If you sell a Bean that requires it to be trusted when downloaded over the Internet,
you need to digitally sign it. Then, for each and every user, they need to identify
you as trusted and install your public X.509 key, into their Java key database. (Code signing
is only one way of limiting access in Java. See the
Java Security API Overview for more.)
This exercise takes you through the steps to sign an applet that uses the results from the
Reflective Programming with Freud exercise.
Execute the following statement to make sure that "John Hancock" is not a known
identity to your system.
javakey -r "John Hancock"
Once removed, we can run the program unsigned to see what happens. Unpack the
AllHancock.jar file and run appletviewer with the
Declaration.html file.
Now, press the 'Introspect' button while there is nothing in the 'Enter class name' text field.
The applet is able to reflect on itself with no security problems.
Then try to inspect a system class like java.lang.String. When you press the 'Introspect' button
with java.lang.String in the text field, you will see a lengthy security exception message on
the display. This basically is saying that the applet is untrusted by you, so cannot access restricted things.
In order to be trusted, it must be signed by someone. Then, the user of the applet must tell their system
that they trust that someone AND install their public key into their system.
In order for our applet to be trusted, we need to generate a certificate, create a jar file,
sign it, and tell our .html file to use it. To generate the certificate,
involves four steps:
- Identify signer and state that you 'trust' them
- javakey -cs "John Hancock" true
- javakey is key security program
- -c means to create an identity
- -s means we are creating a code 'signer'
- "John Hancock" is signer
- true signifies we trust "John Hancock"
- Generate a public-private key pair for signer
- javakey -gk "John Hancock" DSA 512 Hancock_pub Hancock_priv
- -gk means to generate key pair
- "John Hancock" is identity
- DSA is algorithm
- 512 is key size
- Hancock_pub / Hancock_priv are key pair files.
- Setup a signer profile file
- This file is a bunch of key-value pairs identifying who the signer is, how
long the key is good for, and what the output file is.
For purposes of this exercise, just use the Hancock.cert
file provided.
- Generate a certificate
- javakey -gc Hancock.cert
- -gc means to generate a certificate
- Hancock.cert is the certificate profile file
-
The command creates the file Hancock.x509 because the
out.file directive provided that name.
Now we can sign our code. First, we need to package our code up to be signed. The Freud.class
file is the only one that has to be signed. If we include our general applet code in the signed package
and the user does not trust the signer, they will get an empty screen on startup and will think they did
something wrong. By not packaging the front-end, this won't happen. The command to place the Freud
class in a jar file is:
jar cf Freud.jar Freud.class
Now we need to sign the .jar file. This requires a signing directive file similar to the
signer profile file earlier. For purposes of this exercise, just use the
Hancock.sign file provided. Once the directives file is
setup, execute:
javakey -gs Hancock.sign Freud.jar
to create the file Freud.jar.sig. Rename Freud.jar.sig to be
signedFreud.jar.
ren Freud.jar.sig signedFreud.jar
Finally, create an html file that uses the signed file and test it. In the <APPLET> tag,
include an archive=signedFreud.jar parameter. Then test it.
Okay, now that you have this. What is necessary for a user to use it as trusted?
Basically, only three steps. First, you need to provide the user with the Hancock.x509 file
you created earlier. Then, they need to identify the signer as trusted on their system.
Finally, they need to import the certificate file into their system.
- In order for us to make believe we don't know who the signer is, we need to remove their identity
from our database first.
- javakey -r "John Hancock"
- Deliver Hancock.x509 to user somehow.
- Register "John Hancock" as trusted
- javakey -c "John Hancock" true
-
There isn't a '-s' flag because John Hancock doesn't need to
create certificates on the user's system.
- Import the Hancock.x509 certificate file
- javakey -ic "John Hancock" Hancock.x509
-
There is no magic in the filename or extension.
- Run the signed applet.
- appletviewer signedDeclaration.html
- If you try introspecting classes like java.lang.String, you will see no
security exceptions thrown.
The task numbers above are linked to the
step-by-step