Digital signature for Java Applet and Java Web Start

zhaozj2021-02-11  164

Digital signature for Java Applet and Java Web Start

We know that the Java Applet and Java Web Start programs are subject to secure restrictions, such as unavailable access to the local file system, and cannot access the network at will. This article will demonstrate how to do digital signatures for the code, let customers choose whether to trust your signature while running so that your program has more permissions. Here we don't plan to purchase a certificate.

My computer environment is as follows: Windows2000 Professional SP3Sun JDK1.4.0ie6.0java_home, Path, ClassPath, etc. Environment variables have been set

Client requirements: The client browser needs to install the Java plugin, where the Java plugin here is installed together when installing JDK. If the client doesn't need to do Java development, you can download the Sun's website to download JRE to the client installation. Next, let's take a look at this applet, it only has a button, click this button to create a file locally, if successful, pop up a dialog box display success message, if an exception (safe exception or IO exception), also pop up a display Error dialog. The source file is as follows:

Source file test / Testapplet.java

Package test;

Import java.applet. *; import java.io. *;

Import java.awt.event. *; import javax.swing. *;

public class TestApplet extends Applet {public void init () {JButton button = new JButton ( "Create a file"); button.addActionListener (new ActionListener () {public void actionPerformed (ActionEvent evt) {File file = new File ( "c : //a.txt "); try {file.createnewfile (); JOPANE.SHOWMESSAGEDIALOG (NULL," Successfully created file c: //a.txt "," message ", joptionpane.information_message);} catch (Exception EX ) {JOPANE.SHOWMESSAGEDIALOG (NULL, EX.GETMESSAGE (), "Error", JOPANE.ERROR_MESSAGE);}}}; add (button);}}

Compile this appletjavac test / testapplet.java in the parent catalog with the test catalog

Package, build Test.jar file jar -cvf test.jar test

The following is the HTML page using Applet Test.html HTML Test Page </ title> < / HEVA Enabled Blowser. <br> <applet codebase = "." code = "test.testapplet.class" name = "testapplet" archive = "test.jar" width = "400" Height = "300" hspace = "0" vSpace = "0" align = "middle"> </ applet> </ body> </ html> Let's run now, open Test.html. Click the button, what did you see? Unfortunately, we have not had a digital signature applet without authorization of local files by default. So let us prepare the signature code. First use the keytool command to generate KEY used to sign. Below this command produces a key called "mykey", which is stored in the keystore called "MyStore".</p> <p>KeyTool -Genkey -Alaias MyKey-Keystore MyStore</p> <p>Next, it will ask some questions including the keystore password, the password of Key, etc., as shown below:</p> <p>Enter keystore password: StorePass What is your name and last name? [Unknown]: What is the name of your organization? [UNKNOWN]: What is your organization name? [UNKNOWN]: What is your city or region name? [Unknown]: What is the name of the state or provincial name in Beijing? [Unknown]: What is the two-letter country code in this unit [Unknown]: cncn = ayellow, ou = My organization unit, o = my organization, L = Beijing, ST = Beijing, c = CN correct? [No]: Y</p> <p>Enter <myKey>'s primary password (if you pass the keystore password, press Enter): Keypass</p> <p>After completion, you will generate a file called MyStore in the current directory, which contains our key. Sign Our Code Test.jar with jarsigner command (you need to enter keystore and key password):</p> <p>Jarsigner -keystore mystore test.jar mykey</p> <p>ENTER Passphrase for KeyStore: StorePassenter Key Password for Mykey: Keypass</p> <p>Run the applet again, a dialog box will appear when applet is loaded, saying that the applet is signed by the untrustful issuer and claiming that the code is safe, is it necessary to authorize the applet. Select "Authorize Conversation", then click our button to see if it is successful creation file? For Java Web Start programs, the process of signing the JAR file is the same. But you need to make some modifications in the JNLP file. For example, add a part in the JNLP root element: <security> <all-permissions /> </ security> running program, the following dialog box appears during the first startup: Select "Start", this dialog is started later. No longer appear, because Java Web Start is equivalent to a local program installed after startup, since the first customer has chosen trust, this dialog will no longer have to appear. Of course, we can also choose "Always Authorization" for the Applet example.</p> <p>Discuss with you: Take a closer look, we can find that the wording of the dialog box out of Applet and Java Web Start is different, and it is clear that the former is wrong. In this case, customers are likely to authorize untrustful procedures. Causes a safe hidden danger. If we are in front of us to create a KeyStore, fill in "Microsoft" in "My Organization", what will it? For an invisible program, the former default button is actually "authorization", and the latter is "exit". Why is the security of Applet?</p></div><div class="text-center mt-3 text-grey"> 转载请注明原文地址:https://www.9cbs.com/read-5149.html</div><div class="plugin d-flex justify-content-center mt-3"></div><hr><div class="row"><div class="col-lg-12 text-muted mt-2"><i class="icon-tags mr-2"></i><span class="badge border border-secondary mr-2"><h2 class="h6 mb-0 small"><a class="text-secondary" href="tag-2.html">9cbs</a></h2></span></div></div></div></div><div class="card card-postlist border-white shadow"><div class="card-body"><div class="card-title"><div class="d-flex justify-content-between"><div><b>New Post</b>(<span class="posts">0</span>) </div><div></div></div></div><ul class="postlist list-unstyled"> </ul></div></div><div class="d-none threadlist"><input type="checkbox" name="modtid" value="5149" checked /></div></div></div></div></div><footer class="text-muted small bg-dark py-4 mt-3" id="footer"><div class="container"><div class="row"><div class="col">CopyRight © 2020 All Rights Reserved </div><div class="col text-right">Processed: <b>0.049</b>, SQL: <b>9</b></div></div></div></footer><script src="./lang/en-us/lang.js?2.2.0"></script><script src="view/js/jquery.min.js?2.2.0"></script><script src="view/js/popper.min.js?2.2.0"></script><script src="view/js/bootstrap.min.js?2.2.0"></script><script src="view/js/xiuno.js?2.2.0"></script><script src="view/js/bootstrap-plugin.js?2.2.0"></script><script src="view/js/async.min.js?2.2.0"></script><script src="view/js/form.js?2.2.0"></script><script> var debug = DEBUG = 0; var url_rewrite_on = 1; var url_path = './'; var forumarr = {"1":"Tech"}; var fid = 1; var uid = 0; var gid = 0; xn.options.water_image_url = 'view/img/water-small.png'; </script><script src="view/js/wellcms.js?2.2.0"></script><a class="scroll-to-top rounded" href="javascript:void(0);"><i class="icon-angle-up"></i></a><a class="scroll-to-bottom rounded" href="javascript:void(0);" style="display: inline;"><i class="icon-angle-down"></i></a></body></html><script> var forum_url = 'list-1.html'; var safe_token = 'xprOLUGCoVaTNsM3C_2BjMhbb60zaqZA0uaTmMLZp0u21E67FLyhBSwwJyxjllx_2FNg4j8z7V3Ejdxe_2FPEZLJVTZw_3D_3D'; var body = $('body'); body.on('submit', '#form', function() { var jthis = $(this); var jsubmit = jthis.find('#submit'); jthis.reset(); jsubmit.button('loading'); var postdata = jthis.serializeObject(); $.xpost(jthis.attr('action'), postdata, function(code, message) { if(code == 0) { location.reload(); } else { $.alert(message); jsubmit.button('reset'); } }); return false; }); function resize_image() { var jmessagelist = $('div.message'); var first_width = jmessagelist.width(); jmessagelist.each(function() { var jdiv = $(this); var maxwidth = jdiv.attr('isfirst') ? first_width : jdiv.width(); var jmessage_width = Math.min(jdiv.width(), maxwidth); jdiv.find('img, embed, iframe, video').each(function() { var jimg = $(this); var img_width = this.org_width; var img_height = this.org_height; if(!img_width) { var img_width = jimg.attr('width'); var img_height = jimg.attr('height'); this.org_width = img_width; this.org_height = img_height; } if(img_width > jmessage_width) { if(this.tagName == 'IMG') { jimg.width(jmessage_width); jimg.css('height', 'auto'); jimg.css('cursor', 'pointer'); jimg.on('click', function() { }); } else { jimg.width(jmessage_width); var height = (img_height / img_width) * jimg.width(); jimg.height(height); } } }); }); } function resize_table() { $('div.message').each(function() { var jdiv = $(this); jdiv.find('table').addClass('table').wrap('<div class="table-responsive"></div>'); }); } $(function() { resize_image(); resize_table(); $(window).on('resize', resize_image); }); var jmessage = $('#message'); jmessage.on('focus', function() {if(jmessage.t) { clearTimeout(jmessage.t); jmessage.t = null; } jmessage.css('height', '6rem'); }); jmessage.on('blur', function() {jmessage.t = setTimeout(function() { jmessage.css('height', '2.5rem');}, 1000); }); $('#nav li[data-active="fid-1"]').addClass('active'); </script>