In Equinox 3.9 (Eclipse 4.3) it was possible to configure the following properties in eclipse.ini to enable Authorization.
osgi.signedcontent.support=all
osgi.signedcontent.authorization.engine.policy=trusted
osgi.framework.keystore=file:truststore.jks
Setting up the same properties in Equinox 3.10 (Eclipse 4.4) seems to have no effect. I can start the application regardless wether my bundles are signed with the right key or not.
Reading the documentation I would say there has been no changes.
When code is loaded by the runtime Since 3.4, the Equinox runtime has had the ability to check the signature of code as it is loaded. The benefit to this feature beyond checking signatures during provisioning is the ability to dynamically remove trust and disable code should an exploit be exposed in deployed code. In order to enable signature-based authorization at load time, the following VM argument must be passed: -Dosgi.signedcontent.support=authority See the runtime options page for more information about the osgi.signedcontent.support runtime variable.
Any hint or help on this is greatly appreciated. Thanks!
The signed content support was just provisional and got removed as part of Luna release (see clarification of Thomas Watson at the equinox mailing list).
Opened a ticket on this as suggested by Thomas (see Eclipse Bugzilla).