Message-Id: <m10VysI-0003CaC@odb.rhein-main.de>
From: "Michael Haertfelder" <michael@haertfelder.com>
To: "java-security@java.sun.com" <java-security@java.sun.com>
Date: Fri, 09 Apr 1999 13:23:05 +0200
Subject: Comments on your Signed Applet Example
Hi,
I visited, downloaded and tried out your Signed Applet Example number 12 from
page
http:///204.160.241.19/security/signExample12/
under Windows NT 4 with Netscape 4.5 and JRE1.2
After all it doesn't work.
Yes, I imported successfully Duke's certificate (I verified that)
Yes, I installed JRE1.2 successfully (I've used the plugin successfully some
other examples)
Yes, I copied .java.policy to my home directory.
It remains the following questions:
1.) Is this example only for retrieving the example from your site or could I
place the pages and jar archives on my computer as well ?
2.) If I enter the follwing URL in Netscape
file:///E|/tmp/signedApplet/signedPluginEx.html
is this kind of protocol allowed for signed applets ?
3.) Suppose I installed an Web Server (IIS) on my local computer and put all
necessary files of this example on it. (How) Do I have to change the policy
file ?
Assuming the jar file is located in E:\tmp\signedWriteFile.jar
Is this the correct policy file below ?
/* AUTOMATICALLY GENERATED ON Thu Jan 28 15:45:28 PST 1999*/
/* DO NOT EDIT */
keystore ".keystore";
grant signedBy "Duke", codeBase "file:///E|/tmp/signedWriteFile.jar" {
permission java.io.FilePermission "C:${/}tmpfoo", "write";
};
Is a signed jar file server dependant ? Read: If the server changes do I have
to change the jar files certifacte too (I can't belive it) ?
3.) When I generate a new certificat and sign the jar archive all works fine
beside the fact that nothing was written into the file. Why ?
4.) How is the chronology of using the files ? Suggestion:
(1) retrieving html pages
(2) retrieving the jar file mentioned in the applet part of that page
(3) the applet tries to write to a file -> exception
(4) the RunTimeEnvironment looks in the local policy file if the jar file
is listed ->YES
(5) the RunTimeEnvironment looks in the local keystore file for the
certificate of the jar archive
(6) the RunTimeEnvironment verifies that the found certificate in the
keystore is the same as the certificate of the jar archive
(7) If same grant write access to the java applet
If the scheduling above is correct this would be very uncomfortable because I
need TWO !!! files (Certificate+policy) to run the applet.
Any help is appreciated
Michael