Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 247
  • Last Modified:

How do signed Jar files in applet access local file system or activate a file in the harddisk?

Hi friends,

I would like to execute a prog in the remote hard disk, such that the prog can read the data from a smart card at client side and transmit back to the server.

I have think of a way to do so. Can I use an applet embedded in the html to do so?

I uses Jdk1.2.2.
Presently I am only doing simulation on 1 PC, acting as client and server. and want to test the signed applet methods to access local H.D. But got some doubts, pls help.

Below are the steps:
1) Using keytool to create keys for client and server.
2) Using Jarsigner to sign the jar file using the server's public key and embedded it in the HTML file.

Jar file prog:   sTestJar.jar
import java.awt.*;
import java.io.*;
import java.applet.*;
import java.util.Enumeration;
import java.util.Properties;

public class testJar extends Applet
{
        int pos = 10;
        String openKeys[] = new String[4];
        String protectedKeys[] = new String[3];
        public void init()
       {
           openKeys[0] = new String("java.version");
           openKeys[1] = new String("os.name");
           openKeys[2] = new String("os.arch");
           openKeys[3] = new String("os.version");
           protectedKeys[0] = new String("user.name");
           protectedKeys[1] = new String("user.home");
           protectedKeys[2] = new String("user.dir");
          }
          public void paint(Graphics g)
          {
                int y = 10;
                g.drawString("Attempting to access open system properties", 10, y+=10);
      System.out.println("Attempting to access open system properties");
                for (int i = 0; i < 4; i++)
                {
                    try {String value = System.getProperty(openKeys[i]);
           g.drawString(openKeys[i] + ":= '" + value + "'", 10, y+=10);
           System.out.println(openKeys[i] + ":= '" + value + "'");
      }
      catch (SecurityException e)
                {
          g.drawString("System.getProperty(" +openKeys[i] + "): caught security exception", 10, y+=10);
          System.out.println("System.getProperty(" +openKeys[i] + "): caught security exception");
                }catch (Exception e)
       {
          g.drawString("System.getProperty(" +openKeys[i] + "):caught exception" + e , 10, y+=10);
          System.out.println("System.getProperty(" +openKeys[i] + "): caught exception" + e );
                  }
      }
                g.drawString("Attempting to access protected system properties",10, y+=10);
                System.out.println("Attempting to access protected system properties");
                for (int i = 0; i < 3; i++)
               {
                   try {String value = System.getProperty(protectedKeys[i]);
                g.drawString(protectedKeys[i] + ":= '" + value + "'", 10, y+=10);
                           System.out.println(protectedKeys[i] + ":= '" + value + "'");
           }
           catch (SecurityException e)
          {
                         g.drawString("System.getProperty(" +protectedKeys[i] + "): caught security exception", 10, y+=10);
               System.out.println("System.getProperty(" +protectedKeys[i] + "): caught security exception");
           }
           catch (Exception e)
           {
                        g.drawString("System.getProperty(" +protectedKeys[i] + "): caught exception" + e , 10, y+=10);
              System.out.println("System.getProperty(" +protectedKeys[i] + "): caught exception" + e );
            }
      }

  }
}

HTML prog:  testJar.html
<html>
<title>Test Signed Applet</title>
<hr>
Excuting an applet which violates the sandbox protections by accessing system properties
that are not normally accessable.
<p>
<applet code=testJar.class archive="sTestJar.jar" width=500 height=200>
</applet>
<p>
<hr>
</html>

3)Import the server.cer into the client's keystore
4)Using policytool to create a new policy file, so that the policyfile allow AllPermission for applet signned by the server (assumption for simulation)

Pls, correct me if I am wrong.
However when I run "appletviewer testJar.html", I got msg
 "                             :
            :
  System.getProperty(user.name: caught security exception)
  System.getProperty(user.home: caught security exception)
  System.getProperty(user.dir: caught security exception)
 "

May I know:
1)how do the appletviewer know which policyfile to use, since I declare both client's and server's keystore in same PC.
Or if there is multiple policy files, how did it know which to use?
2)Also I understand that for browser need a kind of Java plug-in, does it for work for jdk1.2.2?
3)Since the "javakey" tool and identity files are not used in the jdk1.2.2, does the plug in work for it?
4)do you think this is the best way to acess the hardware on the remote client?

Pls advise....Thank you very much...

regards HuangJo
 
0
HuangJo
Asked:
HuangJo
  • 4
  • 3
1 Solution
 
muraliramCommented:
You have a way to test these. Visit the foolowing link. I have done a similar thing. You will get information from the following link. If you have any more doubts please ask.

You have to use com.ms.security.PolicyEngine(com.ms.security.PermissionID.PROEPRTY);
to getb permission to access local system properties in InternetExplorer and for Netscape

netscape.security.PrevilegeManager.enablePrevilege() to get permission. Details about signing and other is included in the following links.

In the current sotuation you don't nned a Java plugin you can do this after reading the following articles

www.ddj.com/articles/1999/9902/9902h/9902h.htm

www.suitable.com/Doc_CodeSigning.shtml
www.suitable.com/CodeSigningCerts.shtml

Regards

Murali
0
 
HuangJoAuthor Commented:
Hi Murali

Thank you very much for your advices. However, as I am using jdk1.2, could I just use the jdk1.2.2 keytool to generate the keys, certificates and also the signing of jar files? Instead of using the individual signing tools and buying the cert for each types of browsers(netscape and IE), as mentioned in the first reference site that you have given me.

Thank you very much.

regards
HuangJo
0
 
HuangJoAuthor Commented:
Hi,

for example, after I generate the keys and certificates using the jdk1.2.2 keytool and signed the jar files. Then I run the appletviewer in DOS

c:\ appletviewer -J-Djava.security.policy=jopolicy testJar.html

where "jopolicy" is the policy file that I have created using the policytool of jdk1.2.2

It does not give me exceptions, but how do I do it in the browser such that it can select the policy files that I have created and also the particular keystore?? Must I really use the browser specific java virtual machine to do it.

Thank you.

regards
HuangJo

0
Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

 
muraliramCommented:
Dear HuangJo,


Using policy files will not be practical if you want to distribute the
aplication over the internet. Wen we have generated keys using keytool it was showing some problem. It's better to use the methods which I have given through the link so that you can use it to sign other things also. Also it's better to create seperate certificates for both IE Netscape(From my experience). You use signtool to create
testcertificate for Netscape and makecert.exe for IE. The makecert and other things are availabl from Microsoft SDK for Java(from microsoft.com). Try it in your own. Still if you want some code I can give it. Even if you are using jdk1.2.2 the method which I have given will work.


Bye
Murali
0
 
HuangJoAuthor Commented:
Hi Murali

In this case, could you pls give me some eg. code, so that I could have a clearer picture.

thanks alot.

regards
HuangJo
0
 
muraliramCommented:


You should sign the applet. You can get this from the links which I have given .Go to that link it contains all what you need.

Better to avoid this code in the init()


try
{

com.ms.security.PlicyEngine.assertPermission("com.ms.security.permissionID.PROPERTY");//For IE
 
           openKeys[0] = new String("java.version");
           openKeys[1] = new String("os.name");
           openKeys[2] = new String("os.arch");
           openKeys[3] = new String("os.version");
           protectedKeys[0] = new String("user.name");
           protectedKeys[1] = new String("user.home");
           protectedKeys[2] = new String("user.dir");
         

It's better to go to the links that I have given. The first one conatins examples.Please try that. Download Microsof SDK from www.microsoft.com
and install it on your system and add the zip containing com.ms.security to your classpath(c:\windows\java\packages\anyofthezipwillcontain the above classes)

Try

All the best

Murali



0
 
HuangJoAuthor Commented:
Hi Murali

Thank you very much.I will try your method.

regards
HuangJo




0

Featured Post

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

  • 4
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now