AddProvider in a signed applet(cab file)

Similar Messages

• Problems with signed Applet for File Download under JRE 1.4 (works with 1.3

  Dear all,
  i encountered a very strange behaviour with JRE 1.4x. A signed applet used for file download worked on all platforms (Windows NT, 2000 and XP wth/wthout SP...) until I installed JRE 1.4.x (1.4.1 or 1.4.2)
  I get an EOFException when downloading binary files (for ASCII it works fine) when trying to readByte() from a DataInputStream. But not immideately, but after x bytes in the while-loop. Security is fine (I know there have been changes to that in jre 1.4, the applet itself can be started an runs with ASCII files for transfer)
  Does anyone know, what has changed in jre1.4.
  As I said, it works fine under jre 1.3.x
  The relevant code is below: byte bt = dis.readByte(); causes the error
  try{
  // Get URL from Server
  URL uFile = new URL(sFilename);
  sThisURLFile = uFile.getFile();
  Integer inte = new Integer(i);
  //open input stream for the file on server
  DataInputStream dis = new DataInputStream(new BufferedInputStream
  (uFile.openConnection().getInputStream()));
  //open output stream for the file on local drive
  String sFilenameOnly = sThisURLFile.substring(sThisURLFile.lastIndexOf('/')+1);
  int iDotPos = sFilenameOnly.lastIndexOf(".");
  String sExt;
  if (iDotPos > 0) {
  sExt= sFilenameOnly.substring(iDotPos);
  } else {
  sExt = "";
  File fileOut = new File(sDownloadDir + sThisURLFile.substring(sThisURLFile.lastIndexOf('/')+1) );
  DataOutputStream dos = new DataOutputStream(new
  BufferedOutputStream(new FileOutputStream(fileOut)));
  //read one byte from input stream, and write that byte to output stream
  long nByte = 0;
  int iCnt = 0;
  iFilesizeDone ++;
  while (nByte < iFilesize){
  String sErrPs = new String();
  try{
  sErrPs = "00";
  byte bt = dis.readByte();
  sErrPs = "01";
  dos.writeByte(bt);
  } catch (EOFException ee)
  System.err.println("internal EOFException: " + ee.getMessage());
  System.out.println("Error Filesize is " nByte " of " iFilesize "---" + sErrPs);
  break;
  nByte++;
  iFilesizeDone ++;
  iCnt ++;
  if(iCnt >= 10240) {
  ShowProgress(nByte, iFilesize, iFilesizeDone, iFilesizeTotal); // repaint does not work during init-procedure
  iCnt = 0;
  line = "Progress: Total: " + ((iFilesizeDone*100)/iFilesizeTotal) + " perc, " + iFilesizeTotal/1024 +" kbytes" ;
  labLine.setText(line);
  //dos.flush(); // improves Client performance (Agent-Call!)
  dis.close();
  dos.close();
  }// End try
  catch (EOFException ee)
  System.err.println("EOFException: " + ee.getMessage()e);
  catch (SecurityException se)
  System.err.println("SecurityException: " + se.getMessage());
  catch (IOException ioe)
  System.err.println("IOException: " + ioe.getMessage());

  perhaps they've changed something with the file blocking.
  btw, you should try to use something like this
  DataInputStream dis = new DataInputStream(is);
  byte[] buffer=new byte[8192];
  int numBytesRead;
  while ( dis.available()>0 ) {
       numBytesRead = dis.read(buffer);
  }               

• Signed applet for file download?

  Hello folks,
  I have a signed applet through which i can upload multiple files to a servlet. I wish to create another applet or enhance this one to enable it to download multiple files from the server to the client m/c. Any idea, how to go about it?
  I will appreciate your helpful replies.
  Thank you,
  Coreli

  which part? You apparently already know how to sign an applet... and use a file chooser... and create servlets that can take files.... seems you need to do the opposite and use input streams where you used output streams before and vice versa...

• User rejected the cab - signed applet doesnt load

  Hi,
  I have signed my cab file and IE requests for permissons when I access it. If I deny the permissions, my signed applet doesnt load. Is there any way to make the applet load even if I dont grant the permissions. I expect only the 'out-of-the-sandbox' operations to fail - not the entire applet!
  Thanks

  I found a solution to this. Details on my blog at:
  http://brandon.fuller.name/archives/2004/08/19/23.19.48/

• Signed cab file using j++, IE, XERCES

  HI:
  i am using j++ and adding class files from XERCES.jar
  for parsing. I add the class files manually using J++
  and they are definetly in the .cab file. And i am sure it downloads the cab w/ the files. But,
  IE 5.5 gives me a classNotFound Exception when it tries to load in the classes. Any idea why they would not show up???
  THANKS

  1. make sure you first unjar XERCES.jar in the same directory where your classes are
  2. make the cab file using all the classes, yours and the ones from the jar file.
  Here is an example:
  cd <directory_with_all_classes>
  cabarc -s 6144 -r -p n mycab.cab *.class *.gif *.ini *.propertiesIf you want, you can then sign the cab file using signcode.
  I hope this will help you.
  Iulian

• How to create and sign CAB files info on Supplement Option

  To all Supplement Option subscribers:
  At the supplement option for iDevelopment Accelerators, I uploaded a zip with detailed info on how to create and sign CAB files (necessary when you are running your application on the Native IE Java Virtual Machine).
  Not all functionality provided to you through JInitiator will work (e.g. WebUtil doesn't) but the way how to make and sign a CAB file will become more easy.
  Cheers,
  Marc Vahsen
  Headstart Team

  This defeats the purpose of trying to centralize SAP-related web resources on the SAP server. Typically IIS/Apache or other non-SAP servers are under the control of IT and not the SAP BASIS group.
  We simply would like to have a centralized location to store static web files so that they are not overwritten during Portal support pack applications.

• Signed applet still shows:"warning:applet window"

  I have signed a cab file for use with IE.
  But it always shows the message "warning:applet window" in the status bar.
  Am I missing something?
  Should not be signing enough to eliminate this message??
  regards
  -S

  Microsoft has a Knowledge Base article on this. Try this link:
  http://support.microsoft.com/support/kb/articles/q169/8/08.asp
  HTH,
  Carl Rapson

• Signing applets, going crazy

  hi,
  I think I've posted enough thread on signed applets and
  still haven't got the solution and i'm the strong believer
  that any sought of problem will be solved in the forums,
  and I still believe in that. Ok! I don't wan't to bore u,
  here is my problem:
  1) I've signed the applet using keytool and specify the
  signed.jar file in the archive parameter in <applet> tag,
  but each and every client have to get the .java.policy
  file to be placed on their windows home directory!!!
  Is that the rt way to do it, or is there any way to link
  the .java.policy while signing the applet.
  2)I've also tried in signing the cab files, ok fine but don't
  know how to set the permissions in the .ini file in SDK for
  java, no proper documentation and also when i got to
  use the plugin converter to use my applet since the
  browser does'nt recognise the rmi classes, so when i use
  the plugin, and also the cabbase parameter, i'm not able
  to get it, but i'm able to get one of my applet get going
  which is a normal applet tries to write a file on to the
  desktop, but it doesn't have the plugin.
  3)Is there anyway to make applet work without using the
  plugin concept. I came to know the if i specify archive
  for rmi.zip, it should work, but I cou'lnt do it, is there any
  other versions of rim.zip
  Sorry 4 a long story,
  ThanX for baring me.
  kiran,
  [email protected]

  1:From my understanding, if you sign the applets you should not have to set policy files onto the client side.
  Applets should have complete unrestricted access to the system when these are signed.
  2: Are you trying in anyways to perform callbacks through firewalls ? If you do check RMI vs Internet on this forum.
  RMI works without plugin for jdk1.1 and over
  3: I don't know , sorry.

• **URGENT : signed applet still doesn't get full permissions**

  I've bought a Microsoft Authenticode certificate with which I signed a CAB file containing my class files...
  On a client machine, the browser detects security stuff but even when one acknowledges, the applet still doesn't get the permission, for instance, to open a directory for reading... a SecurityException is thrown as if the applet was not signed.
  Have I forgotten something or did another one wrong ?? Must I set the Security Manager to null ????
  It's really urgent, so please reply asap !!!
  Thanks,
  R�gis Kuckaertz

  Just signing the applet doesn't give it any permissions. You have to assert whatever permissions you want. For example:
  import com.ms.security.*; // need dummy classes to compile for non-MS
  // check if we are in the MS JVM
  if (Class.forName("com.ms.security.PolicyEngine") != null)
      // Assert all Permissions
      PolicyEngine.assertPermission(PermissionID.SYSTEM);
  catch (Throwable cnfe)
      System.out.println("Microsoft JVM permissions not asserted.");
      System.out.println(cnfe.getMessage());
  }

• File read access denied for signed applet

  Hi:
  I have a signed applet with a certificate generated with the keytool. Yet, I keep getting this error:
  java.lang.Exception: java.security.AccessControlException:
      access denied (java.io.FilePermission C:\WINDOWS\system32\aetpkss1.dll read)The error is produced when the method loadKeyStore(pin) below is called.
      private KeyStore ks;
      private Provider provider;
      private static final String providerName    = "PKCS11";
      private static final String providerLibrary = "aetpkss1.dll";
      public void loadKeyStore(String pin) throws IOException,
       CertificateException, KeyStoreException, NoSuchAlgorithmException {
       if (provider == null)
           registerProvider(providerLibrary);
       try {
           ks = KeyStore.getInstance(providerName,provider);
       } catch (Exception e) {
           throw new KeyStoreException("Failed get keystore instance\n"
                           + e.getMessage());
       try {
           ks.load(null, pin.toCharArray());
       } catch (Exception e) {
           throw new KeyStoreException("Failed load keystore\n"
                           + e.getMessage());
      public void registerProvider(String library)
       throws FileNotFoundException, KeyStoreException {
       String fileName;
       if (new File(library).isAbsolute())
           fileName = library;
       else
           fileName = getAbsolutePath(library);
       if (!(new File(fileName).exists()))
           throw new FileNotFoundException("No such file: " + fileName);
       String config = "name = " + providerName + "\n"
           + "library = " + fileName;
       ByteArrayInputStream confStream =
           new ByteArrayInputStream(config.getBytes());
       try {
           provider = new sun.security.pkcs11.SunPKCS11(confStream);
           Security.addProvider(provider);
       } catch (Exception e) {
           throw new KeyStoreException("Can initialize " +
                           "Sun PKCS#11 provider. Reason: " +
                           e.getCause().getMessage());
      private String getAbsolutePath(String lib) throws FileNotFoundException {
       String[] searchPath;
       /* NOTE: This should be modified to suit different versions of   *
        *       Windows and not just Windows XP                         */
       if (System.getProperty("os.name").matches("^(?i)Windows.*")) {
           searchPath = new String[] { "C:\\WINDOWS\\system32" ,
                           "C:\\java" };
       } else {
           searchPath = new String[] { "/usr/local/lib/" };
       for (int i = 0; i < searchPath.length; i++) {
           if ((new File(searchPath[i] + File.separator + lib).exists()))
            return (searchPath[i] + File.separator + lib);
       throw new FileNotFoundException("Library not in search path " + lib);
      }The above code is called by a java script, the class' constructor is empty.
  The error appears not to be caught by my code. I have tried to insert try/catch statements everywhere to figure out where this error is produced.
  The code is write off of the applet for signing with a smart card by Svetlin Nakov - and his applet works!
  I have also made a CLI application that uses the above code and it works perfectly.
  So: Something is wrong either with my certificate, the signing method, signature verification or something completely different. Any hints?
  The certificate I generated with
  keytool -genkey -keystore mystore -alias me
  keytool -seflcert -keystore mystore -alias meI have tired both with and without the selfcert step.
  Thanks! Erik

  The problem has been identified: Placing registerProvider() in the constructor the error no longer occurs, instead an error is produced when the key store is loaded.
  It appears that the javascript code is not trusted and so, even though the applet is signed, access privileges are restricted to those of the java script.
  A solution to this problem is not clear, but possibly, serving the pages from a trusted server, the java script will be trusted, some documentation seem to indicate.

• IS there code to avoid policy file push in a VeriSign Signed applet?

  Q: Must a digtally signed ( thus Trusted) Applet have some some security code scripts -within the applet- to read specific "out of SandBox Permission" which have been Granted in the users Java.Policy file.
  Actually at first I thought the applet was not finding the users Java.Policy file so I hard coded the permission below into the standard java.policy file just to test it but no luck.
  I have the following Java Applet code which is digitally signed against a Versigin Class3 Code Signing Certificate in the Trusted root. SO I kow the applet runs..
  import java.awt.*;
  import java.io.*;
  import java.lang.*;
  import java.applet.*;
  public class UserName extends Applet {
  public void init() {
  public String runajacode()
  String UserName="";
  try {
  UserName = System.getProperty("user.name");
  catch (SecurityException e) {
  return UserName;
  I Keep getting the security exception error when I try to read User.name property
  Here is the text of the Java.Policy file which is placed in the users home directory
  /* AUTOMATICALLY GENERATED ON Fri May 10 11:37:28 CDT 2002*/
  /* DO NOT EDIT */
  grant {
  permission java.util.PropertyPermission "user.name", "read";
  Thanks BeforeHand
  AJ

  We cannot use the Java Plugin (company Rules) so you
  are saying I must modify the original java.policy
  file and without the Plugin the IE 5.5 VM will notWell, i have to say that if u r not using the java plugin, then there is no need for the policy file and u have to use the VM of the browser.I dont think the browser will support the latest version of java and so u have to write your code according the java 1.0 version. Mircosoft have not updated their java jvm due to issues with sun.
  Can u give me the code of the html file where u include the applet tags and let me have a look at it.
  if u plan to use the applet in IE and signed, then u have to use the CAB file utility which can be downloaded from the microsofft site. A signed cab file can run on IE only.Signed Jar can be run in plugins and netscape .
  Let me know if u need further help.
  ciao

• How to resolve problems in policy file of signed Applet

  Hi to All,
  I want to connect the web site through my Signed Applet which is working as a Proxy server. but i m facing certain problems in my policy file:
  this is my policy file :-
  grant {
  permission java.security.AllPermission "", "";
  permission java.net.SocketPermission "http://www.google.com:4321", "connect, accept,resolve";
  permission java.security.UnresolvedPermission;
  n i got such type of exceptions n my Applet prompt applet not initialized.
  Got connection Socket[addr=/192.168.1.232,port=1200,localport=4321]
  Reading request...
  URI is: http://www.google.com/
  Host to contact is: www.google.com at port 80
  Got request...
  java.security.AccessControlException: access denied (java.net.SocketPermission www.google.com resolve)
  at java.security.AccessControlContext.checkPermission(AccessControlContext.java:264)
  at java.security.AccessController.checkPermission(AccessController.java:427)
  at java.lang.SecurityManager.checkPermission(SecurityManager.java:532)
  at java.lang.SecurityManager.checkConnect(SecurityManager.java:1031)
  at java.net.InetAddress.getAllByName0(InetAddress.java:1117)
  at java.net.InetAddress.getAllByName0(InetAddress.java:1098)
  at java.net.InetAddress.getAllByName(InetAddress.java:1061)
  at java.net.InetAddress.getByName(InetAddress.java:958)
  at java.net.InetSocketAddress.<init>(InetSocketAddress.java:124)
  at java.net.Socket.<init>(Socket.java:179)
  at ProxyApplet.handle(ProxyApplet.java:75)
  at ProxyApplet.<init>(ProxyApplet.java:132)
  at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
  at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:39)
  at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:27)
  at java.lang.reflect.Constructor.newInstance(Constructor.java:494)
  at java.lang.Class.newInstance0(Class.java:350)
  at java.lang.Class.newInstance(Class.java:303)
  at sun.applet.AppletPanel.createApplet(AppletPanel.java:721)
  at sun.applet.AppletPanel.runLoader(AppletPanel.java:650)
  at sun.applet.AppletPanel.run(AppletPanel.java:324)
  at java.lang.Thread.run(Thread.java:595)
  here 4321 is Port no. which i've as a random port no.
  plz Help
  thnx in advance
  with regards
  pank_naini

  Please, if you can't help me, could you tell me who can I contact ?

• Signed applet : problem signing jar files that are in build path

  Hello,
  I have a problem while trying to create an ftp applet.
  I use org.apache.commons.net.ftp and i build path for commons-net-1.1.4.jar and then i build my classes.
  When i create a jar file with my classes and after signing it, it works under eclipse but not on a web page.
  I had signed commons-net-1.1.4.jar before to build the path in eclipse but commons-net-1.1.4.jar is not in my jar file.
  What is the way to sign applet correctly even if some jar ressources are in eclipse build path.
  Thank you

  You were right!!!
  I'm not sure what to write down in the formsweb.cfg (configuration file) , following the instructions on the on-line help of Developer Forms 10g , in step 9..
  The step 9 says...
  Because in this release the JACOB code is in an external Jar file and not incorporated into frmwebutil.jar, it needs to be downloaded. To do this, change the WebUtilArchive setting to read: webUtilArchive=/forms/webutil/frmwebutil.jar,/forms/webutil/jacob.jar
  The doudt is pointed to the fact that the frmwebutil.jar isn't in the ORACLE_HOME\forms\webutil path but it is ORACLE_HOME\forms\java path.
  Also , these paths referenced in webUtilArchive are physical paths in a Unix system or they are logical paths in a url?
  Simon

• Question about Java Applet Jar file signing.

  These questions pertain to Java 6 Standard Edition 1.6.0_22-b04 and later.
  I have gone through the Oracle Java Tutorial for generate public and private key information
  to sign a jar file, and how to sign the jar itself, all at
  [http://java.sun.com/developer/onlineTraining/Programming/JDCBook/signed.html|http://java.sun.com/developer/onlineTraining/Programming/JDCBook/signed.html]
  , and seek some clarification on the following related questions:
  -In order to "escape" the java applet sandbox that exists around the client's
  copy of the applet running in their web browser, ie.
  (something forbidden by default), is verification of the signed applet enough, or is a policy file required
  to stipulate these details?
  -using the policytool policy file generator, what do I need to add under "Principals"
  (if anything) when dealing with a Java applet? Are Codebase and SignedBy simply author information?
  -If I choose to use a java.security.Permission subclass object set up in equivalent fashion within the Applet,
  which class within the Applet jar do I instantiate that object in? Does it need to be mentioned
  in the applet's jar Manifest.MF file?
  -Is the "keystore database" a java language service/process which runs in
  the Server's memory and is simply accessed and started by default
  by the client verifier program (appletview/web browser)?
  -The public key certificate file (*.cer) is put in the webserver directory holding
  the Applet jar file (ie. Apache Tomcat, for example).
  -Presumably, the web browser detects the signed jar
  and certificate file, and provides the browser pop up menu asking the user
  about a new, non recognised certificate (initially).
  Is this so?
  -With this being the case, can the applet now escape
  the sandbox, be it with or without the stipulated
  policy permissions?

  848439 wrote:
  -In order to "escape" the java applet sandbox that exists around the client's
  copy of the applet running in their web browser, ie.
  (something forbidden by default), is verification of the signed applet enough, or is a policy file required
  to stipulate these details?Just sign the applet, the policy file is not necessary.
  -Is the "keystore database" a java language service/process which runs in
  the Server's memory and is simply accessed and started by default
  by the client verifier program (appletview/web browser)?No.
  -The public key certificate file (*.cer) is put in the webserver directory holding
  the Applet jar file (ie. Apache Tomcat, for example).No. For a signed Jar, all the information is contained inside the Jar.
  -Presumably, the web browser detects the signed jar
  and certificate file, and provides the browser pop up menu asking the user
  about a new, non recognised certificate (initially).
  Is this so?No. It is the JVM that determines when to pop the confirmation dialog.
  -With this being the case, can the applet now escape
  the sandbox, ..Assuming the end-user OK's the trust prompt, yes.
  ..be it with or without the stipulated
  policy permissions?Huh?

• Include many jars for a complex signed applet in html file??

  hello
  I'd like to know how it's possible to put a signed applet in an html file, that needs many jar files.
  I explain myself: I know that to create a signed applet and to put it in an html file, I need to create a Jar file that contains this applet, create a private key with keytool, sign the jar and include it in my html file with the tag <applet code="....." archive="......jar".... />
  This works fine if my applet is a simple program that only uses the clases present by default in the jdk.
  In my case, I have a big project, with many packages. In one of these packages, I have my applet that uses some classes of the other packages, which use classes from imported jars, such as BouncyCastle, and others...
  There is still no problem when I run the applet from the applet viewer.
  The problem appears when I put the JAR file with all these classes in the html file: there is a problem since it doesn't know anything of these classes imported from these jars.. It's quite obvious actually.
  My question is: how do I do to make the html file aware of these classes? Is there an html tag that allows us to include many jar files? Do I have to decompress all these jars, take all the directories, add them to the directories of my project and create a BIG jar (that's what I did, but it's really dirty, and heavy! (11M))??
  Does anyone have an idea about how I can do it?
  Thanks for your help
  Philippe

  11 MB is pretty big for an applet.
  Let's say your applet uses java 3d, normally a client would download and
  install this seporately, meaning the jars needed end up in lib/ext directory where
  any applet can find them.
  Check what applets need to be installed (put in lib/ext) and what can be
  downloaded:
  <object .....
  <param name="archive" value="myJar.jar, myOtherjar.jar" />