Signed Classes
One of the primary applications of digital signatures in Java is to create and verify signed classes. Signed classes allow the expansion of Java’s sandbox in two ways:
The policy file can insist that classes coming from a particular site be signed by a particular entity before the access controller will grant that particular set of permissions. In the policy file, such an entry contains a
signedBy
directive:grant signedBy "sdo", codeBase "http://piccolo.East.Sun.COM/" { java.io.FilePermission "-", "read,write"; }
This entry allows classes that are loaded from piccolo.East.Sun.COM to read and write any local files under the current directory only if the classes have been signed by
sdo
.The security manager can cooperate with the class loader in order to determine whether or not a particular class is signed; the security manager is then free to grant permissions to that class based on its own internal policy. However, while this was an important technique in Java 1.1, it is rarely used in Java 2.
We talked about these operations throughout this book; in this section, we’ll fill in the last details about how the digital signatures are created and verified. There are three necessary ingredients to expand the Java sandbox with signed classes:
A method to create the signed class. The
jarsigner
utility is used for this.A class loader that knows how to understand the digital signature associated with the class. The
URLClassLoader
class knows how to do this, but we’ll ...
Get Java Security, 2nd Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.