signed.html

jdbc书

<P>
In her working directory, Susan creates a keystore database and generates
the keys:

</FONT>

<PRE>
keytool -genkey -alias signFiles -keystore compstore 
	-keypass kpi135 -dname "cn=jones" 
	-storepass ab987c
</PRE>

<FONT FACE="Verdana, Arial, Helvetica, sans-serif">  

This <code>keytool -genkey </code> command invocation generates a key pair 
that is identified by the alias signFiles. Subsequent keytool command 
invocations use this alias and the key password (<code>-keypass kpi135</code>) 
to access the private key in the generated pair.
<p>
The generated key pair is stored in a keystore database called compstore
(<code>-keystore compstore</code>) in the current directory, and
accessed with the compstore password (<code>-storepass ab987c</code>). 
<p>
The <code>-dname "cn=jones"</code> option specifies an X.500 Distinguished 
Name with a commonName (cn) value.  X.500 Distinguished Names identify 
entities for X.509 certificates. In this example, Susan uses her last
name, Jones, for the common name.  She could use any common name that
suits her purposes. 
<p>
You can view all keytool options and parameters by typing:
<p>
<code>keytool -help</code>

<H4>4: Sign the JAR File</H4>

JAR Signer is a command line tool for signing and verifying the
signature on JAR files. In her working directory, Susan uses 
jarsigner to make a signed copy of the <code>SignedApplet.jar</code> file. 

</FONT>

<PRE>
jarsigner -keystore compstore -storepass ab987c 
        -keypass kpi135 
	-signedjar 
	SSignedApplet.jar SignedApplet.jar signFiles
</PRE>

<FONT FACE="Verdana, Arial, Helvetica, sans-serif">

The <code>-storepass ab987c</code> and <code>-keystore compstore</code>
options specify the keystore database and password where the
private key for signing the JAR file is stored. The <code>-keypass
kpi135</code> option is the password to the private key,
<code>SSignedApplet.jar</code> is the name of the signed JAR file, and 
<code>signFiles</code> is the alias to the private key. 
<CODE>jarsigner</CODE> extracts the certificate from the keystore whose entry
is <code>signFiles</code> and attaches it to the generated signature of the signed
JAR file.

<H4>5: Export the Public Key Certificate</H4>

The public key certificate is sent with the JAR file to the end user
who will be using the applet.  That person uses the certificate to
authenticate the signature on the JAR file. A certificate is sent
by exporting it from the <CODE>compstore</CODE> database.

<P>
In her working directory, Susan uses keytool to copy the certificate from
<code>compstore</code> to a file named <code>CompanyCer.cer</code> as follows:

</FONT>

<PRE>
keytool -export -keystore compstore -storepass ab987c  
	-alias signFiles -file CompanyCer.cer
</PRE>

<FONT FACE="Verdana, Arial, Helvetica, sans-serif"> 

As the last step, Susan posts the JAR and certificate files to a 
distribution directory on a web page.

<A NAME="enduser"></A>
<H3>End User</H3>

Ray, the end user, downloads the JAR file from the distribution directory,
imports the certificate, creates
a policy file granting the applet access, and runs the applet. 

<H4>6: Import Certificate as a Trusted Certificate</H4>

Ray downloads <code>SSignedApplet.jar</code> and <code>CompanyCer.cer</code> 
to his home directory. Ray must now create a keystore database 
(<code>raystore</code>) and import the certificate into it using 
the alias <CODE>company</CODE>. Ray uses <code>keytool</code> in his 
home directory to do this:

</FONT>

<PRE>
keytool -import -alias company -file 
        CompanyCer.cer -keystore 
	raystore -storepass abcdefgh
</PRE>

<FONT FACE="Verdana, Arial, Helvetica, sans-serif">

<H4>7: Create the Policy File</H4>

The policy file grants the <code>SSignedApplet.jar</code>
file signed by the alias
<code>company</code> permission to create <code>demo.ini</code> (and no other 
file) in the user's home directory. 
<P>
Ray creates the policy file in  his home directory using either 
<CODE>policytool</CODE> or an ASCII editor. 

</FONT>

<PRE>
<FONT SIZE="-1">
keystore "/home/ray/raystore";

// A sample policy file that lets a program 
// create demo.ini in user's home directory
// Satya N Dodda

grant SignedBy "company" {
  permission java.util.PropertyPermission 
    "user.home", "read";
  permission java.io.FilePermission 
    "${user.home}/demo.ini", "write";
};

</FONT>
</PRE>

<FONT FACE="Verdana, Arial, Helvetica, sans-serif">

<H4>8: Run the Applet in Applet Viewer</H4>

Applet Viewer connects to the HTML documents and resources specified in
the call to <code>appletviewer</code>, and displays the applet in its own
window. To run the example, Ray copies the signed JAR file and HTML file
to <code>/home/aURL/public_html</code> and invokes Applet viewer from 
his home directory as follows:
<p>
</FONT>

<PRE>
appletviewer -J-Djava.security.policy=Write.jp 
	http://aURL.com/SignedApplet.html
</PRE>

<FONT FACE="Verdana, Arial, Helvetica, sans-serif">

<BLOCKQUOTE>
<STRONG>Note:</STRONG>
Type everything on one line and put a space after <code>Write.jp</code>
</BLOCKQUOTE>

The <code>-J-Djava.security.policy=Write.jp</code> option tells Applet Viewer to run
the applet referenced in the <code>SignedApplet.html</code> file
with the <code>Write.jp</code> policy file. 
<P>
<BLOCKQUOTE>
<STRONG>Note:</STRONG>
The Policy file can be stored on a server 
and specified in the <code>appletviewer</code> invocation
as a URL.
</BLOCKQUOTE>


<A NAME="appli"></A>
<H3>Running an Application with a Policy File</H3>

<P>
This application invocation restricts <CODE>MyProgram</CODE> to a
sandbox-like environment the same way applets are restricted, but allows
access as specified in the <CODE>polfile</CODE> policy file.

</FONT>

<PRE>
java -Djava.security.manager
        -Djava.security.policy=polfile MyProgram
</PRE>

<FONT FACE="Verdana, Arial, Helvetica, sans-serif">



<A NAME="1.1"></A>
<H2>Signed Applets in JDK 1.1</H2>
<p>
JDK 1.1 signed applets can access local system resources if the
local system is properly set up to allow it. See the JDK 1.1
<A HREF="http://java.sun.com/security/signExample/index.html">Signed Applet
Example</A> page for details.


<P ALIGN="RIGHT">
<FONT SIZE="-1">[<A HREF="#top">TOP</A>]</FONT>

</FONT>
</TD>
</TR>
</TABLE>




<!-- ================ -->
<!-- End Main Content -->
<!-- ================ -->

</TD>
</TR>
</TABLE>

<!-- Copyright Insert -->

<BR CLEAR="ALL">

<FORM ACTION="/cgi-bin/search.cgi" METHOD="POST">
<TABLE WIDTH="100%" CELLPADDING="0" BORDER="0" CELLSPACING="5">   
  <TR>
    <TD VALIGN="TOP">
	
    <P ALIGN=CENTER>
    <FONT SIZE="-1" COLOR="#999999" FACE="Verdana, Arial, Helvetica, sans-serif">
    [ This page was updated: <!-- new date --> 13-Oct-99 ]</font></P>
    </TD>
  </TR>
  
  <TR>
    <TD BGCOLOR="#CCCCCC">
    <IMG SRC="/images/pixel.gif" HEIGHT="1" WIDTH="1" ALT=""></TD>
  </TR>
  
  <TR>
    <TD>
    <CENTER>
    <FONT SIZE="-2" FACE="Verdana, Arial, Helvetica, sans-serif">
    <A HREF="http://java.sun.com/products/">Products &amp; APIs</A> | 
    <A HREF="/developer/index.html">Developer Connection</A> | 
    <A HREF="/developer/infodocs/index.shtml">Docs &amp; Training</A> | 
    <A HREF="/developer/support/index.html">Online Support</A><BR>
    <A HREF="/developer/community/index.html">Community Discussion</A> |
    <A HREF="http://java.sun.com/industry/">Industry News</A> | 
    <A HREF="http://java.sun.com/solutions">Solutions Marketplace</A> | 
    <A HREF="http://java.sun.com/casestudies">Case Studies</A>
    </FONT>
    </CENTER>
    </TD>
  </TR>
  
  <TR>
    <TD BGCOLOR="#CCCCCC">
    <IMG SRC="/images/pixel.gif" HEIGHT="1" WIDTH="1" ALT=""></TD>
  </TR>

  <TR>
    <TD ALIGN="CENTER">
    <FONT SIZE="-2" FACE="Verdana, Arial, Helvetica, sans-serif">
    <A HREF="http://java.sun.com/docs/glossary.html">Glossary</A> - 
    <A HREF="http://java.sun.com/applets/">Applets</A> - 
    <A HREF="http://java.sun.com/docs/books/tutorial/">Tutorial</A> - 
    <A HREF="http://java.sun.com/jobs/">Employment</A> - 
    <A HREF="http://java.sun.com/nav/business/">Business &amp; Licensing</A> - 
    <A HREF="http://java.sun.com/javastore/">Java Store</A> -
    <A HREF="http://java.sun.com/casestudies/">Java in the Real World</A>
    </FONT>
    </TD>
  </TR>

  <TR>
    <TD>
    <CENTER>
    <FONT SIZE="-2" FACE="Verdana, Arial, Helvetica, sans-serif">
    <a href="/siteinfo/faq.html">FAQ</a> |
    <a href="/feedback/index.html">Feedback</a> | 
    <a href="http://www.dynamicdiagrams.net/mapa/cgi-bin/help.tcl?db=javasoft&dest=http://java.sun.com/">Map</a> | 
    <A HREF="http://java.sun.com/a-z/index.html">A-Z Index</A>
    </FONT>
    </CENTER>

    </TD>
  </TR>
  
  <TR>
    <TD>

    <TABLE WIDTH="100%" CELLPADDING="0" BORDER="0" CELLSPACING="0">
      <TR>
        <TD WIDTH="50%">
        <FONT SIZE="-2" FACE="Verdana, Arial, Helvetica, sans-serif">
        For more information on Java technology<BR>
        and other software from Sun Microsystems, call:<BR>
        </FONT>
        <FONT SIZE="-1" FACE="Verdana, Arial, Helvetica, sans-serif">
        (800) 786-7638<BR></FONT>
        <FONT SIZE="-2" FACE="Verdana, Arial, Helvetica, sans-serif">
        Outside the U.S. and Canada, dial your country's 
        <A HREF="http://www.att.com/business_traveler/attdirecttollfree/">AT&amp;T&nbsp;Direct&nbsp;Access&nbsp;Number</A> first.<BR>
        </FONT>
        </TD>

        <TD ALIGN="RIGHT" WIDTH="50%">
        <A HREF="http://www.sun.com"><IMG SRC="/images/lgsun.gif" width="64" height="30" border="0" ALT="Sun Microsystems, Inc."></A><BR>
        <FONT SIZE="-2" FACE="Verdana, Arial, Helvetica, sans-serif">
        Copyright &copy; 1995-99
        <A HREF="http://www.sun.com">Sun Microsystems, Inc.</A><BR>
        All Rights Reserved. 
        <a href="http://www.sun.com/share/text/SMICopyright.html">Legal Terms</a>. 
        <A HREF="http://www.sun.com/privacy/">Privacy&nbsp;Policy</A>.
        </FONT>
        </TD>
      </TR>
    </TABLE>
	
    </TD>
  </TR> 
</TABLE>
</FORM>

<!-- End Copyright Insert -->


</BODY>
</HTML>