The simplest case is for HotJava, just
because it was developed by the same people who brought you the
Security API. HotJava recognizes applets archived in JAR files. (See
Appendix C, for a description of the
jar tool.) As discussed in Appendix D, you can use
to sign a JAR using one of the
identities that’s defined in the
database. HotJava recognizes the signed JAR and allows
you to define a security policy for the signer.
A security policy is a set of rules for a particular signer. For example, I might have the following security policy defined for applets signed by Josephine:
Applets can access the
Applets can write files to the local disk in the c:\temp directory.
Applets can make network connections to www.josephine.com.
HotJava allows you to define this kind of fine-grained security policy for different signers. We’ll take a peek at this feature a little later.
For HotJava, then, creating a signed applet follows three steps:
Prepare a signer.
Bundle up the applet.
Sign the applet.
Prepare a Signer
You can use
to create a signer and generate keys for
it. Refer to Appendix D if you’re not sure
how to do this. Marian will be the signer for the
Renegade applet. We’ll use her self-signed
certificate to sign the applet.
If you didn’t install Marian as a signer, do it now. First,
create Marian in the
javakey -cs Marian trueCreated identity [Signer]Marian[identitydb.obj][trusted]
Generate a set of keys for Marian ...