• Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

where are other classes other than main applet classs are kept in a trusted applet

 
satyendra adhikari
Ranch Hand
Posts: 52
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
hello! in one of my trusted applet i am using some of my other classes/packages.should i keep
them all inside jar or keeping them in the dir from where applet will be downloaded is sufficient.
 
Tim Holloway
Saloon Keeper
Posts: 18359
56
Android Eclipse IDE Linux
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
All of the classes in a trusted environment have to be kept in the jar. The Jar's signature is created from the contents of every item in the jar so that any attempt to replace an item within that jar will "break" the signature and signal that the jar is no longer secure.
Any class you load from outside the jar cannot be considered secure and neither it nor any signed classes that that class calls can be considered secure, since it's easy to stuff in a bogus external class.
 
satyendra adhikari
Ranch Hand
Posts: 52
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
what about the core java classes/packages or other packages my applet will use..
for example one of my applet is as here..
//this class used by applet
package adhikari.des;
import java.io.*;
import java.security.*;
import java.util.*;
import javax.crypto.*;
import javax.crypto.spec.*;
import javax.crypto.SecretKeyFactory;
import java.security.spec.*;
import java.math.*;
public class DesObj implements Serializable
{
...}
****************************
//main applet class
import adhikari.des.*;
import java.awt.*;
import java.io.*;
import java.net.*;
import java.awt.event.*;
import java.applet.Applet;
import java.util.*;
public class DesApplet extends Applet implements ActionListener
{
.....}
i am asking because my applet running fine is Appletviewer but in a browser under same JRE(using plugin supplied with j2sdk1.4.0-beta3) it gives me exceptions like this..
java.lang.ExceptionInInitializerError
at javax.crypto.KeyGenerator.getInstance(DashoA6275)
at adhikari.des.DesObj.encr(DesObj.java:33)
at adhikari.des.DesObj.workNow(DesObj.java:24)
at adhikari.des.DesObj.<init>(DesObj.java:20)
at DesApplet.actionPerformed(DesApplet.java:80)
at java.awt.Button.processActionEvent(Button.java:384)
at java.awt.Button.processEvent(Button.java:353)
at java.awt.Component.dispatchEventImpl(Component.java:3527)
at java.awt.Component.dispatchEvent(Component.java:3368)
at java.awt.EventQueue.dispatchEvent(EventQueue.java:448)
at java.awt.EventDispatchThread.pumpOneEventForHierarchy(EventDispatchThread.java:193)
at java.awt.EventDispatchThread.pumpEventsForHierarchy(EventDispatchThread.java:147)
at java.awt.EventDispatchThread.pumpEvents(EventDispatchThread.java:141)
at java.awt.EventDispatchThread.pumpEvents(EventDispatchThread.java:133)
at java.awt.EventDispatchThread.run(EventDispatchThread.java:101)
Caused by: java.lang.SecurityException: Cannot set up certs for trusted CAs: java.lang.SecurityException: Cannot authenticate jar:file:US_export_policy.jar!/java.security.PrivilegedActionException: java.util.zip.ZipException: The system cannot find the file specified
at javax.crypto.SunJCE_b.<clinit>(DashoA6275)
... 15 more
**********************
could you please tell me explicitely what classes/packages to keep in my jar and make it trusted..
thank you for your help
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic