A complete introduction to the digital signature technology of applets

Here say sorry everybody. After all 2几 years ago, I wanted to write this article, but because he didn't bother to write. At the same time also give yourself something good. Some days ago, my boss let me do this again to find that I have not left the information, but also by their own impressions from the new. But found that the online writing is really a little superficial, really said just go. After all, we are the program ape, not the students, how to think more things oh, so the sum of their own things to write down, left just beginning to learn some of the inspiration good. By learning about the content you will have the ability to access the local client through server altogether. No matter what permissions are not affected, (very many articles are required to change the client local policy files.) In fact, it is not necessary, just to the client point our digital signature, we can do anything. ~oo~

Simply say what the applet digital signature is all about: The applet uses the tools in the JDK $JAVA _home/bin a bunch of EXE files below the server to access the security signature of the local client.

Suppose you want to allow customers to really trust your applet signature and spend hundreds of dollars to buy a trusted signing certificate from a CA-owned versign company.

This article mainly takes Tomcat as the middleware, tells the detailed signature step. $JAVA _home is the installation folder for the JDK, the installation folder $TOMCAT _home as TOMCAT

Implementing the signing process for applets such as the following:

1. Set the environment variable $JAVA _home (easy to use under the Windows system, regardless of the folder can be directly used $JAVA _home/bin EXE command. The EXE contains Keytool.exe,jarsigner.exe and HtmlConverter.exe).

2. Make a copy of the root folder of the _home folder under the $TOMCAT WebApps, and delete the junk that is not practical and change it to your Web app name. For example: Webapplet to copy the jar that needs to be signed into the $TOMCAT _home/webapps/webapplet, it is important to note that the signature jar package will sign the jar packages involved in the entire project reference. If you don't sign one, you'll never get it done.

3. Create a test-based HTML page applet.html

CODEBASE = "."
CODE = "Com.aspire.reportPlatform.webagent.WebAgentApplet.class"
ARCHIVE = "Applet.jar"
NAME = "Testapplet"
WIDTH = 400
HEIGHT = 300
hspace = 0
vspace = 0
ALIGN = Middle
>

4. Open the cmd command prompt and execute htmlconverter under $tomcat_home/webapps/webapplet

For example: F:/applettomcat/webapps/webapplet>htmlconverter

Pop up a form. Enter the HTML file that needs to be converted in the form such as the applet.html I just wrote, the conversion of things to write JSP also applies.

After the conversion, see the following example:

<!--"Converted_applet"-
<!--HTML CONVERTER--
<object
ClassID = "Clsid:8ad9c840-044e-11d1-b3e9-00805f499d93"
codebase = "http://java.sun.com/update/1.5.0/jinstall-1_5-windows-i586.cab#Version=5,0,0,1"
WIDTH = HEIGHT = + NAME = "Testapplet" ALIGN = middle Vspace = 0 hspace = 0 >
<param NAME = CODE VALUE = "Com.aspire.reportPlatform.webagent.WebAgentApplet.class" >
<param NAME = CODEBASE VALUE = "." >
<param NAME = ARCHIVE VALUE = "Applet.jar,commons-codec-1.3.jar,commons-httpclient-3.1.jar,commons-logging.jar, Dom4j.jar,flowmetadata.jar,ibatis-2.3.2.715.jar,jgraph.jar,log4j-1.2.9.jar,metadatamanage.jar,ojdbc14.jar, Rdpcommon.jar,swing-layout-1.0.jar,ws-commons-util-1.0.1.jar,xmlrpc-client-3.1.jar,xmlrpc-common-3.1.jar ">
<param name = Name VALUE = "Testapplet" >
<param name = "type" value = "application/x-java-applet;version=1.5" >
<param name = "scriptable" value = "false" >

<comment>
<embed
Type = "application/x-java-applet;version=1.5"/
CODE = "Com.aspire.reportPlatform.webagent.WebAgentApplet.class"/
Java_codebase = "."/
ARCHIVE = "Applet.jar"/
NAME = "Testapplet"/
WIDTH = 400/
HEIGHT = 300/
ALIGN = middle/
vspace = 0/
hspace = 0
scriptable = False
pluginspage = "Http://java.sun.com/products/plugin/index.html#download" >
<noembed>

</noembed>
</embed>
</comment>
</object>

<!--
<applet CODE = "Com.aspire.reportPlatform.webagent.WebAgentApplet.class" java_codebase = "." ARCHIVE = "Applet.jar" WIDTH = HEIGHT = + NAME = "Testapplet" ALIGN = middle Vspace = 0 hspace = 0>

</APPLET>
-
<!--"End_converted_applet"-

There is a need to pay attention to one thing.  There is a write <param NAME = ARCHIVE VALUE = "Applet.jar". That piece. Normal conversion will only be written to Applet.jar, the following is I directly to the applet need to refer to the jar package directly add to, again and again remind: here also need to sign the association of all jar package write up, otherwise naught!

6. To write a bat file to play, to sign, for example, I wrote the Applet.bat

The contents are as follows:

Keytool-genkey-keystore pepper.store-alias Pepper keytool-export-keystore pepper.store-alias pepper-file pepper.c ert Jarsigner-keystore pepper.store applet.jar pepperjarsigner-keystore pepper.store Commons-codec-1.3.jar pepperjars Igner-keystore pepper.store Commons-httpclient-3.1.jar pepperjarsigner-keystore pepper.store Commons-logging.jar Pepperjarsigner-keystore pepper.store Dom4j.jar pepperjarsigner-keystore pepper.store FlowMetaData.jar Pepperjarsigner-keystore pepper.store Ibatis-2.3.2.715.jar pepperjarsigner-keystore pepper.store Jgraph.jar Pepperjarsigner-keystore pepper.store Log4j-1.2.9.jar pepperjarsigner-keystore pepper.store MetaDataManage.jar Pepperjarsigner-keystore pepper.store Ojdbc14.jar pepperjarsigner-keystore pepper.store RDPCommon.jar Pepperjarsigner-keystore Pepper.store Swing-layout-1.0.jar Pepperjarsigner-keystore pepper.store Ws-commons-util-1.0.1.jar Pepperjarsigner-keystore Pepper.store Xmlrpc-client-3.1.jar pepperjarsigner-keystorE Pepper.store Xmlrpc-common-3.1.jar Pepper 

The meaning of the commentary:

Keytool-genkey-keystore pepper.store-alias Pepper #创建pepper. Store KeyStore file, this keystore alias is pepper

Enter the above paragraph. will prompt input password jdk Changeit, this password can change, how to change please check on the Internet, I do not remember the column, but the proposal does not change, because sometimes because of change password jdk1.4 will be bizarre bad use ...

Password after the loss, enter some corresponding signature information.

F:/applettomcat/webapps/applet>keytool-genkey-keystore Pepper.store-alias Pepper
Input Keystorepassword:changeit
What is your first and last name?
[Unknown]: LEe
What is the name of your organizational unit?
[Unknown]: Aspire
What is your organization's name?
[Unknown]: Aspire
What is the name of your city or region?
[Unknown]: SZ
What is the name of your state or province?
[Unknown]: GD
What is the two-letter country code for this unit?
[Unknown]: CN
Cn=lee, Ou=aspire, O=aspire, L=sz, ST=GD, C=CN right?
[No]: Y

Main password of input <pepper>
(assuming the same as KeyStore password, press ENTER):

Enter the password library to export the certificate password, in order to lazy above that I directly press ENTER column ...

Keytool-export-keystore pepper.store-alias pepper-file Pepper.cert export Pepper.cert certificate based on the generated keystore, enter password Changeit, Say that this piece can be entered step up you set the Password Library export certificate password (assuming not changeit)

Jarsigner-keystore pepper.store Applet.jar Pepper for Applet.jar signature, enter the certificate password I can write Changeit, the following jar packages are repeated input here not much to say The   Over! Write to everyone should be able to play their own signature, I also have a read file experience: That is originally written in the application of good things to the applet is not good use. The reason is that the applet loading mechanism is to download the server signed jar packages are downloaded to the client's temporary folder, dissemble are changed ...

This temporary folder like mine: C:/Documents and Settings/x_lixin_a/application Data/sun/java/deployment/cache/javapi/v1.0/jar

So what I'm doing reading the file is downloading the config file to the client locally. Scale such as to download to

System.getproperty ("Java.io.tmpdir") folder below, to read here will not be a problem column, log sometimes problems, it is recommended to write ***.log directly, so that in the execution of the generated log files will be thrown to the desktop, in fact, do not advocate a log , after all, users see this thing uncomfortable ...

By the way I write the applet to let everyone see it,

Idea: 1. Download the configuration file that you need to read locally.  2. Executes the main class. Run application.
Test: In IE input http://localhost:8080/webapplet see an applet pop-up a box click to execute, by the way: Check the error can notice the bottom right corner of the taskbar appears in the Big teapot icon, perform a Pplet will start this thing. Right-click to see the option to open the main console. Click this option, pop up a dialog box, this dialog will be able to see your signature where the problem, with SYSTEM.OUT.PRINTLN () can hit the console, but it is recommended to first in the local Eclipse project through the   Try. PostScript: Write here everyone should know how to implement the digital signature of the applet, if there is any doubt can be directly in csdn grabbed me, or send mail to [email protected], I hope there is log logs that block configuration better solution must tell me Satan, talk to each other, whoa. Think I wrote this article can also friends hope to help me to top up, I hope that a year later I will not be in the Internet to read the article of the rubbish (now that the article is written in any of the. This problem cannot be solved at all. ) ~oo~

The code is as follows:

Package Com.aspire.reportplatform.webagent;import Java.applet.applet;import Java.awt.color;import Java.awt.container;import Java.io.bufferedoutputstream;import Java.io.file;import Java.io.FileInputStream;import Java.io.fileoutputstream;import Java.io.ioexception;import Java.net.url;import Java.net.URLConnection;import Java.util.zip.zipentry;import Java.util.zip.zipinputstream;import Javax.swing.japplet;import Com.aspire.rdp.flowdesinger.logondialog;public class Webagentapplet extends JApplet {public static Applet m_ Runningapplet = null;protected char m_osprefix;//private octetseqholder resp = null;private Container ContentPane = null;p Ublic static string agentid;private static Long agentlongid;//private static final String dllfolderpath= System.getproper Ty ("User.dir")//;//private static final string//dllfolderpath=system.getproperty ("Java.home") +file.separator+ "Lib "+file.separator+" ext ";p rivate static final String Dllfolderpath = System.getproperty (" java.home ") + File.separator +" Bin"; String Temp_dir = System.getproperty ("Java.io.tmpdir");p rivate int result = 1;private int count = 0;public static String C Erterip = null;private string nickname = Null;public static string serverfulladdress;/** * @throws Java.lang.AbstractM Ethoderror */public void init () {Certerip = GetParameter ("centeraddress"); Certerip = new String ("192.168.168.1 11 "); System.err.println ("Centerip is" + Certerip); System.out.println ("User.dir =" + System.getproperty ("User.dir")); nickname = GetParameter ("nickname"); serverfulladdress = string.valueof (GetCodeBase ()), M_osprefix = System.getproperty ("Os.name"). ToLowerCase (). CharAt ( 0);//installlibraries ();D irectoryvo directoryvoarray[] = createdirectories (); for (int i=0;i< directoryvoarray.length;i++) {installconfigresources (directoryvoarray[i]);} Drawpane (); Logondialog Logondialog = new Logondialog (); logondialog.setvisible (true); try {//Add (panel); if (m_runningapplet! = NULL) {statuspanel.getstatuspanelinstance (). SetStatus ((Byte)11);} else {M_runningapplet = This;//webagent = new Webagent ();//initializecommunication (webagent); Statuspanel.getstatuspanelinstance (). SetStatus ((byte) one);//if (result = = 0) {//statuspanel.getstatuspanelinstance ( )//.setstatus ((byte) 0);/} else {//statuspanel.getstatuspanelinstance ()//.setstatus ((byte) 8);//}//Heartbeatinfo = New Heartbeatinfo ();//New Thread (Heartbeatinfo). Start ();//webagent.initialize (webagent, this);//sendheartinfo ();} } catch (Exception _ex) {//logfile.getinstance (). Print (0, "webagentapplet.init ()",//"Applet initial Failed!"); /_ex.printstacktrace ();        Statuspanel.getstatuspanelinstance (). SetStatus ((byte) 8); _ex.printstacktrace ();//destroy ();}}    Private directoryvo[] Createdirectories () {directoryvo[] Directoryvoarray = new Directoryvo[3];        Directoryvo Directoryvo = new Directoryvo (); String config = temp_dir+ "RDP"; File configfile=new file (config), if (!configfile.exists ()) {Configfile.mkdir ();} String plugins = config + file.separator + "Plugins "; File pluginsfile= new file (plugins), if (!pluginsfile.exists ()) {Pluginsfile.mkdir ();} String email = plugins + file.separator + "email"; File emailfile= new file (email), if (!emailfile.exists ()) {Emailfile.mkdir ();} Directoryvo.setpathname (email);d irectoryvo.setzipname ("Emailplugins.zip");d irectoryvoarray[0] = DirectoryVO; String images = config + file.separator + "images"; File Imagesfile = new file (images), if (!imagesfile.exists ()) {Imagesfile.mkdir ();} String cfg = config + file.separator + "cfg"; File Cfgfile = new file (CFG), if (!cfgfile.exists ()) {Cfgfile.mkdir ();} Directoryvo directoryVO1 = new Directoryvo ();d irectoryvo1.setzipname ("Images.zip");d irectoryvo1.setpathname (Images );d irectoryvoarray[1] = Directoryvo1;directoryvo directoryVO2 = new Directoryvo ();d irectoryvo2.setzipname ("Cfg.zip")    ;d irectoryvo2.setpathname (CFG);d irectoryvoarray[2] = directoryVO2;    return directoryvoarray; } private void Installconfigresources (Directoryvo directoryvo) {String Archivepath = string.valueof (GetCodeBase ()) + "native" + "/" + directoryvo.getzipname (); System.out.println ("Archivepath =" + Archivepath); Zipinputstream zis = null; ZipEntry entry = null; URLConnection con = null;try {con = (new URL (Archivepath)). OpenConnection (); con.setusecaches (false); Con.connect (); ZiS = New Zipinputstream (Con.getinputstream ()); while ((Entry = Zis.getnextentry ()) = null) {Installconfigresource (ZiS, Entry.getname (), Directoryvo.getpathname ());}} catch (IOException IoE) {statuspanel.getstatuspanelinstance (). SetStatus ((byte) 8); Ioe.printstacktrace ();// Logfile.getinstance (). Print (0,//"webagentapplet.installlibraries ()",//"Install has IOException");} catch (Exception e) {e.printstacktrace ();}    finally {con = null;try {zis.close ();} catch (IOException e) {//TODO self-generated catch block E.printstacktrace ();}} } private void Installconfigresource (Zipinputstream archive, String configresourcename,string path) {Buffere Doutputstream out = null;byte buffer[] = new byte[1024]; int count = 0; String configfullpathname = path + File.separator + configresourcename;try {out = new Bufferedoutputstream (New fileoutputs Tream (Configfullpathname)), while ((count = archive.read (buffer)) > 0) out.write (buffer, 0, count); Out.close ();} catch (IOException e) {e.printstacktrace ();} catch (Exception e) {e.printstacktrace ();}    Finally{try {out.close ();} catch (IOException E1) {//TODO self-generated catch block E1.printstacktrace ();}} The public void Drawpane () {ContentPane = Getcontentpane (); Contentpane.setbackground (Color.White); Contentpane.add ( Statuspanel.getstatuspanelinstance ());} public void Destroy () {try {if (M_runningapplet = = this) {//webagent.testmanagermodule.close ();// Statuscontrol.getstatuscontrolinstance (). Notifytocenter (Statuscontrolmoduleconstant.agent_down_success, Agentlongid);//appletcommunicatemodule.stop ();}} catch (Exception e) {//logfile.getinstance (). Print (0, "Webagentapplet.destroy ()",//"Unknownhostexception:cannot             Destory applet "); E.printstacktRace ();} finally {system.exit (0); System.err.println ("in applet close!!!!");}} private void Installlibraries () {String Archivepath = string.valueof (GetCodeBase ()) + "native";    System.err.println (GetCodeBase ()); Zipinputstream zis = null; ZipEntry entry = null; URLConnection con = null; String Archivename;switch (m_osprefix) {case 119://&apos;w&apos;archivename = "Winlib.zip"; Break;case 108://& Amp;apos;l&apos;archivename = "Linuxlib.zip"; Break;case://&apos;s&apos;archivename = " Solarislib.zip "; break;default:archivename =" winlib.zip "; break;} try {con = (new URL (Archivepath + "/" + Archivename)). OpenConnection (); con.setusecaches (false); Con.connect (); zis = new Zi Pinputstream (Con.getinputstream ()); while ((Entry = Zis.getnextentry ()) = null) {installlibrary (ZiS, Entry.getname ()) ;}} catch (IOException IoE) {statuspanel.getstatuspanelinstance (). SetStatus ((byte) 8); Ioe.printstacktrace ();// Logfile.getinstance (). Print (0,//"webagentapplet.installlibraries ()",//"InstallHave IOException ");} catch (Exception e) {e.printstacktrace ();} finally {con = null;try {zis.close ();} catch (IOException e) {//TODO self-generated catch block E.printstacktrace ();}}} private void Installlibrary (Zipinputstream archive, String dllName) {bufferedoutputstream out = null;byte buffer[] = new B Yte[1024];int count = 0; String dllfullpathname = dllfolderpath + File.separator + dllName; System.out.println ("dllfullpathname =" + dllfullpathname); try {out = new Bufferedoutputstream (New FileOutputStream (DLL Fullpathname), while ((count = archive.read (buffer)) > 0) out.write (buffer, 0, count); Out.close ();/if (m_ospre fix = &apos;w&apos;)//Commandlineutility.runcommand ("chmod 0775" + dllfullpathname);} catch (IOException e) {e.printstacktrace ();//logfile.getinstance (). Print (0, "webagentapplet.installlibrary ()",//" Install single Library failed ");//Exitduetoexception (E," Copying a native Library file into jre//directory ");} catch (Exception e) {E.priNtstacktrace ();} Finally{try {out.close ();} catch (IOException E1) {//TODO self-generated catch block E1.printstacktrace ();}}} private void Installlogfile () {//try {//string//logproperties=system.getproperty ("Java.home") +file.separator+ " Bin "+file.separator+" log4j.properties ";//file f=new File (logproperties);//f.createnewfile ();//fileoutputstream Fopt=new FileOutputStream (f);//string firstparagraph=new String ("# #LOGGERS ##/r/n#define a logger named//seamislogger /r/nlog4j.rootlogger=info,file/r/n/r/n ");//fopt.write (Firstparagraph.getbytes ());//string senondParagraph=new String ("# #APPENDERS ##/r/n#define an appender//named File,which are set to being a//rollingfileappender/r/ nlog4j.appender.file=org.apache.log4j.rollingfileappender/r/n "+" log4j.appender.file.file= "+System.getProperty ( "Java.home") +file.separator+ "bin" +file.separator+ "agentlog.txt" + "/r/n/r/n");//Fopt.write ( Senondparagraph.getbytes ());//string thirdparagraph=new String ("# #LAYOUTS ##/r/n#assign a simplelayout//to file// Appender/r/nlog4j.appender.file.layout=org.apache.log4j.simplelayout/r/n ");//fopt.write (Thirdparagraph.getbytes ());//  Fopt.close ();/} catch (FileNotFoundException e) {////TODO generates its own active catch Block//e.printstacktrace ();/} catch (IOException e) {////TODO generates its own active catch Block//e.printstacktrace ();//}//}}

Applet Digital Signature Technology Full introduction