This week's book giveaway is in the Agile and other Processes forum.
We're giving away four copies of The Mikado Method and have Ola Ellnestam and Daniel Brolund on-line!
See this thread for details.
The moose likes Applets and the fly likes Success: how to self-sign an applet Big Moose Saloon
  Search | Java FAQ | Recent Topics
Register / Login


Win a copy of The Mikado Method this week in the Agile and other Processes forum!
JavaRanch » Java Forums » Java » Applets
Reply Bookmark "Success: how to self-sign an applet" Watch "Success: how to self-sign an applet" New topic
Author

Success: how to self-sign an applet

Samuel Quiring
Greenhorn

Joined: Feb 04, 2009
Posts: 8
posted private message
0
Quote
I created a simple Java applet. I jar'd it creating hw.jar and got it to work in a web page with an applet tag. I did all this on my PC and verified it using Firefox and IE7.

Next I added code in the applet to reference the local file system. This failed as expected, the Java console showing:

Exception in thread "AWT-EventQueue-2" java.security.AccessControlException: access denied (java.util.PropertyPermission user.dir read)
at java.security.AccessControlContext.checkPermission(Unknown Source)
at java.security.AccessController.checkPermission(Unknown Source)
at java.lang.SecurityManager.checkPermission(Unknown Source)
at java.lang.SecurityManager.checkPropertyAccess(Unknown Source)
at java.lang.System.getProperty(Unknown Source)
at java.io.Win32FileSystem.getUserPath(Unknown Source)
at java.io.Win32FileSystem.resolve(Unknown Source)
at java.io.File.getAbsolutePath(Unknown Source)
at com.sbqsam.test.applets.HelloWorld$3.actionPerformed(HelloWorld.java:74)

So now I'm ready to sign the applet and see this error go away. I want to use a certificate that I generate myself; during development I don't want to have to pay to get a real certificate. Here are the exact steps that worked for me (Windows XP, sp 3):


-->keytool -genkey -keyalg rsa -alias sbqsam0
Enter keystore password: *****
Re-enter new password: *****
...
Enter key password for <sbqsam0>
(RETURN if same as keystore password): *****

-->keytool -export -alias sbqsam0 -file sbqsamCert.crt
Enter keystore password:
Certificate stored in file <sbqsamCert.crt>

-- I get an error doing this step:

-->jarsigner hw.jar sbqsamCert
Enter Passphrase for keystore:
jarsigner: Certificate chain not found for: sbqsamCert. sbqsamCert must reference a valid KeyStore key entry containing a private key and corresponding public key certificate chain.

-->keytool -list
Enter keystore password:

Keystore type: JKS
Keystore provider: SUN

-- Here's the critical step, provided by hyeomer's post of Sep 26, 2003 4:49AM
-- on this forum: http://forums.sun.com/thread.jspa?threadID=433828&tstart=960

-->keytool -export -alias sbqsam0 -rfc -file sig.x509
Enter keystore password:
Certificate stored in file <sig.x509>

-->jarsigner hw.jar sbqsam0
Enter Passphrase for keystore:

Warning:
The signer certificate will expire within six months.

When I display that directory there are only these three files:

03/22/2009 12:46 PM 6,062 hw.jar
03/22/2009 10:18 AM 627 sbqsamCert.crt
03/22/2009 12:16 PM 914 sig.x509

My next step is to move all this up to my web site. I'm hoping if I move these three files into the folder that contains the .html file with the <applet> tag which references hw.jar that it will all work.

-Sam
Jesus Angeles
Ranch Hand

Joined: Feb 26, 2005
Posts: 2036
posted private message
0
Quote
Great! How did it go in the server?
Samuel Quiring
Greenhorn

Joined: Feb 04, 2009
Posts: 8
posted private message
0
Quote
Sorry for not following up. It worked for me.

-Sam
Titus Abraham
Ranch Hand

Joined: Jun 03, 2009
Posts: 36
posted private message
0
Quote
my jar file which has the applet class files and image files is not able to load it. i have no idea why.. I have signed the jar file and all but it doesnt work ? any idea why ?
Jesus Angeles
Ranch Hand

Joined: Feb 26, 2005
Posts: 2036
posted private message
0
Quote
Titus Abraham wrote:my jar file which has the applet class files and image files is not able to load it. i have no idea why.. I have signed the jar file and all but it doesnt work ? any idea why ?


Hi, are you doing this on a web application?

Does it work if you dont sign the jar?

What error are you getting (what does 'not able to load it' mean)?
Jesus Angeles
Ranch Hand

Joined: Feb 26, 2005
Posts: 2036
posted private message
0
Quote
Samuel Quiring wrote:Sorry for not following up. It worked for me.

-Sam


It also worked for me. I just followed what you did.

Have you figured out how to 'import' a saved one into the default keystore (opposite of 'export')?

I tried but I am getting the error below:







Titus Abraham
Ranch Hand

Joined: Jun 03, 2009
Posts: 36
posted private message
0
Quote
Hey... i was using a relative path. and relative paths do not work in applets. thats why i was getting error. thanks for the help.

 
I agree. Here's the link: http://zeroturnaround.com/jrebel - it saves me about five hours per week
 
subject: Success: how to self-sign an applet
 
Similar Threads
Java Policy file
Signing applets
Sign a jar with a third party certificate, using keytool and jarsigner
REG: Applet Database Connectivity
Signing applets