Java2 Applet digital signature specific implementation method
Beijing Affe drive from a bare code ---------------------------------------------------------------------------------------------------------------------------------------------- -------------------------------
3 Applet's digital signature authentication implementation specific method, step 3.1 Combining my own Java2-based Applet my project is to use Applet to make a real-time message queue monitor, due to local resources, you must perform numbers Sign and certification. The environment I use is Windows2000, the application server is WebLogic 6.0, the development environment is JBuilder 4.0. I remind everyone to pay attention to the concept of the server and the client. Those files should be on the server, those files should be on the client. First, use JRE 1.3.0_01 (Java Run Environment 1.3.0.1 version) to replace the JVM (Java virtual machine) of IE, you can download it on www.java.sun.com website, download it first installed on the client Ok, the installation process is very simple. In the HTML file of the server-side call applet, it also need to include it in order to download the client download, the specific way of writing, please look down, the specific steps are as follows: Server: 1. All package files need to be used in all package files (I have to use the weblogic JMS package to use the command jar xf weblogicc.jar), then use the JDK package command to compile the monitor. Class and the package just unzipped Pack into a package together. (Premise that I have placed the monitor and the unlocked package in the same directory), all the commands in the DOS state, see the bin directory of JDK1.3 (1.2), the command is as follows: JAR CVF Monitor .jar * .class This command generates a package 2 called Monitor.jar. Create KeyStore and Keys for the package file created (Monitor.jar). The KeyStore will be used to store the private keys and public key certifications, and Alias alias is taken here. The command is as follows: keytool -genkey-ketorestore monitor.keystore -alias monitor This command generates a keystore file called Monitor.KeyStore, then this command, the system will ask you a lot of questions, such as your company name, your address, You have to set the password, etc., you will write your own just write. 3. The signature of the JAR file is as follows: jarsigner.jar Monitor This command will sign the Monitor.jar file, which will not generate new files. 4. Import the public key into a CER file, this CER file is the unique file to copy to the client. The command is as follows: keytool -export -keystore monitor.keystore -alias monitor -file monitor.cer This command will generate a Monitor.cer authentication file, of course, these steps may ask you the password you just set. This completes the server side settings.
At this time, you can copy the JAR file and the keystore file and the CER file (I am Monitor.jar, Monitor.KeyStore, Monitor.cer), I am using WebLogic6.0, so copy it to C: /bea/wlserver6.0/config/mydomain/applications/defaultwebapp_myser in a directory under his own built. Client: 1. First, JRE 1.3.0_01 should be installed, then copy the server-side Monitor.cer file to the specific directory of JRE, I am here: c: / program files / javasoft / jRE / 1.3.0_01 / lib / security directory. 2. Pour the public key into the JRE CACERTS (this is the JRE's default keystore "command as follows: keytool -import -alias monitor -file monitor.cer-readystore cacerts Note that you want you to enter the password of the cacerts, it should be Changeit, and Not your own keystore's password. 3. Modify the Policy policy file, use the command policytool system in the DOS state to automatically pop up a PolicyTool dialog, as shown in Figure 4, first select the Open item of the File menu, open C: / Program Files / JavaSoft / JRE / 1.3.0_01 / lib / security directory, the Java.Poliy file, then select Change KeyStore in the Edit menu, in the dialog box, enter file: / c: / program files /javasoft/jre/1.3.0_01 / lib / security / cacerts, here should pay attention to the backslash, enter JKS in the New KeyStore Type, which is the fixed format of Cacerts, then click Add Policy Entry, enter CodeBase in the dialog that appears: http: // URL: 7001 / * Where the URL is the server's IP address, 7001 is my weblogic port. If you are in other application servers, such as Apache, that port number can be omitted. Enter (alias alias) in SignedBY: This is Monitor and click the Add Peimission button. In the PERMISSION, in the dialog that appears, select the permissions you want to give this applet, this is a lot of permissions, readers can find information to find themselves. I am using allpeimission, enter alias in the right signedby: Monitor is finally saved, in the File menu SAVE item. Of course, you can see that I have implemented signature authentication for multiple packages. This is completed so that the settings of the client. When the client is running the applet program with IE, you will ask if you authorize the signature, select Authorization, the package will automatically download from the server to the local computer, and IE will automatically start JRE, and you can see it in the lower right column. The Java console equivalent to IE.
4. The HTML file that calls Applet knows that due to the security of Java2, the HTML file for the Applet is no longer used, and the ActiveX type call is changed. Specific points in IE and Nescape Different Writings, this can find ready-made tutorials on Sun online. I don't have much to say, just give everyone the HTML written by IE.
