Complete introduction to applet digital signature technology

I would like to say sorry to everyone here. After all, I wanted to write this article two years ago, but I have never written it because I am too lazy and want to leave something for myself, some days ago, my boss asked me to make this thing again. I found that my previous materials were not retained and I was new with my own impressions. However, I found that what I wrote on the Internet was really superficial and I couldn't say it was over, after all, we are programmers, not students. Why do we think about something? So I wrote down my summary and gave them some inspiration for beginners, after learning the content, you will be able to fully access the local client through the server, not suffering from any permissions (many articles write the policy file that needs to be modified locally on the client, in fact, it is not necessary. As long as the client clicks the digital signature of our users, they can do everything )~ OO ~

Simply put, the applet digital signature is what is going on: that is, the applet uses a pile of EXE files under $ java_home/bin in the JDK tool to implement secure signatures for the server to access the local client. If you want customers to trust your applet signature, you can spend hundreds of dollars to purchase a trusted signature certificate from the versign company under Ca.

This article mainly uses Tomcat as the middleware and describes the specific signature steps. $ java_home is the JDK installation directory, and $ atat_home is the tomcat installation directory.

To sign an applet, follow these steps:

1. Set the environment variable $ java_home (you can directly use the EXE command under $ java_home/bin in any directory in Windows. The EXE includes keytool.exe, jarsigner.exeand htmlconverter.exe ).

2. Copy the root directory of the webapps directory under $ tomcat_home and delete useless junk items into your web application name. For example, if webapplet copies the jar to be signed to $ tomcat_home/webapps/webapplet, note that the jar package involved in the entire project reference must be signed, otherwise, you will not be able to run any of them!

3. Create a test HTML page applet.html

<APPLET
Codebase = "."
Code = "com. aspire. reportplatform. WebAgent. webagentapplet. Class"
Archive = "applet. Jar"
Name = "testapplet"
Width = 400
Height = 300
Hspace = 0
Vspace = 0
Align = middle
>
</APPLET>

4. Open the CMD command prompt and run htmlconverter under $ tomcat_home/webapps/webapplet.

For example: F:/applettomcat/webapps/webapplet> htmlconverter

In the pop-up window, enter the HTML file to be converted, for example, the applet.html file that I just wrote. jsp is also applicable to the converted content.

The conversion is as follows:

<! -- "Converted_applet" -->
<! -- HTML Converter -->
<Object
Classid = "CLSID: 8ad9c840-044e-11d1-b3e9-00805f499d93"
Codebase = "http://java.sun.com/update/1.5.0/jinstall-1_5-windows-i586.cab#Version=5,0,0,1"
Width = 400 Height = 300 name = "testapplet" align = middle vspace = 0 hspace = 0>
<Param name = code value = "com. aspire. reportplatform. WebAgent. webagentapplet. Class">
<Param name = codebase value = ".">
<Param name = archive value = "applet. jar, commons-codec-1.3.jar, commons-httpclient-3.1.jar, commons-logging.jar, dom4j. jar, flowmetadata. jars, ibatis-2.3.2.715.jar, jgraph. jar, log4j-1.2.9.jar, metadatamanage. jar, ojdbc14.jar, rdpcommon. jar, swing-layout-1.0.jar, ws-commons-util-1.0.1.jar, xmlrpc-client-3.1.jar, xmlrpc-common-3.1.jar ">
<Param name = Name value = "testapplet">
<Param name = "type" value = "application/X-Java-applet; version = 1.5">
<Param name = "Scriptable" value = "false">

<Comment>
<Embed
Type = "application/X-Java-applet; version = 1.5 "/
Code = "com. aspire. reportplatform. WebAgent. webagentapplet. Class "/
Java_codebase = "."/
Archive = "applet. Jar "/
Name = "testapplet "/
Width = 400/
Height = 300/
Align = middle/
Vspace = 0/
Hspace = 0
Scriptable = false
Pluginspage = "http://java.sun.com/products/plugin/index.html#download">
<Noembed>

</Noembed>
</Embed>
</Comment>
</Object>

<! --
<APPLET code = "com. aspire. reportplatform. webAgent. webagentapplet. class "java_codebase = ". "ARCHIVE =" applet. jar "width = 400 Height = 300 name =" testapplet "align = middle vspace = 0 hspace = 0>

</APPLET>
-->
<! -- "End_converted_applet" -->

Note that <Param name = archive value = "applet. jar .. after Normal conversion, only the program will be written to the applet. jar. I directly add the jar package to be referenced by the applet. I will repeat the reminder that all jar packages that need to be signed and associated must be written here, otherwise, all the work is done!

6. Write a BAT file to sign the file, for example, the applet. bat I wrote.

The content is as follows:

keytool -genkey -keystore pepper.store -alias pepper   keytool -export -keystore pepper.store -alias pepper -file pepper.cert   jarsigner -keystore pepper.store applet.jar pepperjarsigner -keystore pepper.store commons-codec-1.3.jar pepperjarsigner -keystore pepper.store commons-httpclient-3.1.jar pepperjarsigner -keystore pepper.store commons-logging.jar pepperjarsigner -keystore pepper.store dom4j.jar pepperjarsigner -keystore pepper.store FlowMetaData.jar pepperjarsigner -keystore pepper.store ibatis-2.3.2.715.jar pepperjarsigner -keystore pepper.store jgraph.jar pepperjarsigner -keystore pepper.store log4j-1.2.9.jar pepperjarsigner -keystore pepper.store MetaDataManage.jar pepperjarsigner -keystore pepper.store ojdbc14.jar pepperjarsigner -keystore pepper.store RDPCommon.jar pepperjarsigner -keystore pepper.store swing-layout-1.0.jar pepperjarsigner -keystore pepper.store ws-commons-util-1.0.1.jar pepperjarsigner -keystore pepper.store xmlrpc-client-3.1.jar pepperjarsigner -keystore pepper.store xmlrpc-common-3.1.jar pepper

 

Explain the meaning in the following section:

Keytool-genkey-keystore pepper. Store-alias Pepper # create the pepper. Store keystore file. the alias of this keystore is pepper.

After entering the above paragraph, the system will prompt you to enter the JDK password, which is changeit by default. This password can be changed. You can check the change on the Internet. I can't remember it, but it is recommended that you do not change it, because it is sometimes difficult to use the jdk1.4 password...

After the password is entered, enter some corresponding signature information,

F:/applettomcat/webapps/APPLET> keytool-genkey-keystore pepper. Store-alias pepper
Enter the keystore password: changeit
What is your first name and last name?
[UNKNOWN]: Lee
What is the name of your organization?
[UNKNOWN]: aspire
What is your organization name?
[UNKNOWN]: aspire
What is the name of your city or region?
[UNKNOWN]: SZ
What is the name of your state or province?
[UNKNOWN]: Gd
What is the two-letter country code for this unit?
[UNKNOWN]: CN
CN = Lee, ou = aspire, O = aspire, L = SZ, St = Gd, c = Cn is it correct?
[No]: Y

Enter the <pepper> master password
(If the password is the same as the keystore password, press Enter ):

Enter the password of the keystore to export the certificate. In order to be lazy, press Enter...

Keytool-export-keystore pepper. store-alias pepper-file pepper. CERT exports pepper according to the generated keystore. for the Cert certificate, enter the password changeit and enter the password for the certificate (if it is not changeit)

Jarsigner-keystore pepper. Store applet. Jar pepper signs the applet. Jar. Enter the certificate password. You can write changeit for this part. The following JAR packages are all Repeated input. We will not talk about it here, over! Everyone should be able to use their own signatures. I have another experience in reading files: that is, the good stuff that was originally written in the application is not easy to use when it comes to the applet, the reason is that the applet loading mechanism is to download all the jar packages signed on the server to the temporary directory of the client, and change the file name... This temporary directory, for example, my: C:/Documents and Settings/x_lixin_a/Application Data/Sun/Java/deployment/Cache/javapi/V1.0/jar

So I downloaded the configuration file to the local client for everything I was reading files, for example, downloading

System. getproperty ("Java. io. in the tmpdir directory, if you read this directory, there will be no problem columns, and sometimes there will be problems with the log. We recommend that you directly write it ***. log. In this way, the generated log file will be thrown to the desktop during running. In fact, logs are not recommended. After all, users cannot see this log...

Let's take a look at the applet I wrote,

Idea: 1. Download the configuration file to be read to the local device. 2. Run the main class and application.
Test: in IE, enter http: // localhost: 8080/webapplet and click "run" in the pop-up window of the applet. By the way: check the error. Pay attention to the big teapot icon in the task bar in the lower-right corner. When you run the applet, you can start this item. Right-click the option to open the main console. Click this option to bring up a dialog box, in this dialog box, you can see what went wrong with your signature. Use System. out. println () can be called to this console, but we recommend that you first run it in the local Eclipse project and get the interview. Postscript: written here everyone should know how to implement the applet digital signature, if you have any questions can directly catch me in csdn, or send an email to the lixin_0411@126.com, if you want to have a better configuration solution for log logs, you must tell me how to communicate with each other. I think this article I wrote can also help my friends hope to help me solve the problem, I hope that I will not see the spam article written on the Internet one year later (all the articles are written now, and the problem cannot be solved !) ~ OO ~

The Code is as follows:

Package COM. aspire. reportplatform. webAgent; import Java. applet. applet; import Java. AWT. color; import Java. AWT. container; import Java. io. bufferedoutputstream; import Java. io. file; import Java. io. fileinputstream; import Java. io. fileoutputstream; import Java. io. ioexception; import java.net. URL; import java.net. urlconnection; import java.util.zip. zipentry; import java.util.zip. zipinputstream; import javax. swing. jap Plet; import COM. aspire. RDP. flowdesinger. logondialog; public class webagentapplet extends japplet {public static applet m_runningapplet = NULL; protected char m_osprefix; // Private octetseqholder resp = NULL; private container contentpane = NULL; public static string agentid; private Static long agentlongid; // Private Static final string dllfolderpath = system. getproperty ("user. dir ") //; // Private Static fi NAL string // dllfolderpath = system. getproperty ("Java. home ") + file. separator + "lib" + file. separator + "Ext"; Private Static final string dllfolderpath = system. getproperty ("Java. home ") + file. separator + "bin"; string temp_dir = system. getproperty ("Java. io. tmpdir "); Private int result = 1; private int COUNT = 0; public static string certerip = NULL; private string nickname = NULL; public static string serverfull Address;/*** @ throws Java. lang. abstractmethoderror */Public void Init () {certerip = getparameter ("centeraddress"); certerip = new string ("192.168.168.111"); system. err. println ("centerip is" + certerip); system. out. println ("user. dir = "+ system. getproperty ("user. dir "); nickname = getparameter (" nickname "); serverfulladdress = string. valueof (getcodebase (); m_osprefix = system. getproperty ("OS. name "). t Olowercase (). charat (0); // installlibraries (); directoryvo directoryvoarray [] = createdirectories (); For (INT I = 0; I <directoryvoarray. length; I ++) {installconfigresources (directoryvoarray [I]);} drawpane (); logondialog = new logondialog (); logondialog. setvisible (true); try {// Add (panel); If (m_runningapplet! = NULL) {statuspanel. getstatuspanelinstance (). setstatus (byte) 11);} else {m_runningapplet = This; // WebAgent = new WebAgent (); // initializecommunication (WebAgent); statuspanel. getstatuspanelinstance (). setstatus (byte) 11); // If (result = 0) {// statuspanel. getstatuspanelinstance ()//. setstatus (byte) 0); //} else {// statuspanel. getstatuspanelinstance ()//. setstatus (byte) 8); // heartbeatinfo = new hea Rtbeatinfo (); // new thread (heartbeatinfo ). start (); // WebAgent. initialize (WebAgent, this); // sendheartinfo () ;}} catch (exception _ ex) {// logfile. getinstance (). print (0, "webagentapplet. init () ", //" applet initial failed! "); // _ Ex. printstacktrace (); statuspanel. getstatuspanelinstance (). setstatus (byte) 8); _ ex. printstacktrace (); // destroy () ;}} private directoryvo [] createdirectories () {directoryvo [] directoryvoarray = new directoryvo [3]; directoryvo = new directoryvo (); string Config = temp_dir + "RDP"; file configfile = new file (config); If (! Configfile. exists () {configfile. mkdir ();} string plugins = config + file. Separator + "plugins"; file pluginsfile = new file (plugins); If (! Pluginsfile. exists () {pluginsfile. mkdir ();} string email = plugins + file. Separator + "email"; file emailfile = new file (email); If (! Emailfile. exists () {emailfile. mkdir ();} directoryvo. setpathname (email); directoryvo. setzipname ("emailplugins.zip"); directoryvoarray [0] = directoryvo; string images = config + file. separator + "Images"; file imagesfile = new file (images); If (! Imagesfile. exists () {imagesfile. mkdir ();} string CFG = config + file. Separator + "cfg"; file partition file = new file (CFG); If (! Invalid file. exists () {partition file. mkdir ();} directoryvo directoryvo1 = new directoryvo (); convert ("images.zip"); directoryvo1.setpathname (images); directoryvoarray [1] = directoryvo1; directoryvo V2 (); directoryvo2.setzipname ("cfg.zip"); directoryvo2.setpathname (CFG); directoryvoarray [2] = directoryv2; return directoryvoarray;} private void installconfigresources (direc Toryvo directoryvo) {string archivepath = string. valueof (getcodebase () + "native" + "/" + directoryvo. getzipname (); system. out. println ("archivepath =" + archivepath); zipinputstream zis = NULL; zipentry entry = NULL; urlconnection con = NULL; try {con = (new URL (archivepath )). openconnection (); con. setusecaches (false); con. connect (); zis = new zipinputstream (con. getinputstream (); While (Entry = Zis. ge Tnextentry ())! = NULL) {installconfigresource (zis, entry. getname (), directoryvo. getpathname () ;}} catch (ioexception IOE) {statuspanel. getstatuspanelinstance (). setstatus (byte) 8); IOE. printstacktrace (); // logfile. getinstance (). print (0, // "webagentapplet. installlibraries () ", //" Install have ioexception ");} catch (exception e) {e. printstacktrace ();} finally {con = NULL; try {Zis. close ();} catch (ioexception e) {// todo automatic Generate Catch Block E. printstacktrace () ;}} private void installconfigresource (zipinputstream archive, string configresourcename, string path) {bufferedoutputstream out = NULL; byte buffer [] = new byte [1024]; int COUNT = 0; string configfullpathname = path + file. separator + configresourcename; try {out = new bufferedoutputstream (New fileoutputstream (configfullpathname); While (COUNT = archive. read (buffer)> 0) out. write (buffer, 0, count); out. close ();} catch (ioexception e) {e. printstacktrace ();} catch (exception e) {e. printstacktrace ();} finally {try {out. close ();} catch (ioexception E1) {// todo automatically generates Catch Block e1.printstacktrace () ;}} public void drawpane () {contentpane = getcontentpane (); contentpane. setbackground (color. white); contentpane. add (statuspanel. getstatuspanelinstance ();} public void destroy () {tr Y {If (m_runningapplet = This) {// WebAgent. testmanagermodule. close (); // statuscontrol. getstatuscontrolinstance (). notifytocenter (statuscontrolmoduleconstant. agent_down_success, agentlongid); // appletcommunicatemodule. stop () ;}} catch (exception e) {// logfile. getinstance (). print (0, "webagentapplet. destroy () ", //" unknownhostexception: cannot destory applet "); E. printstacktrace ();} finally {system. exit (0); system. Err. println ("in applet close !!!! ") ;}} Private void installlibraries () {string archivepath = string. valueof (getcodebase () + "native"; system. err. println (getcodebase (); zipinputstream zis = NULL; zipentry entry = NULL; urlconnection con = NULL; string archivename; Switch (m_osprefix) {Case 119: // & apos; W & apos; archivename = "winlib.zip"; break; Case 108: // & apos; L & apos; archivename = "linuxlib.zip"; break; Case 115: // & apos; S & apos; Archive Name = "solarislib.zip"; break; default: archivename = "winlib.zip"; break;} Try {con = (new URL (archivepath + "/" + archivename )). openconnection (); con. setusecaches (false); con. connect (); zis = new zipinputstream (con. getinputstream (); While (Entry = Zis. getnextentry ())! = NULL) {installlibrary (zis, entry. getname () ;}} catch (ioexception IOE) {statuspanel. getstatuspanelinstance (). setstatus (byte) 8); IOE. printstacktrace (); // logfile. getinstance (). print (0, // "webagentapplet. installlibraries () ", //" Install have ioexception ");} catch (exception e) {e. printstacktrace ();} finally {con = NULL; try {Zis. close ();} catch (ioexception e) {// todo automatically generates Catch Block E. printstacktrace ();}}} Private void installlibrary (zipinputstream archive, string dllname) {bufferedoutputstream out = NULL; byte buffer [] = new byte [1024]; int COUNT = 0; string dllfullpathname = dllfolderpath + file. separator + dllname; system. out. println ("dllfullpathname =" + dllfullpathname); try {out = new bufferedoutputstream (New fileoutputstream (dllfullpathname); While (COUNT = archive. read (buffer)> 0) out. write (B Uffer, 0, count); Out. Close (); // If (m_osprefix! = & Apos; W & apos;) // commandlineutility. runcommand ("chmod 0775" + dllfullpathname);} catch (ioexception e) {e. printstacktrace (); // logfile. getinstance (). print (0, "webagentapplet. installlibrary () ", //" Install single library failed "); // exitduetoexception (E," copying a native library file into JRE // directory ");} catch (exception e) {e. printstacktrace ();} finally {try {out. close ();} catch (ioexception E1) {// todo automatically generates Catch Block e1.printstacktrace () ;}}// private void installlogfile () {// try {// string // logproperties = system. getproperty ("Java. home ") + file. separator + "bin" + file. separator + "log4j. properties "; // file F = new file (logproperties); // F. createnewfile (); // fileoutputstream fopt = new fileoutputstream (f ); // string firstparagraph = new string ("# loggers #/R/N # define a logger named // seamislogger/R/nlog4j. rootlogger = info, file/R/n/R/N "); // fopt. write (firstparagraph. getbytes (); // string senondparagraph = new string ("## appenders ##/R/N # define an appender // named file, which is set to be a // rollingfileappender/R/nlog4j. appender. file = org. apache. log4j. rollingfileappender/R/N "+" log4j. appender. file. file = "+ system. getproperty ("Java. home ") + file. separator + "bin" + file. separator + "agentlog.txt" + "/R/n/R/N"); // fopt. write (senondparagraph. getbytes (); // string thirdparagraph = new string ("# layouts #/R/N # assign a simplelayout // to file // appender/R/nlog4j. appender. file. layout = org. apache. log4j. simplelayout/R/N "); // fopt. write (thirdparagraph. getbytes (); // fopt. close (); //} catch (filenotfoundexception e) {// todo automatically generates catch blocks // E. printstacktrace (); //} catch (ioexception e) {// todo automatically generates a Catch Block // E. printstacktrace ();//}//}}