I created a simple
Java applet. I jar'd it creating hw.jar and got it to work in a web page with an applet tag. I did all this on my PC and verified it using Firefox and IE7.
Next I added code in the applet to reference the local file system. This failed as expected, the Java console showing:
Exception in
thread "AWT-EventQueue-2" java.security.AccessControlException: access denied (java.util.PropertyPermission user.dir read)
at java.security.AccessControlContext.checkPermission(Unknown Source)
at java.security.AccessController.checkPermission(Unknown Source)
at java.lang.SecurityManager.checkPermission(Unknown Source)
at java.lang.SecurityManager.checkPropertyAccess(Unknown Source)
at java.lang.System.getProperty(Unknown Source)
at java.io.Win32FileSystem.getUserPath(Unknown Source)
at java.io.Win32FileSystem.resolve(Unknown Source)
at java.io.File.getAbsolutePath(Unknown Source)
at com.sbqsam.test.applets.HelloWorld$3.actionPerformed(HelloWorld.java:74)
So now I'm ready to sign the applet and see this error go away. I want to use a certificate that I generate myself; during development I don't want to have to pay to get a real certificate. Here are the exact steps that worked for me (Windows XP, sp 3):
-->keytool -genkey -keyalg rsa -alias sbqsam0
Enter keystore password: *****
Re-enter new password: *****
...
Enter key password for <sbqsam0>
(RETURN if same as keystore password): *****
-->keytool -export -alias sbqsam0 -file sbqsamCert.crt
Enter keystore password:
Certificate stored in file <sbqsamCert.crt>
-- I get an error doing this step:
-->jarsigner hw.jar sbqsamCert
Enter Passphrase for keystore:
jarsigner: Certificate chain not found for: sbqsamCert. sbqsamCert must reference a valid KeyStore key entry containing a private key and corresponding public key certificate chain.
-->keytool -list
Enter keystore password:
Keystore type: JKS
Keystore provider: SUN
-- Here's the critical step, provided by hyeomer's post of Sep 26, 2003 4:49AM
-- on this forum:
http://forums.sun.com/thread.jspa?threadID=433828&tstart=960
-->keytool -export -alias sbqsam0 -rfc -file sig.x509
Enter keystore password:
Certificate stored in file <sig.x509>
-->jarsigner hw.jar sbqsam0
Enter Passphrase for keystore:
Warning:
The signer certificate will expire within six months.
When I display that directory there are only these three files:
03/22/2009 12:46 PM 6,062 hw.jar
03/22/2009 10:18 AM 627 sbqsamCert.crt
03/22/2009 12:16 PM 914 sig.x509
My next step is to move all this up to my web site. I'm hoping if I move these three files into the folder that contains the .html file with the <applet> tag which references hw.jar that it will all work.
-Sam