signed.html

jdbc书

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML>
<HEAD>
  <TITLE>Writing Advanced Applications, Chapter 10: More Security Topics</TITLE>
  <META NAME="AUTHOR" CONTENT="Monica Pawlan and Calvin Austin">
  <META NAME="KEYWORDS" CONTENT="programming, advanced, Java 2">
  <META NAME="OWNER" CONTENT="Editorial/JDC">
  <META NAME="revision" CONTENT="@(#)signed.src	1.18 08/24/99  JDC">
</HEAD>

<!-- Start Body Insert-->
<BODY BGCOLOR="#ffffff">
<!-- End Body Insert-->

<!-- Start PageTop Insert -->

<TABLE BORDER="0" CELLSPACING="0" CELLPADDING="0" WIDTH="100%">
  <TR ALIGN="CENTER" VALIGN="TOP">
    <TD WIDTH="157" ALIGN="LEFT">
    <IMG SRC="/images/pixel.gif" HEIGHT="40" WIDTH="40" ALT="">
    <A HREF="http://java.sun.com/index.html"><IMG SRC="/images/javalogo52x88.gif" WIDTH="52" HEIGHT="88" ALT="Java Technology Home Page" BORDER="0"></A>
    <BR>
    <IMG SRC="/images/pixel.gif" WIDTH="157" HEIGHT="1" ALT=""></TD>

    <TD>

    <FORM NAME="seek1" METHOD="GET" ACTION="http://search.java.sun.com/query.html">
    <TABLE BORDER="0" CELLPADDING="0" CELLSPACING="0" WIDTH="100%">
      <TR>
        <TD ALIGN="RIGHT">
        <IMG SRC="/images/stripelt.gif" WIDTH="6" HEIGHT="14" ALT=""></TD>
        
        <TD WIDTH="100%">
        
        <TABLE BORDER="0" CELLPADDING="0" CELLSPACING="0" WIDTH="100%">
          <TR>
            <TD BGCOLOR="#CC9966" WIDTH="100%">
            <IMG SRC="/images/pixel.gif" HEIGHT="2" WIDTH="1" ALT=""></TD>
          </TR>
          
          <TR>
            <TD>
            <IMG SRC="/images/pixel.gif" HEIGHT="2" WIDTH="1" ALT=""></TD>
          </TR>
          
          <TR>
            <TD BGCOLOR="#CC9966">
            <IMG SRC="/images/pixel.gif" HEIGHT="2" WIDTH="1" ALT=""></TD>
          </TR>
          
          <TR>
            <TD>
            <IMG SRC="/images/pixel.gif" HEIGHT="2" WIDTH="1" ALT=""></TD>
          </TR>
          
          <TR>
            <TD BGCOLOR="#CC9966">
            <IMG SRC="/images/pixel.gif" HEIGHT="2" WIDTH="1" ALT=""></TD>
          </TR>
          
          <TR>
            <TD>
            <IMG SRC="/images/pixel.gif" HEIGHT="2" WIDTH="1" ALT=""></TD>
          </TR>
          
          <TR>
            <TD BGCOLOR="#CC9966">
            <IMG SRC="/images/pixel.gif" HEIGHT="2" WIDTH="1" ALT=""></TD>
          </TR>
        </TABLE>
        </TD>
        
        <TD ALIGN="LEFT">
        <IMG SRC="/images/stripert.gif" WIDTH="6" HEIGHT="14" ALT=""></TD>

        <TD>
        
        <TABLE BORDER="0" CELLPADDING="0" CELLSPACING="0">
          <TR>
            <TD VALIGN="CENTER">
            <A HREF="http://java.sun.com/a-z/index.html"><IMG SRC="/images/azindex.gif" BORDER="0" WIDTH="72" HEIGHT="11" ALT="A-Z Index"></A></TD>
              
            <TD VALIGN="CENTER">
            <FONT FACE="Helvetica" SIZE="1">
            <INPUT TYPE="text" SIZE="15" MAXLENGTH="128" NAME=qt></FONT></TD>
            
            <TD VALIGN="CENTER">
            <INPUT TYPE="image" SRC="/images/search.button.gif" 
              value="search" BORDER="0" WIDTH="55" HEIGHT="14" ALT="Search"></TD>
          </TR>
        </TABLE>
        </TD>
      </TR>
    </TABLE>
    </FORM>
    <P>

    <TABLE BORDER="0" WIDTH="100%" CELLPADDING="0" CELLSPACING="0">
      <TR VALIGN="TOP">
        <TD WIDTH="100%"><IMG SRC="/images/chiclet.row.gif" WIDTH="55" 
          HEIGHT="18" ALT=""></TD>
          
        <TD ROWSPAN="4" ALIGN="RIGHT" WIDTH="152">
        <A HREF="/developer/index.html"><IMG SRC="/images/developer.connection.header.gif" BORDER="0" HEIGHT="42" WIDTH="319" ALT="Java Developer Connection(SM)"></A></TD>
      </TR>
      
      <TR VALIGN="TOP">
        <TD BGCOLOR="#FFFFFF" HEIGHT="1" WIDTH="100%">
        <IMG SRC="/images/pixel.gif" HEIGHT="1" WIDTH="1" ALT=""></TD>
      </TR>
      
      <TR VALIGN="TOP">
        <TD BGCOLOR="#CC9966" HEIGHT="1" WIDTH="100%">
        <IMG SRC="/images/pixel.gif" HEIGHT="1" WIDTH="1" ALT=""></TD>
      </TR>
      
      <TR VALIGN="TOP">
        <TD><A HREF="/developer/onlineTraining/"><IMG SRC="/images/online-training.gif" ALT="Online Training" BORDER=0></A></TD>
      </TR>
    </TABLE>

    </TD>
  </TR>
</TABLE>

<!-- End PageTop Insert -->

<!-- Start NavBar Insert -->
<TABLE BORDER="0" CELLSPACING="0" CELLPADDING="3" BGCOLOR="#FFFFFF" WIDTH="157" ALIGN="LEFT">

<!-- tab categories -->

<TR>
<TD><A HREF="http://java.sun.com/products/"><IMG SRC="/images/side.tab.products.gif" HEIGHT="15" WIDTH="130" BORDER="0" ALT="Downloads, APIs, Documentation"></A></TD>
</TR>

<TR>
<TD><A HREF="/developer/index.html"><IMG SRC="/images/side.tab.developer.gif" HEIGHT="15" WIDTH="130" BORDER="0" ALT="Java Developer Connection"></A></TD>
</TR>

<TR>
<TD><A HREF="/developer/infodocs/index.shtml"><IMG SRC="/images/side.tab.docs.gif" HEIGHT="15" WIDTH="130" BORDER="0" ALT="Tutorials, Tech Articles, Training"></A></TD>
</TR>

<TR>
<TD><A HREF="/developer/support/index.html"><IMG SRC="/images/side.tab.support.gif" HEIGHT="15" WIDTH="130" BORDER="0" ALT="Online Support"></A></TD>
</TR>

<TR>
<TD><A HREF="/developer/community/index.html"><IMG SRC="/images/side.tab.community.gif" HEIGHT="15" WIDTH="130" BORDER="0" ALT="Community Discussion"></A></TD>
</TR>

<TR>
<TD><A HREF="http://java.sun.com/industry/"><IMG SRC="/images/side.tab.news.gif" HEIGHT="15" WIDTH="130" BORDER="0" ALT="News &amp; Events from Everywhere"></A></TD>
</TR>

<TR>
<TD><A HREF="http://java.sun.com/solutions"><IMG SRC="/images/side.tab.solutions.gif" HEIGHT="15" WIDTH="130" BORDER="0" ALT="Products from Everywhere"></A></TD>
</TR>

<TR>
<TD><A HREF="http://java.sun.com/casestudies"><IMG SRC="/images/side.tab.case.gif" HEIGHT="15" WIDTH="130" BORDER="0" ALT="How Java Technology is Used Worldwide"></A></TD>
</TR>

<TR><TD>&nbsp;</TD></TR>


<!-- End NavBar Insert -->


<!-- START SUB-NAV -->

<TR>
  <TD><!-- INSERT SUB-NAV INFO -->
  </TD>
</TR>


<!-- END SUB-NAV -->

</TABLE>

<TABLE BORDER="0" CELLPADDING="0" CELLSPACING="0">
<TR>
<TD>

<!-- Template Version 2.0 -->

<!-- ================== -->
<!-- Start Main Content -->
<!-- ================== -->


<TABLE>
<TR>
<TD VALIGN="TOP">
<FONT FACE="Verdana, Arial, Helvetica, sans-serif">

  <A NAME="top"></A>
  <DIV ALIGN="RIGHT">
  <FONT SIZE="-1"><A HREF="/developer/onlineTraining/index.html">Training Index</A></FONT>
  <H2>Writing Advanced Applications<BR>
  <FONT SIZE="3">Chapter 10: Signed Applets</FONT></H2>
  
  <FONT SIZE="-1">[<A HREF="security.html">&lt;&lt;BACK</A>] [<A HREF="index.html#contents">CONTENTS</A>] [<A HREF="signed2.html">NEXT&gt;&gt;</A>]</FONT></DIV>

<P>
A policy file can be defined to require a signature on all
applets or applications that attempt to run with the policy file.
The signature is a way to verify that the applet or applicationis from
a reliable source and can be trusted to run with the permissions
granted in the policy file. 

<P>
If a policy file requires a signature, an applet or application
can get the access granted by the policy file only if it has the correct 
signature. If the applet or application has the wrong signature or no 
signature, it will not get access to the file. 

<P>
This section walks through an example of signing an applet, verifying
the signature, and running the applet with a policy file.

<UL>
<LI><FONT FACE="Verdana, Arial, Helvetica, sans-serif">
<A HREF="#example">Signed Applet Example</A></FONT>
<LI><FONT FACE="Verdana, Arial, Helvetica, sans-serif">
<A HREF="#intranet">Intranet Developer</A></FONT>
<LI><FONT FACE="Verdana, Arial, Helvetica, sans-serif">
<A HREF="#enduser">End User</A></FONT>
<LI><FONT FACE="Verdana, Arial, Helvetica, sans-serif">
<A HREF="#appli">Running an Application with a Policy File</A></FONT>
<LI><FONT FACE="Verdana, Arial, Helvetica, sans-serif">
<A HREF="#1.1">Signed Applets in JDK 1.1</A></FONT>
</UL>

<HR>

<A NAME="example"></A>
<H3>Signed Applet Example</H3>

The policy file granting access can be set up to require or not 
require a signature. If a signature is required, the applet has to be
bundled into a Java ARchive (JAR) file before it can be signed.
This example shows you how to sign and grant permission to an applet
so it can create <code>demo.ini</code> in the user's home directory when
it executes in Applet Viewer.

<p>
<IMG SRC="./Art/demo.gif" ALIGN="CENTER">
<p>
These files are used for the example. You can copy them to
or create them in your working directory.
<UL>
<LI><FONT FACE="Verdana, Arial, Helvetica, sans-serif">
<A HREF="./Code/SignedAppletDemo.java">SignedAppletDemo.java</A> file containing the
applet code</FONT>
<LI><FONT FACE="Verdana, Arial, Helvetica, sans-serif">
<A HREF="./Code/Write.jp">Write.jp</A> policy file granting access to the user's home
directory</FONT>
<LI><FONT FACE="Verdana, Arial, Helvetica, sans-serif">Applet tag embedded in the SignedApplet.html file:</FONT>

<PRE>
&#60;applet code="SignedAppletDemo.class"
	archive="SSignedApplet.jar"
	width=400 height=400&gt;
	&lt;param name=file value="/etc/inet/hosts"&gt;
&#60;/applet&gt; 
</PRE>
</UL>

Usually an applet is bundled and signed by an intranet developer and handed
off to the end user who verifies the signature and runs
the applet. In this example, the intranet developer performs Steps 1 through 5 
and Ray, the end user, performs Steps 6 through 8. But, to keep things simple, 
all steps occur in the same working directory.

<OL>
        <LI><FONT FACE="Verdana, Arial, Helvetica, sans-serif">Compile the applet</FONT>
        <LI><FONT FACE="Verdana, Arial, Helvetica, sans-serif">Create a JAR file</FONT>
        <LI><FONT FACE="Verdana, Arial, Helvetica, sans-serif">Generate Keys</FONT>
        <LI><FONT FACE="Verdana, Arial, Helvetica, sans-serif">Sign the JAR file</FONT>
        <LI><FONT FACE="Verdana, Arial, Helvetica, sans-serif">Export the Public Key Certificate</FONT>
        <LI><FONT FACE="Verdana, Arial, Helvetica, sans-serif">Import the Certificate as a Trusted Certificate</FONT>
        <LI><FONT FACE="Verdana, Arial, Helvetica, sans-serif">Create the policy file</FONT>
        <LI><FONT FACE="Verdana, Arial, Helvetica, sans-serif">Run the applet</FONT>
</OL>

<A NAME="intranet"></A>
<H3>Intranet Developer</H3>

Susan, the intranet developer, bundles the applet executable in a JAR 
file, signs the JAR file, and exports the public key certificate.

<H4>1: Compile the Applet</H4>

In her working directory, Susan uses the <code>javac</code> command to compile 
the <code>SignedAppletDemo.java</code> 
class. The output from the <code>javac</code> command is the 
<code>SignedAppletDemo.class</code>.
<p>
<code>javac SignedAppletDemo.java</code>
<p>

<H4>2: Make a JAR File</H4>

Susan then stores the compiled <code>SignedAppletDemo.class</code> file 
into a JAR file. The <code>-cvf</code> option to the <code>jar</code> 
command creates a new archive (c), using verbose mode (v), and specifies
the archive file name (f).  The archive file name is 
<code>SignedApplet.jar</code>.
<p>
<code>jar cvf SignedApplet.jar SignedAppletDemo.class</code>


<H4>3: Generate Keys</H4>

A JAR file is signed with the private key of the creator of the JAR
file and the signature is verified by the recipient of the JAR file
with the public key in the pair. The certificate is a statement from
the owner of the private key that the public key in the pair has a
particular value so the person using the public key can be assured
the public key is authentic. Public and private keys must already
exist in the keystore database before jarsigner can be used to
sign or verify the signature on a JAR file.

<p>
Susan creates a <code>keystore</code> database named
<code>compstore</code> that has an entry for a newly generated
public and private key pair with
the public key in a certificate using the <CODE>keytool</CODE>
command.