Re: Java 1.1 Plug-In, Signed Jars, and No Worky

Roland Schemers (Roland.Schemers@Eng)
Fri, 15 May 1998 00:41:54 -0800 (PDT)

From: Roland.Schemers@Eng (Roland Schemers)
Message-Id: <199805150741.AAA22717@crypto.eng.sun.com>
Subject: Re: Java 1.1 Plug-In, Signed Jars, and No Worky
To: zicornell@optivision.com (Topher ZiCornell)
Date: Fri, 15 May 1998 00:41:54 -0800 (PDT)
In-Reply-To: <01BD7F99.04985D60.zicornell@optivision.com> from "Topher ZiCornell" at May 15, 98 00:33:00 am

Hum. I think you need to use the "jar" command to create the jar file.
If you use "zip" then the META-INF/MANIFEST.MF file won't get created,
and the jar won't get signed correctly. Using the jar command causes
the META-INF/MANIFEST.MF file to get created, and let javakey do its thing.

roland

>
>
> Hi there,
>
> I am having trouble getting the Security Manager to trust me. I (believe
> I) have followed all the tutorials, scoured all the documents I can find,
> and it still throws a security exception in my face.
>
> I have a simple model applet that spews a message (via a swing JLabel) and
> presents a button (JButton). When the user presses the button, the applet
> checks to see if win.ini exists. It uses File.exists() to check
> (instantiating a File object with "C:\WinNT\win.ini").
>
> I created the JAR using "zip -r0" of the compiled class files (2 files)
> I created a trusted signing entity using: javakey -cs "Topher" true
> (the javakey is from JDK 1.1.6)
> I built a key pair using: javakey -gk "Topher" DSA 512 TopherPub TopherPriv
> I generated a certificate using: javakey -gc TopherCert.dir
> (the output was to Topher.x509 - I can send you the directive file if you
> want)
> I signed the jar file using: javakey -gs
> /jdk1.1.6/lib/security/TopherSign.dir testhead.jar
> (again, the dir file is available)
> I copied my identitydb.obj with my signing identity to a safe place and
> created a new identity in a new file: javakey -c "Topher" true
> I imported my public key: javakey -ik "Topher" TopherPub
> I imported my certification: javakey -ic "Topher" Topher.x509
> I copied my new identitydb.obj file to C:\WinNT\profiles\Topher
> I moved my testhead.jar.sig file to my http server and renamed it to
> testhead.jar.
>
> I went to the Java Plugged-In test web page with a Java Plugged-In browser
> (NN or IE, doesn't matter) and when I pressed the button, the java console
> spewed...
> sun.applet.AppletSecurityException: checkread
> at java.lang.Throwable.<init>(Compiled Code)
> at java.lang.SecurityException.<init>(Compiled Code)
> at sun.applet.AppletSecurityException.<init>(Compiled Code)
> at sun.applet.AppletSecurityException.<init>(Compiled Code)
> at sun.applet.AppletSecurity.checkRead(Compiled Code)
> at sun.applet.AppletSecurity.checkRead(Compiled Code)
> at java.io.File.exists(Compiled Code)
> at testhead.TestActor.checkSecurity(TestActor.java:49)
> at testhead.TestActor.actionPerformed(TestActor.java:34)
> at com.sun.java.swing.AbstractButton.fireActionPerformed(Compiled Code)
> at
> com.sun.java.swing.AbstractButton$ForwardActionEvents.actionPerformed(Ab
> stractButton.java:896)
> at com.sun.java.swing.DefaultButtonModel.fireActionPerformed(Compiled
> Code)
> at com.sun.java.swing.DefaultButtonModel.setPressed(Compiled Code)
> at
> com.sun.java.swing.plaf.basic.BasicButtonListener.mouseReleased(BasicBut
> tonListener.java:159)
> at java.awt.Component.processMouseEvent(Compiled Code)
> at java.awt.Component.processEvent(Compiled Code)
> at java.awt.Container.processEvent(Compiled Code)
> at java.awt.Component.dispatchEventImpl(Compiled Code)
> at java.awt.Container.dispatchEventImpl(Compiled Code)
> at java.awt.LightweightDispatcher.retargetMouseEvent(Compiled Code)
> at java.awt.LightweightDispatcher.processMouseEvent(Compiled Code)
> at java.awt.LightweightDispatcher.dispatchEvent(Compiled Code)
> at java.awt.Container.dispatchEventImpl(Compiled Code)
> at java.awt.EventDispatchThread.run(Compiled Code)
>
> Where did I go wrong? If you would like to see the code, the directive
> files, the batch file I use, my iddb.obj files, or anything else (well -
> not _anything_ else...) I can send it ALL. (maniacal laughter)
>
> Thank you for any tips or help you can give,
> Topher
>
> PS: When I gander the signed JAR file (using WinZip), I don't see any
> META-INF directory - only my class files - but when I do a file compare on
> the signed and unsigned jars, they are different.
> [-T-]
>
>