Transcript Certificate

Certificates
By Purvi Shah
What is a Certificate
• A certificate is basically a digitally signed statement
from one entity (person, company, etc.), saying that
the public key of another entity has some particular
value.
• Some certificate related classes, included in
java.security.cert package, are certificate,
certificateFactory, and X509certificate
Certificate
• The Java Cryptography
Architecture (JCA) in
JDK 1.2 provides
Certificate factory
support to generate
certificates and
certificate revocation
lists (CRLs) from their
encodings.
Certificate
• JDK 1.2 also introduces keytool, jarsigner, and policy
tool. These tools provide features such as creating a
public-private pair, verify authority, and policy
configuration.
• This bring us to our next topic, using certificate and
policy file to gain permission between a client and an
applet.
Certificate with Applets
• The policy file must have an entry to grant
permission.
• The following examples shows you how to create a
file. When you try to run the file, you should get a
security exception since the applet doesn’t have
permission to access it. Type
http://java.sun.com/docs/books/tutorial/security1.2/to
ur1/example-1dot2/WriteFile.html to run the file.
Sample code to create/write to a
file
import java.awt.*;
import java.io.*;
import java.lang.*;
import java.applet.*;
public class WriteFile extends Applet { String myFile = "writetest";
File f = new File(myFile);
DataOutputStream dos;
public void init() { String osname = System.getProperty("os.name"); }
public void paint(Graphics g) {
try {
dos = new DataOutputStream(new BufferedOutputStream(new FileOutputStream(myFile),128));
dos.writeChars("Cats can hypnotize you when you least expect it\n");
dos.flush();
g.drawString("Successfully wrote to the file named " + myFile + " -- go take a look at it!", 10, 10); }
catch (SecurityException e) { g.drawString("writeFile: caught security exception: " + e, 10, 10); }
catch (IOException ioe) { g.drawString("writeFile: caught i/o exception", 10, 10); } } }
Grant Permission
• So how do you grant the required permission
to a client? Well, here is what’s needed.
• First you must create a policy entry granting
this permission.
• To do so, choose the Add Policy Entry
button in the main Policy Tool window.
Grant Permission
• You should see a Policy
Entry dialog box.
• A CodeBase value
indicates the code
source location.
• A SignedBy value
indicates the alias for a
certificate stored in a
keystore.
Grant Permission
• If you have both a CodeBase and a SignedBy entry,
the permissions) will be granted only to code that is
both from the specified location and signed by the
named alias.
• To grant client the permission it needs, grant the
permission to all code from the location (URL) where
client is stored.
• Type the following URL into the CodeBase text box,
Leave SignedBy empty:
http://java.sun.com/docs/books/tutorial/security1.2/to
ur1/example-1dot2/.
Grant Permission
• Now you are ready to
grant permissions to
that code.
• Choose the Add
Permission button to
bring up the
Permissions dialog box.
Grant Permission
•
•
•
•
Choose File Permission from the Permission
drop-down list. The complete permission type
name (java.io.FilePermission) now appears in the
text box to the right of the drop-down list.
Type the following in the text box to the right of the
list labeled Target Name to specify the file name,
whatever the client file name is.
Specify write access by choosing the write option
from the Actions drop-down list.
Click the OK button.
Grant Permission
• A window similar to the
following should appear,
where writetest is the
file name.
• Click Done on this box.
• Specifying policy entry
is now complete.
Grant Permission
• The following box
should appear when
you select Done
Save Policy File
• Choose the Save As
command from the File
menu. This brings up
the Save As dialog box.
Grant Permission
• Now that you have the
policy file saved, how
do you grant permission
for the code? The
following slides will
explain just that.
• Open the policy file,
which should look like
this.
Grant Permission
• Choose add policy
entry. You should see
this box pop up.
• Type in location or the
URL in the codebase
box. For example,
file:/C:/Test/
• Click add permission
Grant Permission
• You should see this
box.
• Choose property
permission, target
name, and read from
the options.
• Click ok and save this
file.
Citation
• Dageforde, Mary. “Quick Tour of controlling
applets”. Security in Java 2 SDK 1.2.
[http://java.sun.com/docs/books/tutorial/securi
ty1.2/index.html] (1995-2004)