00000004.htm

来自「水木清华BBS」· HTM 代码 · 共 264 行 · 第 1/2 页

<HTML>

<HEAD>
  <TITLE>BBS水木清华站∶精华区</TITLE>
</HEAD>

<BODY>

<CENTER><H1>BBS水木清华站∶精华区</H1></CENTER>

发信人:&nbsp;rhythin&nbsp;(多米诺骨牌),&nbsp;信区:&nbsp;Java&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<BR>
标&nbsp;&nbsp;题:&nbsp;Re:&nbsp;请教：有关在JAR文档中进行数字签名的问题&nbsp;<BR>
发信站:&nbsp;BBS&nbsp;水木清华站&nbsp;(Wed&nbsp;Apr&nbsp;&nbsp;7&nbsp;13:17:59&nbsp;1999)&nbsp;<BR>
&nbsp;<BR>
This&nbsp;is&nbsp;a&nbsp;webpage&nbsp;of&nbsp;java,&nbsp;in&nbsp;case&nbsp;you&nbsp;have&nbsp;no&nbsp;access&nbsp;to&nbsp;internet:&nbsp;<BR>
Unfortunately&nbsp;the&nbsp;JDK&nbsp;1.1&nbsp;signing&nbsp;and&nbsp;verification&nbsp;is&nbsp;not&nbsp;supported&nbsp;by&nbsp;the&nbsp;web&nbsp;browsers&nbsp;(Netscape's&nbsp;<BR>
and&nbsp;Microsoft's.)&nbsp;It&nbsp;is&nbsp;supported&nbsp;in&nbsp;HotJava,&nbsp;<A HREF="http://java.sun.com/products/hotjava">http://java.sun.com/products/hotjava</A>&nbsp;and&nbsp;appletviewer.&nbsp;&nbsp;<BR>
&nbsp;<BR>
You&nbsp;can&nbsp;use&nbsp;the&nbsp;Java&nbsp;Plug-in&nbsp;in&nbsp;the&nbsp;browsers&nbsp;to&nbsp;get&nbsp;access&nbsp;to&nbsp;more&nbsp;recent&nbsp;JDK&nbsp;technology,&nbsp;<BR>
<A HREF="http://java.sun.com/products/plugin.">http://java.sun.com/products/plugin.</A>&nbsp;You&nbsp;can&nbsp;run&nbsp;1.1.x&nbsp;signed&nbsp;applets&nbsp;with&nbsp;the&nbsp;Plug-in&nbsp;plugged&nbsp;into&nbsp;the&nbsp;<BR>
browsers.&nbsp;&nbsp;<BR>
&nbsp;<BR>
We&nbsp;are&nbsp;working&nbsp;with&nbsp;the&nbsp;Java&nbsp;licensees&nbsp;to&nbsp;get&nbsp;the&nbsp;standard&nbsp;Java&nbsp;signing&nbsp;working&nbsp;for&nbsp;people&nbsp;in&nbsp;an&nbsp;<BR>
interoperable&nbsp;way.&nbsp;&nbsp;<BR>
&nbsp;<BR>
You&nbsp;can&nbsp;also&nbsp;exercise&nbsp;this&nbsp;example&nbsp;by&nbsp;downloading&nbsp;these&nbsp;files&nbsp;&nbsp;<BR>
&nbsp;<BR>
&nbsp;<BR>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;signedWriteFile.jar&nbsp;<BR>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;signedWriteFile.html&nbsp;<BR>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Duke.x509&nbsp;<BR>
&nbsp;<BR>
&nbsp;<BR>
from&nbsp;the&nbsp;ftp.javasoft.com&nbsp;web&nbsp;site.&nbsp;You&nbsp;will&nbsp;be&nbsp;able&nbsp;to&nbsp;experiment&nbsp;with&nbsp;creating&nbsp;and&nbsp;using&nbsp;the&nbsp;identity&nbsp;<BR>
database,&nbsp;and&nbsp;you&nbsp;will&nbsp;be&nbsp;able&nbsp;to&nbsp;load&nbsp;the&nbsp;signed&nbsp;applet&nbsp;from&nbsp;your&nbsp;local&nbsp;net.&nbsp;&nbsp;<BR>
&nbsp;<BR>
&nbsp;<BR>
&nbsp;<BR>
Running&nbsp;signed&nbsp;applets&nbsp;with&nbsp;the&nbsp;Java&nbsp;Plug-in&nbsp;&nbsp;<BR>
&nbsp;<BR>
&nbsp;1.Get&nbsp;the&nbsp;latest&nbsp;version&nbsp;of&nbsp;the&nbsp;Java&nbsp;Plug-in&nbsp;&nbsp;<BR>
&nbsp;<BR>
&nbsp;&nbsp;&nbsp;&nbsp;To&nbsp;follow&nbsp;this&nbsp;example,&nbsp;you'll&nbsp;need&nbsp;to&nbsp;download&nbsp;and&nbsp;install&nbsp;the&nbsp;Java&nbsp;Plug-in.&nbsp;&nbsp;<BR>
&nbsp;<BR>
&nbsp;&nbsp;&nbsp;&nbsp;Full&nbsp;instructions&nbsp;for&nbsp;installing&nbsp;the&nbsp;Java&nbsp;Plug-in&nbsp;are&nbsp;on&nbsp;its&nbsp;download&nbsp;page.&nbsp;Briefly,&nbsp;on&nbsp;Solaris,&nbsp;&nbsp;<BR>
&nbsp;<BR>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;%&nbsp;chmod&nbsp;+x&nbsp;plugin-11-solaris2-sparc.bin&nbsp;<BR>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;%&nbsp;/bin/sh&nbsp;plugin-11-solaris2-sparc.bin*&nbsp;<BR>
&nbsp;<BR>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;%&nbsp;mkdir&nbsp;-p&nbsp;~/.netscape/java/lib&nbsp;<BR>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;%&nbsp;touch&nbsp;~/.netscape/java/lib/rt.jar&nbsp;<BR>
&nbsp;<BR>
&nbsp;&nbsp;&nbsp;&nbsp;The&nbsp;mkdir&nbsp;and&nbsp;touch&nbsp;commands&nbsp;are&nbsp;needed&nbsp;to&nbsp;workaround&nbsp;a&nbsp;known&nbsp;bug&nbsp;that&nbsp;will&nbsp;be&nbsp;fixed&nbsp;in&nbsp;<BR>
&nbsp;&nbsp;&nbsp;&nbsp;the&nbsp;next&nbsp;release&nbsp;of&nbsp;the&nbsp;Java&nbsp;Plug-in.&nbsp;&nbsp;<BR>
&nbsp;<BR>
&nbsp;&nbsp;&nbsp;&nbsp;On&nbsp;Windows,&nbsp;double-click&nbsp;on&nbsp;the&nbsp;file&nbsp;named&nbsp;plugin-11-win32.exe,&nbsp;and&nbsp;InstallShield&nbsp;will&nbsp;go&nbsp;<BR>
&nbsp;&nbsp;&nbsp;&nbsp;through&nbsp;the&nbsp;installation.&nbsp;&nbsp;<BR>
&nbsp;<BR>
&nbsp;2.Observe&nbsp;the&nbsp;restrictions&nbsp;placed&nbsp;on&nbsp;applets&nbsp;by&nbsp;default&nbsp;&nbsp;<BR>
&nbsp;<BR>
&nbsp;&nbsp;&nbsp;&nbsp;Downloaded&nbsp;applets&nbsp;are&nbsp;prevented&nbsp;from&nbsp;writing&nbsp;files&nbsp;to&nbsp;your&nbsp;hard&nbsp;disk.&nbsp;&nbsp;<BR>
&nbsp;<BR>
&nbsp;&nbsp;&nbsp;&nbsp;Here's&nbsp;the&nbsp;source&nbsp;code&nbsp;for&nbsp;an&nbsp;applet&nbsp;that&nbsp;wants&nbsp;to&nbsp;do&nbsp;just&nbsp;that.&nbsp;It&nbsp;tries&nbsp;to&nbsp;write&nbsp;a&nbsp;file&nbsp;named&nbsp;<BR>
&nbsp;&nbsp;&nbsp;&nbsp;/tmp/foo&nbsp;(or&nbsp;a&nbsp;file&nbsp;named&nbsp;&quot;tmpfoo&quot;&nbsp;if&nbsp;you're&nbsp;on&nbsp;a&nbsp;Windows&nbsp;system.)&nbsp;This&nbsp;is&nbsp;not&nbsp;a&nbsp;malicious&nbsp;<BR>
&nbsp;&nbsp;&nbsp;&nbsp;applet,&nbsp;but&nbsp;it&nbsp;is&nbsp;trying&nbsp;to&nbsp;do&nbsp;something&nbsp;that&nbsp;the&nbsp;Java&nbsp;Applet&nbsp;Security&nbsp;Manager&nbsp;prevents&nbsp;it&nbsp;from&nbsp;<BR>
&nbsp;&nbsp;&nbsp;&nbsp;doing.&nbsp;&nbsp;<BR>
&nbsp;<BR>
&nbsp;&nbsp;&nbsp;&nbsp;After&nbsp;you've&nbsp;installed&nbsp;the&nbsp;Plug-In,&nbsp;start&nbsp;the&nbsp;Plug-in&nbsp;Control&nbsp;Panel:&nbsp;&nbsp;<BR>
&nbsp;<BR>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;On&nbsp;Windows:&nbsp;From&nbsp;the&nbsp;Start&nbsp;menu,&nbsp;choose&nbsp;the&nbsp;Programs&nbsp;option.&nbsp;Then&nbsp;choose&nbsp;the&nbsp;Java&nbsp;<BR>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Plug-in&nbsp;Control&nbsp;Panel&nbsp;menu&nbsp;item.&nbsp;&nbsp;<BR>
&nbsp;<BR>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;On&nbsp;Solaris:&nbsp;You&nbsp;can&nbsp;run&nbsp;the&nbsp;Control&nbsp;Panel&nbsp;using&nbsp;the&nbsp;following&nbsp;command:&nbsp;&nbsp;<BR>
&nbsp;<BR>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;~/.netscape/java/ControlPanel&nbsp;<BR>
&nbsp;<BR>
&nbsp;&nbsp;&nbsp;&nbsp;Once&nbsp;in&nbsp;the&nbsp;control&nbsp;panel,&nbsp;turn&nbsp;on&nbsp;the&nbsp;option&nbsp;to&nbsp;view&nbsp;the&nbsp;Java&nbsp;Console.&nbsp;Then&nbsp;visit&nbsp;this&nbsp;URL&nbsp;&nbsp;<BR>
&nbsp;<BR>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<A HREF="http://java.sun.com/security/signExample/pluginEx.html">http://java.sun.com/security/signExample/pluginEx.html</A>&nbsp;<BR>
&nbsp;<BR>
&nbsp;&nbsp;&nbsp;&nbsp;from&nbsp;your&nbsp;browser.&nbsp;&nbsp;<BR>
&nbsp;<BR>
&nbsp;&nbsp;&nbsp;&nbsp;On&nbsp;the&nbsp;pluginEx.html&nbsp;page,&nbsp;the&nbsp;applet&nbsp;display&nbsp;should&nbsp;read&nbsp;&quot;writeFile:&nbsp;caught&nbsp;security&nbsp;exception.&quot;&nbsp;<BR>
&nbsp;&nbsp;&nbsp;&nbsp;This&nbsp;is&nbsp;a&nbsp;good&nbsp;thing,&nbsp;and&nbsp;the&nbsp;expected&nbsp;behavior.&nbsp;A&nbsp;security&nbsp;exception&nbsp;doesn't&nbsp;mean&nbsp;that&nbsp;a&nbsp;security&nbsp;<BR>
&nbsp;&nbsp;&nbsp;&nbsp;violation&nbsp;occurred&nbsp;-&nbsp;it&nbsp;means&nbsp;exactly&nbsp;the&nbsp;opposite.&nbsp;It&nbsp;means&nbsp;that&nbsp;the&nbsp;system&nbsp;caught&nbsp;the&nbsp;applet&nbsp;<BR>
&nbsp;&nbsp;&nbsp;&nbsp;trying&nbsp;to&nbsp;escape&nbsp;the&nbsp;restrictions&nbsp;of&nbsp;the&nbsp;applet&nbsp;sandbox.&nbsp;To&nbsp;alert&nbsp;you&nbsp;to&nbsp;that&nbsp;fact,&nbsp;the&nbsp;system&nbsp;throws&nbsp;<BR>
&nbsp;&nbsp;&nbsp;&nbsp;an&nbsp;exception.&nbsp;This&nbsp;is&nbsp;programmer&nbsp;terminology&nbsp;for&nbsp;&quot;the&nbsp;system&nbsp;set&nbsp;off&nbsp;a&nbsp;warning&nbsp;bell.&quot;&nbsp;When&nbsp;you&nbsp;<BR>
&nbsp;&nbsp;&nbsp;&nbsp;see&nbsp;a&nbsp;security&nbsp;exception&nbsp;on&nbsp;a&nbsp;Java&nbsp;system,&nbsp;you&nbsp;know&nbsp;that&nbsp;the&nbsp;system&nbsp;prevented&nbsp;the&nbsp;code&nbsp;from&nbsp;<BR>
&nbsp;&nbsp;&nbsp;&nbsp;violating&nbsp;security.&nbsp;&nbsp;<BR>
&nbsp;<BR>
&nbsp;&nbsp;&nbsp;&nbsp;Note&nbsp;that&nbsp;the&nbsp;Java&nbsp;Console&nbsp;should&nbsp;have&nbsp;displayed&nbsp;some&nbsp;output,&nbsp;including&nbsp;the&nbsp;location&nbsp;of&nbsp;the&nbsp;User&nbsp;<BR>
&nbsp;&nbsp;&nbsp;&nbsp;home&nbsp;directory.&nbsp;This&nbsp;is&nbsp;important&nbsp;information&nbsp;that&nbsp;you&nbsp;should&nbsp;remember&nbsp;for&nbsp;the&nbsp;next&nbsp;step.&nbsp;&nbsp;<BR>
&nbsp;<BR>
&nbsp;3.Set&nbsp;up&nbsp;your&nbsp;system&nbsp;to&nbsp;accept&nbsp;code&nbsp;signed&nbsp;by&nbsp;Duke&nbsp;&nbsp;<BR>
&nbsp;<BR>
&nbsp;&nbsp;&nbsp;&nbsp;It&nbsp;turns&nbsp;out&nbsp;that&nbsp;Duke&nbsp;(our&nbsp;mascot)&nbsp;signed&nbsp;this&nbsp;applet&nbsp;and&nbsp;stored&nbsp;it&nbsp;in&nbsp;an&nbsp;archive&nbsp;named&nbsp;<BR>
&nbsp;&nbsp;&nbsp;&nbsp;signedWriteFile.jar.&nbsp;If&nbsp;you&nbsp;get&nbsp;a&nbsp;copy&nbsp;of&nbsp;Duke's&nbsp;certificate,&nbsp;import&nbsp;it&nbsp;into&nbsp;your&nbsp;system's&nbsp;identity&nbsp;<BR>
&nbsp;&nbsp;&nbsp;&nbsp;database&nbsp;and&nbsp;declare&nbsp;Duke&nbsp;to&nbsp;be&nbsp;a&nbsp;trusted&nbsp;entity,&nbsp;then&nbsp;you'll&nbsp;allow&nbsp;any&nbsp;applet&nbsp;signed&nbsp;by&nbsp;Duke&nbsp;to&nbsp;<BR>
&nbsp;&nbsp;&nbsp;&nbsp;have&nbsp;full&nbsp;authority&nbsp;on&nbsp;your&nbsp;system.&nbsp;&nbsp;<BR>
&nbsp;<BR>
&nbsp;&nbsp;&nbsp;&nbsp;Here's&nbsp;the&nbsp;steps&nbsp;you&nbsp;need&nbsp;to&nbsp;take&nbsp;to&nbsp;accomplish&nbsp;that.&nbsp;&nbsp;<BR>
&nbsp;<BR>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;1.Get&nbsp;a&nbsp;copy&nbsp;of&nbsp;Duke's&nbsp;certificate&nbsp;and&nbsp;store&nbsp;it&nbsp;in&nbsp;a&nbsp;file&nbsp;named&nbsp;Duke.x509&nbsp;&nbsp;<BR>
&nbsp;<BR>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;2.Create&nbsp;the&nbsp;identity&nbsp;&quot;Duke&quot;&nbsp;in&nbsp;your&nbsp;JDK&nbsp;1.1&nbsp;identity&nbsp;database.&nbsp;By&nbsp;passing&nbsp;the&nbsp;parameter&nbsp;<BR>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&quot;true&quot;,&nbsp;you're&nbsp;saying&nbsp;that&nbsp;you&nbsp;want&nbsp;Duke&nbsp;to&nbsp;be&nbsp;a&nbsp;trusted&nbsp;identity.&nbsp;&nbsp;<BR>
&nbsp;<BR>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;%&nbsp;javakey&nbsp;-c&nbsp;Duke&nbsp;true&nbsp;<BR>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<BR>
&nbsp;<BR>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;3.Import&nbsp;Duke's&nbsp;certificate&nbsp;into&nbsp;your&nbsp;identity&nbsp;database,&nbsp;assuming&nbsp;you&nbsp;have&nbsp;a&nbsp;copy&nbsp;of&nbsp;Duke's&nbsp;<BR>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;certifiate&nbsp;in&nbsp;the&nbsp;file&nbsp;named&nbsp;Duke.x509.&nbsp;Associate&nbsp;that&nbsp;certificate&nbsp;with&nbsp;the&nbsp;identity&nbsp;&quot;Duke&quot;&nbsp;<BR>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;by&nbsp;using&nbsp;that&nbsp;nickname&nbsp;as&nbsp;the&nbsp;first&nbsp;argument&nbsp;to&nbsp;the&nbsp;javakey&nbsp;command.&nbsp;&nbsp;<BR>
&nbsp;<BR>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;%&nbsp;javakey&nbsp;-ic&nbsp;Duke&nbsp;Duke.x509&nbsp;<BR>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<BR>
&nbsp;<BR>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;4.Make&nbsp;sure&nbsp;your&nbsp;identity&nbsp;database&nbsp;is&nbsp;in&nbsp;the&nbsp;directory&nbsp;where&nbsp;the&nbsp;Plug-in&nbsp;expects&nbsp;it&nbsp;to&nbsp;be.&nbsp;Your&nbsp;<BR>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;identity&nbsp;database&nbsp;should&nbsp;be&nbsp;in&nbsp;the&nbsp;User&nbsp;home&nbsp;directory&nbsp;that&nbsp;was&nbsp;displayed&nbsp;as&nbsp;part&nbsp;of&nbsp;the&nbsp;<BR>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;output&nbsp;in&nbsp;the&nbsp;Java&nbsp;Console.&nbsp;If&nbsp;your&nbsp;identity&nbsp;database&nbsp;does&nbsp;not&nbsp;already&nbsp;reside&nbsp;in&nbsp;this&nbsp;<BR>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;directory,&nbsp;copy&nbsp;it&nbsp;there.&nbsp;&nbsp;<BR>
&nbsp;<BR>
&nbsp;4.Exit&nbsp;and&nbsp;restart&nbsp;your&nbsp;browser&nbsp;&nbsp;<BR>
&nbsp;<BR>
&nbsp;5.Run&nbsp;the&nbsp;applet&nbsp;signed&nbsp;by&nbsp;Duke&nbsp;&nbsp;<BR>
&nbsp;<BR>
&nbsp;&nbsp;&nbsp;&nbsp;Now&nbsp;go&nbsp;ahead&nbsp;and&nbsp;run&nbsp;the&nbsp;applet&nbsp;signed&nbsp;by&nbsp;Duke.&nbsp;You'll&nbsp;notice&nbsp;that&nbsp;it&nbsp;can&nbsp;now&nbsp;create&nbsp;and&nbsp;write&nbsp;a&nbsp;<BR>
&nbsp;&nbsp;&nbsp;&nbsp;file&nbsp;on&nbsp;your&nbsp;local&nbsp;filesystem.&nbsp;Visit&nbsp;this&nbsp;URL&nbsp;from&nbsp;your&nbsp;browser,&nbsp;after&nbsp;you've&nbsp;installed&nbsp;the&nbsp;Plug-In,&nbsp;<BR>
&nbsp;&nbsp;&nbsp;&nbsp;and&nbsp;after&nbsp;you've&nbsp;imported&nbsp;Duke's&nbsp;certificate:&nbsp;&nbsp;<BR>
&nbsp;<BR>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<A HREF="http://java.sun.com/security/signExample/signedPluginEx.html">http://java.sun.com/security/signExample/signedPluginEx.html</A>&nbsp;<BR>
&nbsp;<BR>