Jaime Hablutzel

+ Follow
since Dec 25, 2009
Cows and Likes
Total received
In last 30 days
Total given
Total received
Received in last 30 days
Total given
Given in last 30 days
Forums and Threads
Scavenger Hunt
expand Ranch Hand Scavenger Hunt
expand Greenhorn Scavenger Hunt

Recent posts by Jaime Hablutzel

You can use iBatis ScriptRunner (or a dependencies removed version), see here http://stackoverflow.com/a/1044837/320594

EDIT: I just read the question again, the method I mention is for SQL batch execution (DDL and DML), not for multiple SELECT at the same time, sorry.
The fact is that for signing something (an applet, an executable, etc) it helps much to know what is a certificate, a digital signature (it is PKI stuff), and the true is that the topic is somehow dense. so I'll try to be concise.

You start with a public/private key pair (some bits mathematically related generated by keytool), you send the public part (public key/CSR) to a certification authority (one of the certification authorities that any java default installation has registered by default), they verify you are who you say you are (they could ask for a notarial letter), and if they verify your identity correctly they will sign your public key with their certification authority, this is, they generate a certificate for you.

You latter use your private key (which is private, never sent anywhere) to sign your applet and append your certificate to the signed code (jarsigner comes here), so a client (java plugin) that downloads your applet does the following verification:

1. Verify the signature is correct, this is that is has been generated with your private key.
2. Check if the certificate has been issued/generated by a certification authority included in the default java list.
3. Execute your code.

From Java 1.7.0_45 (or _51 not sure) Java Applets will require your code to be signed with a commercial certification authorities (one in the list java has by default), and well the price will depend on the certification authority, you can get them from $80/year and they work the same (http://stackoverflow.com/questions/155241/cheapest-java-code-signing-certificate-not-self-signed)

Well, the procedure for signing your applet and get it working for all your clients like before could go as this:

1. Read http://www.youdzone.com/signature.html and get sure to understand the basics of digital signature.
2. Using keytool (or a frontend like Portecle) generate a key pair (the result will be a keystore.jks file), then a CSR with your public key and send this CSR to the certification authority.
3. Install the certificate sent by the certification authority to your keystore.jks
4. Sign you .jar using jarsigner
5. Follow new requirements for MANIFEST.MF, include "Permissions" attribute, see https://www.java.com/en/download/help/java_blocked.xml

If you need any clarification on any part of the process I can detail it for you (e.g. commands involved)
6 years ago
So the method isn't standard? as it is not in the spec but directly in code?
I have just read the relevant parts in "Java™ Servlet Specification Version 3.0 Rev a" and I can't see the definition of the method "setInitParameter()" is this really a standard one?
Really good answer, I'm looking for this too and the only thing I have found is the RFC for PKI: http://www.ietf.org/rfc/rfc3280.txt

Look for the section (Serial number).
There it saids that you should use the issuer (CA) name and the serial of the subject digital certificate to identify uniquely a digital certificate.
But if you just want to validate uniqueness for certificates issued by only one CA the certificate serial number is guaranteed to be unique.
9 years ago
I would suggest to check org.apache.xml.security.signature.XMLSignature and to read the specification of http://www.w3.org/TR/xmldsig-core/ so you can have things more clear in terms of validation of signatures and certificates, basically you could validate the signature (as you can see in the specification http://www.w3.org/TR/xmldsig-core/) in a straightforward way using org.apache.xml.security.signature.XMLSignature API, and you can follow example here to validate certificates chain: http://www.nakov.com/blog/2009/12/01/x509-certificate-validation-in-java-build-and-verify-chain-and-verify-clr-with-bouncy-castle/
9 years ago