"'/"1-,)(,&7"'("1-,)(,/")"/'%<*,"?=%&*,"+-$(,1('$%"@$.)'%;"A8'/"
:-$(,1('$%"&$.)'%"1)*1=*)(,/"(8,"/2/(,.":,-.'//'$%/"5$-"(8)("4=%&*,"42"
'%/()%(')('%<"(8,"1$%&'('$%/")%&":,-.'//'$%/"&,5'%,&"'%"(8,":,-.'//'$%"
()4*,7":$(,%(')**2":-=%'%<")%2",%(-',/"(8)("1)%"%,0,-")::*2"($"(8)("4=%&*,"
)%&"$:('.'B'%<",%(-',/"(8)(")*3)2/")::*2;"
!"4=%&*,"1)%"8)0,"*$1)*":,-.'//'$%/"&,5'%,&"'%")"?=%&*,"+,-.'//'$%"
C,/$=-1,;"A8,/,")-,"(8,")1(=)*":,-.'//'$%/"%,,&,&"42"(8'/"4=%&*,"($"$:,-)(,;"
!"4=%&*,D/",55,1('0,":,-.'//'$%/")-,"(8,"'%(,-/,1('$%"$5"(8,"*$1)*":,-.'/9
/'$%/")%&"(8,"/2/(,.":,-.'//'$%/;"@=-'%<"(8,":,-.'//'$%"18,1E"$5"(8,"F)0)"
G,1=-'(2"H)%)<,-7",)18"+-$(,1('$%"@$.)'%"'/"5'-/("18,1E,&"5$-"(8,"*$1)*":,-9
.'//'$%/7"'5"(8'/"5)'*/7"(8,"18,1E"5)'*/;
I(8,-3'/,7"(8,"?=%&*,"+-$(,1('$%"@$.)'%/"$5"(8,"1)**'%<"4=%&*,/")-,"1$%9
/=*(,&"($"/,,"'5"(8,2"'.:*2"(8,"-,J=,/(,&":,-.'//'$%;"A$"'.:*2"(8,"-,J=,/(,&"
:,-.'//'$%7"(8,"?=%&*,"+-$(,1('$%"@$.)'%".=/("5'%&")"(=:*,"'%"'(/":,-.'/9
/'$%"()4*,"38,-,")**"1$%&'('$%/")-,"/)('/5',&")%&"38,-,"(8,"(=:*,D/":,-.'/9
/'$%/"'.:*2"(8,"-,J=,/(,&":,-.'//'$%;"K$3,0,-7"1,-()'%"1$%&'('$%/".=/("
00%#&*+/'1*22,('-+.+('/012345"16-5+'
2&+&)-2%CD
00%#&*+/'1*22,('-+.+('17'8(
00%#&*+/'1*22,('-+.+('/012345"17'8(
00%#&*+/'1*22,('-+.+('
00%#&*+/'1*222345+**+('17'8(
!"#$%&%"#'(3)*+,%--%"#34$,%#3.,5(6
)*+,%--%"#
7'#'8*+3.,5(6
9:#$(*)+"&*1&%"#3;",'%#
001('--229:'-031;(<"1,('-+.+('
)+"&*1&%"#3;",'%#
'39:#$(*
001('--229:'-031%+='34"1,('-+.+('
+/),-$/:
2&+&)-2%CD
2$E:&'
F
5
5 F
F
F
<-*+3!"#$%&%"#3.,5(
,;0$:$2-&'2
G,2
2&,')G&2
G,2
&:)/;&2
&:)/;&2
![Page 66: Building Secure OSGi Applications - cwiki.apache.org€¦ · luminis Agenda • Introduction to OSGi layers and Security • Java and OSGi Security • Enabling Security in Equinox](https://reader035.vdocuments.mx/reader035/viewer/2022070711/5ec827f969ee91782538aac8/html5/thumbnails/66.jpg)
luminis
Conditions
• Purpose is to decide if a permission set is applicable or not.
• Can be postponed or immutable
• allows optimized evaluations
• Custom conditions can be used for more advanced use-cases
![Page 67: Building Secure OSGi Applications - cwiki.apache.org€¦ · luminis Agenda • Introduction to OSGi layers and Security • Java and OSGi Security • Enabling Security in Equinox](https://reader035.vdocuments.mx/reader035/viewer/2022070711/5ec827f969ee91782538aac8/html5/thumbnails/67.jpg)
luminis
BundleLocationCondition
• Condition to test if the location of a bundle matches a pattern.
• matching is done based on filter string matching rules
![Page 68: Building Secure OSGi Applications - cwiki.apache.org€¦ · luminis Agenda • Introduction to OSGi layers and Security • Java and OSGi Security • Enabling Security in Equinox](https://reader035.vdocuments.mx/reader035/viewer/2022070711/5ec827f969ee91782538aac8/html5/thumbnails/68.jpg)
luminis
BundleLocationCondition
• Condition to test if the location of a bundle matches a pattern.
• matching is done based on filter string matching rules
new ConditionInfo(BundleLocationCondition.class.getName(), new String[] {context.getBundle().getLocation()});
new ConditionInfo(BundleLocationCondition.class.getName(), new String[] {"*://www.luminis.nl/*"});
![Page 69: Building Secure OSGi Applications - cwiki.apache.org€¦ · luminis Agenda • Introduction to OSGi layers and Security • Java and OSGi Security • Enabling Security in Equinox](https://reader035.vdocuments.mx/reader035/viewer/2022070711/5ec827f969ee91782538aac8/html5/thumbnails/69.jpg)
luminis
Example
ConditionalPermissionAdmin condPermAdmin = getConditionalPermissionAdmin();
condPermAdmin.addConditionalPermissionInfo( new ConditionInfo[] {
new ConditionInfo( BundleLocationCondition.class.getName(), new String[]{"*://www.luminis.nl/*"}) }, new PermissionInfo[] { new PermissionInfo( AdminPermission.class.getName(), "(!(id=" + context.getBundle().getBundleId() + "))", "*") });
![Page 70: Building Secure OSGi Applications - cwiki.apache.org€¦ · luminis Agenda • Introduction to OSGi layers and Security • Java and OSGi Security • Enabling Security in Equinox](https://reader035.vdocuments.mx/reader035/viewer/2022070711/5ec827f969ee91782538aac8/html5/thumbnails/70.jpg)
luminis
Example - Use Conditions
condPermAdmin.addConditionalPermissionInfo(new ConditionInfo[]{new ConditionInfo(BundleLocationCondition.class.getName(), new String[]{context.getBundle().getLocation()})}, ALLPERMISSION_INFO);
condPermAdmin.addConditionalPermissionInfo(new ConditionInfo[] { // we use an empty condition set for default permissions}, new PermissionInfo[] {new PermissionInfo(PackagePermission.class.getName(), "*",PackagePermission.IMPORT)
});
![Page 71: Building Secure OSGi Applications - cwiki.apache.org€¦ · luminis Agenda • Introduction to OSGi layers and Security • Java and OSGi Security • Enabling Security in Equinox](https://reader035.vdocuments.mx/reader035/viewer/2022070711/5ec827f969ee91782538aac8/html5/thumbnails/71.jpg)
luminis
Agenda
• Introduction to OSGi layers and Security
• Java and OSGi Security
• Enabling Security in Equinox and Apache Felix
• PermissionAdmin and OSGi specific permissions
• ConditionalPermissionAdmin
• Signed Bundles and Local Permissions
• Custom and postponed conditions
![Page 72: Building Secure OSGi Applications - cwiki.apache.org€¦ · luminis Agenda • Introduction to OSGi layers and Security • Java and OSGi Security • Enabling Security in Equinox](https://reader035.vdocuments.mx/reader035/viewer/2022070711/5ec827f969ee91782538aac8/html5/thumbnails/72.jpg)
luminis
Signed Bundles
• Authenticates the signer
• Ensures that the content has not been modified
• Bundle (jar) can be signed by multiple signers
• Basically, normal java jar signing with a few extras
• All entries must be signed except META-INF
• certificate chains represented as ; separated lists
• matching done using * and - wildcards
![Page 73: Building Secure OSGi Applications - cwiki.apache.org€¦ · luminis Agenda • Introduction to OSGi layers and Security • Java and OSGi Security • Enabling Security in Equinox](https://reader035.vdocuments.mx/reader035/viewer/2022070711/5ec827f969ee91782538aac8/html5/thumbnails/73.jpg)
luminis
Signed Bundles
• Authenticates the signer
• Ensures that the content has not been modified
• Bundle (jar) can be signed by multiple signers
• Basically, normal java jar signing with a few extras
• All entries must be signed except META-INF
• certificate chains represented as ; separated lists
• matching done using * and - wildcardscn=marrs,o=iQ,c=NL;cn=hans,o=luminis,c=NL
cn=marrs,o=IQ*;cn=*,o=luminis
cn=marrs;-;cn=*,o=luminis
![Page 74: Building Secure OSGi Applications - cwiki.apache.org€¦ · luminis Agenda • Introduction to OSGi layers and Security • Java and OSGi Security • Enabling Security in Equinox](https://reader035.vdocuments.mx/reader035/viewer/2022070711/5ec827f969ee91782538aac8/html5/thumbnails/74.jpg)
luminis
Signing bundles in Eclipse
![Page 75: Building Secure OSGi Applications - cwiki.apache.org€¦ · luminis Agenda • Introduction to OSGi layers and Security • Java and OSGi Security • Enabling Security in Equinox](https://reader035.vdocuments.mx/reader035/viewer/2022070711/5ec827f969ee91782538aac8/html5/thumbnails/75.jpg)
luminis
Signing bundles manually
<macrodef name="sign-bundle"> <attribute name="name" /> <attribute name="location" default="deploy/@{name}.jar" /> <sequential> <exec executable="jarsigner"> <arg line="-keystore file:lib/keystore.ks" /> <arg line="-storepass luminis" /> <arg line="@{location}" /> <arg line="luminis" /> </exec> </sequential> </macrodef>
jarsigner -keystore file:lib/keystore.ks \-storepass luminis bundle.jar luminis
![Page 76: Building Secure OSGi Applications - cwiki.apache.org€¦ · luminis Agenda • Introduction to OSGi layers and Security • Java and OSGi Security • Enabling Security in Equinox](https://reader035.vdocuments.mx/reader035/viewer/2022070711/5ec827f969ee91782538aac8/html5/thumbnails/76.jpg)
luminis
Certificates and Keystores
keytool -genkey -keystore keystore.ks -alias marrs -storepass luminis \ -keypass luminis -dname "CN=Marcel, OU=iQ, O=luminis, L=Arnhem, C=NL"
keytool -selfcert -keystore keystore.ks -alias marrs -storepass luminis \ -keypass luminis -dname "CN=Marcel, OU=iQ, O=luminis, L=Arnhem, C=NL"
keytool -export -v -keystore keystore.ks -alias marrs -file luminis.cert \ -storepass luminis -keypass luminis
keytool -import -v -keystore keystore.ks -alias luminis -file luminis.cert \ -storepass luminis -keypass luminis
keytool -list -keystore keystore.ks -storepass luminis
marrs, Mar 13, 2008, keyEntry,luminis, Mar 13, 2008, trustedCertEntry
![Page 77: Building Secure OSGi Applications - cwiki.apache.org€¦ · luminis Agenda • Introduction to OSGi layers and Security • Java and OSGi Security • Enabling Security in Equinox](https://reader035.vdocuments.mx/reader035/viewer/2022070711/5ec827f969ee91782538aac8/html5/thumbnails/77.jpg)
luminis
BundleSignerCondition
• Condition to test if the signer of a bundle matches a pattern
• Uses the wildcard matching
![Page 78: Building Secure OSGi Applications - cwiki.apache.org€¦ · luminis Agenda • Introduction to OSGi layers and Security • Java and OSGi Security • Enabling Security in Equinox](https://reader035.vdocuments.mx/reader035/viewer/2022070711/5ec827f969ee91782538aac8/html5/thumbnails/78.jpg)
luminis
BundleSignerCondition
• Condition to test if the signer of a bundle matches a pattern
• Uses the wildcard matching
new ConditionInfo(BundleSignerCondition.class.getName(), new String[]{"*,o=luminis"})
![Page 79: Building Secure OSGi Applications - cwiki.apache.org€¦ · luminis Agenda • Introduction to OSGi layers and Security • Java and OSGi Security • Enabling Security in Equinox](https://reader035.vdocuments.mx/reader035/viewer/2022070711/5ec827f969ee91782538aac8/html5/thumbnails/79.jpg)
luminis
Agenda
• Introduction to OSGi layers and Security
• Java and OSGi Security
• Enabling Security in Equinox and Apache Felix
• PermissionAdmin and OSGi specific permissions
• ConditionalPermissionAdmin
• Signed Bundles and Local Permissions
• Custom and postponed conditions
![Page 80: Building Secure OSGi Applications - cwiki.apache.org€¦ · luminis Agenda • Introduction to OSGi layers and Security • Java and OSGi Security • Enabling Security in Equinox](https://reader035.vdocuments.mx/reader035/viewer/2022070711/5ec827f969ee91782538aac8/html5/thumbnails/80.jpg)
luminis
Local Permissions
• Defined in a resource inside the bundle
• Defines a set of permissions that are enforced by the framework
• A bundle can get less than these permissions, but never more
• Defaults to All Permissions
• Good way for operators to “audit” the permissions of a bundle
![Page 81: Building Secure OSGi Applications - cwiki.apache.org€¦ · luminis Agenda • Introduction to OSGi layers and Security • Java and OSGi Security • Enabling Security in Equinox](https://reader035.vdocuments.mx/reader035/viewer/2022070711/5ec827f969ee91782538aac8/html5/thumbnails/81.jpg)
luminis
LocalPermissions
• OSGI-INF/permissions.perm
# Friday, Feb 24 2005 # ACME, chess game ( ..ServicePermission "..log.LogService" "GET" ) ( ..PackagePermission "..log" "IMPORT" ) ( ..ServicePermission "..cm.ManagedService" "REGISTER" )( ..PackagePermission "..cm" "IMPORT" ) ( ..ServicePermission "..useradmin.UserAdmin" "GET" ) ( ..PackagePermission "..cm" "SET" ) ( ..PackagePermission "com.acme.chess" "IMPORT,EXPORT" ) ( ..PackagePermission "com.acme.score" "IMPORT" )
![Page 82: Building Secure OSGi Applications - cwiki.apache.org€¦ · luminis Agenda • Introduction to OSGi layers and Security • Java and OSGi Security • Enabling Security in Equinox](https://reader035.vdocuments.mx/reader035/viewer/2022070711/5ec827f969ee91782538aac8/html5/thumbnails/82.jpg)
luminis
Tip: local permissions tracing with Apache Felix
import java.security.Permission;
public class SecMan extends SecurityManager { public void checkPermission(Permission perm, Object context) { System.out.println(perm); try { super.checkPermission(perm, context); } catch (Exception ex) { ex.printStackTrace(); } }
public void checkPermission(Permission perm) { System.out.println(perm); try { super.checkPermission(perm); } catch (Exception ex) { ex.printStackTrace(); } }}
![Page 83: Building Secure OSGi Applications - cwiki.apache.org€¦ · luminis Agenda • Introduction to OSGi layers and Security • Java and OSGi Security • Enabling Security in Equinox](https://reader035.vdocuments.mx/reader035/viewer/2022070711/5ec827f969ee91782538aac8/html5/thumbnails/83.jpg)
luminis
Tip: local permissions tracing with Apache Felix
import java.security.Permission;
public class SecMan extends SecurityManager { public void checkPermission(Permission perm, Object context) { System.out.println(perm); try { super.checkPermission(perm, context); } catch (Exception ex) { ex.printStackTrace(); } }
public void checkPermission(Permission perm) { System.out.println(perm); try { super.checkPermission(perm); } catch (Exception ex) { ex.printStackTrace(); } }}
java -Djava.security.manager=SecMan -Djava.security.policy=all.policy \ -cp .:felix.jar org.apache.felix.main.Main
![Page 84: Building Secure OSGi Applications - cwiki.apache.org€¦ · luminis Agenda • Introduction to OSGi layers and Security • Java and OSGi Security • Enabling Security in Equinox](https://reader035.vdocuments.mx/reader035/viewer/2022070711/5ec827f969ee91782538aac8/html5/thumbnails/84.jpg)
luminis
Example - Signed bundles
condPermAdmin.addConditionalPermissionInfo(new ConditionInfo[]{ new ConditionInfo(BundleSignerCondition.class.getName(),
new String[]{"*,o=luminis"}) }, ALLPERMISSION_INFO);
# Friday, Feb 24 2005 # task4.test, local ( org.osgi.framework.PackagePermission "org.osgi.framework" "IMPORT" ) ( java.io.FilePermission "/" "read,write" )
![Page 85: Building Secure OSGi Applications - cwiki.apache.org€¦ · luminis Agenda • Introduction to OSGi layers and Security • Java and OSGi Security • Enabling Security in Equinox](https://reader035.vdocuments.mx/reader035/viewer/2022070711/5ec827f969ee91782538aac8/html5/thumbnails/85.jpg)
luminis
Agenda
• Introduction to OSGi layers and Security
• Java and OSGi Security
• Enabling Security in Equinox and Apache Felix
• PermissionAdmin and OSGi specific permissions
• ConditionalPermissionAdmin
• Signed Bundles and Local Permissions
• Custom and postponed conditions
![Page 86: Building Secure OSGi Applications - cwiki.apache.org€¦ · luminis Agenda • Introduction to OSGi layers and Security • Java and OSGi Security • Enabling Security in Equinox](https://reader035.vdocuments.mx/reader035/viewer/2022070711/5ec827f969ee91782538aac8/html5/thumbnails/86.jpg)
luminis
Custom Condition
• Conditions must come from the classpath/system bundle
• Are constructed from ConditionInfo objects
• static getCondition(Bundle,ConditionInfo) method
• constructor with (Bundle, ConditionInfo) signature
![Page 87: Building Secure OSGi Applications - cwiki.apache.org€¦ · luminis Agenda • Introduction to OSGi layers and Security • Java and OSGi Security • Enabling Security in Equinox](https://reader035.vdocuments.mx/reader035/viewer/2022070711/5ec827f969ee91782538aac8/html5/thumbnails/87.jpg)
luminis
Custom Condition
• Conditions must come from the classpath/system bundle
• Are constructed from ConditionInfo objects
• static getCondition(Bundle,ConditionInfo) method
• constructor with (Bundle, ConditionInfo) signature
class BeforeDateCondition implements Condition { private final long m_date; public static Condition getCondition(Bundle bundle,
ConditionInfo info) { return new BeforeDateCondition(bundle, info); } public BeforeDateCondition(Bundle bundle,
ConditionInfo info) { m_date = Long.parseLong(info.getArgs()[0]); } public boolean isMutable() { return m_date > System.currentTimeMillis(); }
public boolean isPostponed() { return false; }
public boolean isSatisfied() { return System.currentTimeMillis() < m_date; }
public boolean isSatisfied(Condition[] conditions, Dictionary context) {
return false; }}
![Page 88: Building Secure OSGi Applications - cwiki.apache.org€¦ · luminis Agenda • Introduction to OSGi layers and Security • Java and OSGi Security • Enabling Security in Equinox](https://reader035.vdocuments.mx/reader035/viewer/2022070711/5ec827f969ee91782538aac8/html5/thumbnails/88.jpg)
luminis
Extension Bundles
• Extension bundles can deliver optional parts of the Framework implementation
• Necessary to add custom conditions because they have to come from the classpath
• No Import-Package, Require-Bundle, Bundle-NativeCode, DynamicImport-Package, or Bundle-Activator allowed
![Page 89: Building Secure OSGi Applications - cwiki.apache.org€¦ · luminis Agenda • Introduction to OSGi layers and Security • Java and OSGi Security • Enabling Security in Equinox](https://reader035.vdocuments.mx/reader035/viewer/2022070711/5ec827f969ee91782538aac8/html5/thumbnails/89.jpg)
luminis
Extension Bundles
• Extension bundles can deliver optional parts of the Framework implementation
• Necessary to add custom conditions because they have to come from the classpath
• No Import-Package, Require-Bundle, Bundle-NativeCode, DynamicImport-Package, or Bundle-Activator allowed
Fragment-Host: system.bundle; extension:=framework
![Page 90: Building Secure OSGi Applications - cwiki.apache.org€¦ · luminis Agenda • Introduction to OSGi layers and Security • Java and OSGi Security • Enabling Security in Equinox](https://reader035.vdocuments.mx/reader035/viewer/2022070711/5ec827f969ee91782538aac8/html5/thumbnails/90.jpg)
luminis
Agenda
• Introduction to OSGi layers and Security
• Java and OSGi Security
• Enabling Security in Equinox and Apache Felix
• PermissionAdmin and OSGi specific permissions
• ConditionalPermissionAdmin
• Signed Bundles and Local Permissions
• Custom and postponed conditions
![Page 91: Building Secure OSGi Applications - cwiki.apache.org€¦ · luminis Agenda • Introduction to OSGi layers and Security • Java and OSGi Security • Enabling Security in Equinox](https://reader035.vdocuments.mx/reader035/viewer/2022070711/5ec827f969ee91782538aac8/html5/thumbnails/91.jpg)
luminis
Postponed Conditions
• Optimize condition evaluation on multiple evaluations during the same permission check
• context map can be used to pass settings during evaluation
• Use if evaluation is expensive
public boolean isPostponed() { return true;}
public boolean isSatisfied(Condition[] conditions, Dictionary context) { // do evaluation for all conditions involved }
![Page 92: Building Secure OSGi Applications - cwiki.apache.org€¦ · luminis Agenda • Introduction to OSGi layers and Security • Java and OSGi Security • Enabling Security in Equinox](https://reader035.vdocuments.mx/reader035/viewer/2022070711/5ec827f969ee91782538aac8/html5/thumbnails/92.jpg)
luminis
Example - Custom Postponed
condPermAdmin.addConditionalPermissionInfo(new ConditionInfo[]{ new ConditionInfo(AskUserCondition.class.getName(), new String[]{""})}, ALLPERMISSION_INFO);
public boolean isSatisfied(Condition[] conditions, Dictionary context) { StringBuilder buffer = new StringBuilder("Do you grant bundles: "); for (Condition condition : conditions) { buffer.append(
(AskUserCondition) condition).bundle.getBundleId()).append(" "); } buffer.append("AllPermission?"); return ask(buffer.toString());}
![Page 93: Building Secure OSGi Applications - cwiki.apache.org€¦ · luminis Agenda • Introduction to OSGi layers and Security • Java and OSGi Security • Enabling Security in Equinox](https://reader035.vdocuments.mx/reader035/viewer/2022070711/5ec827f969ee91782538aac8/html5/thumbnails/93.jpg)
luminis
Demo
• Shows a custom condition that:
• is postponed, because it’s “expensive”
• asks the user for permission
![Page 94: Building Secure OSGi Applications - cwiki.apache.org€¦ · luminis Agenda • Introduction to OSGi layers and Security • Java and OSGi Security • Enabling Security in Equinox](https://reader035.vdocuments.mx/reader035/viewer/2022070711/5ec827f969ee91782538aac8/html5/thumbnails/94.jpg)
luminis
Discussion
• We’ve showed:
• how security is integrated into OSGi
• the relation between Java 2 Security and OSGi
• how to use both Permission Admin and Conditional Permission admin
• how to use signed bundles, local permissions, and add custom permissions and conditions at runtime
![Page 95: Building Secure OSGi Applications - cwiki.apache.org€¦ · luminis Agenda • Introduction to OSGi layers and Security • Java and OSGi Security • Enabling Security in Equinox](https://reader035.vdocuments.mx/reader035/viewer/2022070711/5ec827f969ee91782538aac8/html5/thumbnails/95.jpg)
luminis
Links
• Apache Felix and OSGi:http://felix.apache.org/http://www.osgi.org/
• Sample code:http://opensource.luminis.net/
• Karl Pauls: [email protected]
Marcel Offermans: [email protected]
![Page 96: Building Secure OSGi Applications - cwiki.apache.org€¦ · luminis Agenda • Introduction to OSGi layers and Security • Java and OSGi Security • Enabling Security in Equinox](https://reader035.vdocuments.mx/reader035/viewer/2022070711/5ec827f969ee91782538aac8/html5/thumbnails/96.jpg)
luminis
Questions?!
? & !