Solved

Urgent: Problem with Clipboard in Netscape and Activator

Posted on 1998-07-15
21
391 Views
Last Modified: 2008-02-01
I have written an applet which utilises the system clipboard.

Netscape Browser:
On the local maschine I the clipboard works. In Netscape I get the dialog box for granting/denying the applet's clipboard access.

But when I load the applet from *remote* the Netscape Browser does not ask the user for granting or denying the clipboard access, but in the Java Console I get following message:
netscape.security.ForbiddenTargetException: User didn't grant the UniversalSystemClipboardAccess privilege.

My questions:
Why don't I get the grant/deny-dialog when the applet is loaded from a remote server?

How can I activate the clipboard for remote applets? (Answers with the Netscape prefs-File will not be accepted).

By the way my applet classes are located in a normal zip-Archive (not jar). And no object-signing is used (due to problems for non us-citizens to get a signing-certifcate for private programers).

Befor the clipboard is accessed following command is used to activate the clipboard-access:
        netscape.security.PrivilegeManager.enablePrivilege("UniversalSystemClipboardAccess");

Sun Activator:
My applet should also work on the Sun Activator. On the local maschine the clipboard works, but when the applet is loaded from remote I get an exception.

My questions:
How can I utilise the system clipboard in a applet loaded from a remote server?

Is it possible to activate the clipboard from with in the applet, like in Netscape with a grant/deny-dialog box?

Pointing system for obove questions:
In general: all answers must be complete and a step by step manner description.

A answer which *solve* my problem 100% (in all parts Netscape and Activator) will get an additional 100 points (= 200 points).

If the answer lies in signing the jar-archive: The experts which offers an object-signing solution must sign my applet with his Netscape object-signing certificate and will receive an additional 100 points (=200) on a successful test of the clipboard functionality.

Answers with the sun java certificate will receive additional 50 points (=150 points) on successful test.

It is very urgent and I don't have to much time to play around! That's why you get so many points when delivering a good answers.
0
Comment
Question by:e4monsch
  • 11
  • 6
  • 4
21 Comments
 
LVL 2

Author Comment

by:e4monsch
ID: 1226438
I tried to make a signed applet for the sun activator but it didn't work. Here the files:

cert_dir_TMA:
# This is a sample certificate directive file.

# the id of the signer
issuer.name=TMA

# the cert to use for the signing
issuer.cert=1

# the id of the subject
subject.name=TMA

# the components of the X500 name for the subject
subject.real.name=Ian P. Monsch
subject.org.unit=Software Engineering
subject.org=Technikum Winterthur Ingenieurschule
subject.country=CH

# Various parameters: start and end date for validity and expiration
# of the certificate. Serial number. FIle to which to output the
# certificate (optional).
start.date=7 Apr 1998
end.date=6 Apr 2002
serial.number=1001
out.file=TMA.x509

sign_dir_TMA:
# Jar signing directive. This is the directive file used by javakey to
# sign a jar file.

# Which signer to use. This must be in the system's database.
signer=TMA

# Cert number to use for this signer. This determines which
# certificate will be included in the PKCS7 block. This is mandatory
# and is 1 based.  
cert=1

# Cert chain depth of a chain of certificate to include. This is
# currently not supported.
chain=0

# The name to give to the signature file and associated signature
# block.  (i.e. DUKESIGN.SF and DUKESIGN.DSA). This must be 8
# characters or less.
signature.file=TMASig

Batch file to create the jar's:
@ECHO Clean up rubble
del tma_admin_client*.* > NUL
del tma_user_client*.* > NUL
del TMA.x509 > NUL
@ECHO Creates certifcate TMA.x509
javakey -gc cert_dir_TMA
@ECHO Creates signed admin client jar
jar cf tma_admin_client.jar.unsigned \mm\gui\*.class \mm\gui\util\*.class \mm\security\*.class \tma\client\admin\*.class \tma\rmi\*.class \tma\server\*_Stub.class \tma\util\*.class
javakey -gs sign_dir_TMA tma_admin_client.jar.unsigned
del tma_admin_client.jar.unsigned
ren tma_admin_client.jar.unsigned.sig tma_admin_client.jar
@ECHO Creates signed user client jar
jar cf tma_user_client.jar.unsigned \mm\gui\*.class \mm\gui\util\*.class \mm\security\*.class \tma\client\user\*.class \tma\util\*.class
javakey -gs sign_dir_TMA tma_user_client.jar.unsigned
del tma_user_client.jar.unsigned
ren tma_user_client.jar.unsigned.sig tma_user_client.jar

Does anyone discover an error.

Regards Ian

0
 
LVL 5

Expert Comment

by:msmolyak
ID: 1226439
In regard to your first question, you are right, you need to sign your applet (i.e., put all the classes the applet uses which need extra privileges in a signed Java archive).

Netscape display the Grant/Do not Grant dialog only for applets run locally and all teh gigned applets.

I did create signed applets. For that I obtained a certificate from Thawte. The command which I used was:

signtool -k "Certificate name in quotes" -d "Directory where the private key is" -e".class" -Z jar_file_name -c9 .

signtool is available with Netscape. This command signs the .class files and put them into a JAR file using max. compression.

I am not sure about the Activator, but if you can use the Capabilities API with it, the rules are probably the same.
0
 
LVL 2

Author Comment

by:e4monsch
ID: 1226440
Sri, this does not cover all my questions I will reopen again.
May be I get a better answer.

I just made some tests. It seems as if the Sun Activator does not use the javakey database which is utilised by the appletviewer. But how I do I get signed applets running on the activator?

Regards Ian

0
 
LVL 2

Author Comment

by:e4monsch
ID: 1226441
msmolyak: Do you still have a valid Netscape Object Signing Certificate? If so, can you sign my applet for my?

Regards Ian
0
 
LVL 5

Expert Comment

by:msmolyak
ID: 1226442
I do, but since it belongs to the company I work for, I am afraid I cannot use it to sign applets not developed here. Generally by singing applet I guarantee that I developed it so that anyone who uses it could decide whether to trust this applet. You can apply for individual signing certificate from Verisign, they are only $20.
0
 
LVL 2

Author Comment

by:e4monsch
ID: 1226443
I live in Switzerland and the Versign certificate is only available for US programers. Otherwise I have to pay US$400 for it, but I cannot aford this as student.

The applet is part of a project work for the university I am studying at. It will not be used outside the university campus. I guarantee. Cant you give my a had here. You know that I will give an additional 100 points for it.

You would just have to sign my applets and send them back to me.

Regards Ian

0
 
LVL 5

Expert Comment

by:msmolyak
ID: 1226444
It is not a matter of points, Ian. I think it would be unethical for me to do that since the company trusts me to use its certificate appropriately.

Let me know if I can help you in any other way.

Michael
0
 
LVL 6

Expert Comment

by:gadio
ID: 1226445
e4monsch, I don't think that msmolyak can help you here since he will be truely endangering the good name of his company and his position. Any damage that you may cause accidently to someone will be his company's responsibilty.
But, since its not for commertial use, what you can do is generate a test certificate with the signtool, and then every user that will want to use that applet, will first have to improt your certificate to his browser. he will have to do that by pressing a link that you will define in the intro page to the applet. If you consider this to solve your problem I'll give you more details.
0
 
LVL 2

Author Comment

by:e4monsch
ID: 1226446
Bribing seems not to work. hi.

What about the Thewate-Test-Certificates would those work for object signing or do I really need a Class2 or Class3 Certificate?

Regards Ian

0
 
LVL 2

Author Comment

by:e4monsch
ID: 1226447
gadio: Please more information about the signtool. Please describe the procedure and where to get software and certificates.

Regards Ian

0
Free Trending Threat Insights Every Day

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

 
LVL 2

Author Comment

by:e4monsch
ID: 1226448
gadio: Please more information about the signtool. Please describe the procedure and where to get software and certificates.

Regards Ian

0
 
LVL 2

Author Comment

by:e4monsch
ID: 1226449
gadio: I got the signing tool, but when executing i get the following error message:

C:\Programme\Netscape\Communicator\Program\Defaults>
d:\signtool\signtool -d . -G TMA

signtool: No certificate database in "."
signtool: Check the -d arguments that you gave

How do I generate the certificate db?

Regards Ian

0
 
LVL 6

Expert Comment

by:gadio
ID: 1226450
e4monsch, I'll soon give you an answer, I jest wanted to warn you: you can corupt the db files if you play with the signtool so first back them up. The files are cert7.db and key3.db . They should be in the netscape home dir. On pc it should be in c:/program files/Netscape/Users/myname

0
 
LVL 5

Expert Comment

by:msmolyak
ID: 1226451
Ian, I think what gadio is about to suggest is a good way to do it. Thawte's (they are from South Africa) certificates are cheaper ($200, they do not issue individual certificates as far as I know). They will work fine. If you want a real certificate I can explain you how to get it. Otherwise go with the self-generated one.
0
 
LVL 6

Expert Comment

by:gadio
ID: 1226452
First as I said, creat a backup. After that creat another copy and put the copy in another dir in order to work on them. Create the test cert. by the command:
signtool -G MyTestCert -d work_db_dir

work_db_dir is the working copy dir you made. next there are few optional Qs:

certificate common name: Test Object Signing Certificate
organization: Netscape Communications Corp.
organization unit: Server Products Division
state or province: California
country (must be exactly 2 characters): US
username: someuser
email address: someuser@netscape.com
Enter Password or Pin for "Communicator Certificate DB":[Password will not echo]

note that you have to give a password to protect the new certificate.
after that you will get tow files starting with x509 . Keep them - they are important.

now you can sign -

Signing a File
--------------
To sign a file using the Netscape Signing Tool, follow these steps:

1.   Create an empty directory.

% mkdir signdir

2.   Put your class files file into it.

3.    Specify the name of your object-signing certificate and sign the directory.

% signtool -k MySignCert -d work_db_dir -Z testjar.jar signdir
using key "MySignCert"
using certificate directory: /u/jsmith/.netscape
Generating signdir/META-INF/manifest.mf file..
--> test.f
adding signdir/test.f to testjar.jar
Generating signtool.sf file..
Enter Password or Pin for "Communicator Certificate DB":

4.   At the prompt, type the password to your private-key database.

     If it accepts the password, signtool responds as follows:

adding signdir/META-INF/manifest.mf to testjar.jar
adding signdir/META-INF/signtool.sf to testjar.jar
adding signdir/META-INF/signtool.rsa to testjar.jar
tree "signdir" signed successfully

5.   Test the archive you just created.

% signtool -v testjar.jar
using certificate directory: /u/jsmith/.netscape
archive "testjar.jar" has passed crypto verification.

           status   path
     ------------   -------------------
         verified   yourclass.class

Note that you still can't use the signed file in the brawser, since you still didn't imported it into the brawser. Start with this I'll soon comment in the following info.

0
 
LVL 6

Expert Comment

by:gadio
ID: 1226453
Now, in order to import this you have to have at least one of these options:
1. the web server that your site will be on will be Netscape Enterprise Server 3.0
2. The administrator will let you configure mime type for a cacert extension.
3. You have the ability to run CGI's

Tell me which ones are correct and we will continue.
0
 
LVL 6

Expert Comment

by:gadio
ID: 1226454
Also note that most of the info I'm giving you comes from:

http://devedge.netscape.com/docs/manuals/signedobj/signtool/index.htm
0
 
LVL 2

Author Comment

by:e4monsch
ID: 1226455
I found it out by myself about 10 minutes ago. Made my own certificate and it worked. Woow, I was happy like a little child on christmas.

gadio: You will get 200 Points (Graded A) for it. Because my Sun Activator problem is still pending, I will open up the question again. But you will get the points, promise. (By the way good snapshot of the netscape developer website).

msmolyak: Why didn't you mention the signtool before?

Ok guys, who of you can help me with the sun activator? So far I was able to sign my applet with the javakey and it worked with the appletviewer, but it did not work with the sun activator. I was told by sun that I should place the identitydb.obj in the user profile dir, but it did not help. Who can help.

Regards Ian

0
 
LVL 2

Author Comment

by:e4monsch
ID: 1226456
gadio: Please mark this question as answer, so I can give you the points.

Regards Ian

0
 
LVL 6

Accepted Solution

by:
gadio earned 200 total points
ID: 1226457
Ok.
0
 
LVL 2

Author Comment

by:e4monsch
ID: 1226458
Adjusted points to 200
0

Featured Post

What Is Threat Intelligence?

Threat intelligence is often discussed, but rarely understood. Starting with a precise definition, along with clear business goals, is essential.

Join & Write a Comment

Suggested Solutions

Title # Comments Views Activity
Fibonacci challenge 11 82
sumDigits  challenge 7 60
return in catch statement 1 40
JList custom Cell Renderer refresh 15 39
Java functions are among the best things for programmers to work with as Java sites can be very easy to read and prepare. Java especially simplifies many processes in the coding industry as it helps integrate many forms of technology and different d…
Basic understanding on "OO- Object Orientation" is needed for designing a logical solution to solve a problem. Basic OOAD is a prerequisite for a coder to ensure that they follow the basic design of OO. This would help developers to understand the b…
Viewers learn about the third conditional statement “else if” and use it in an example program. Then additional information about conditional statements is provided, covering the topic thoroughly. Viewers learn about the third conditional statement …
Viewers learn how to read error messages and identify possible mistakes that could cause hours of frustration. Coding is as much about debugging your code as it is about writing it. Define Error Message: Line Numbers: Type of Error: Break Down…

708 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now