自签名小程序未获得完全许可 [英] Self-signed applet doesn't get a full permission
问题描述
我在谷歌上搜索了很多链接,例如 oracle 和 velocity review 和 stackoverlow 也是如此,但仍然没有成功.
I've googled lots of links like oracle and velocity review and stackoverlow too, but still no success.
重点很简单.Jar 签名使用:
The point is simple. Jar is signed using:
keytool -genkey -alias signFiles -keystore compstore -keypass bca321 -dname "cn=test" -storepass abc123
jarsigner -keystore compstore -storepass abc123 -keypass bca321 -signedjar SignedJar.jar UnsignedJar.jar signFiles
它在本地机器上完美运行.但是当 SignedJar.jar 通过 HTTP(S) 像小程序一样使用时,即使用户接受证书(IE 或 FF 或 Chrome - 没有区别),它也会停止工作:
And it runs perfectly on local machine. But when SignedJar.jar is used like an applet via HTTP(S), even if user accepts certificate (IE or FF or Chrome - no difference), it stops working with:
java.security.AccessControlException: access denied (javax.smartcardio.CardPermission Broadcom Corp Contacted SmartCard 0 connect)
at java.security.AccessControlContext.checkPermission(Unknown Source)
at java.security.AccessController.checkPermission(Unknown Source)
at java.lang.SecurityManager.checkPermission(Unknown Source)
at sun.security.smartcardio.TerminalImpl.connect(Unknown Source)
是的,它尝试从插入终端的智能卡中读取数据,并在调用 connect 时出现异常.
Yes, it tries to read from smartcard inserted in terminal, and gets an exception on calling connect.
是的,我也试过这种方法:
Yes, I've tried this approach too:
AccessController.doPrivileged(new PrivilegedAction() {
...
但没有运气.那么问题在哪里?
But with no luck. So where is the catch?
提前致谢,基里尔
推荐答案
在创建公钥/私钥、创建关联证书并使用证书签署您的小程序 jar 中的一个之后,您应该为 JAR 中的每个文件创建一个哈希并用私钥签名.这些哈希、公钥和证书必须与 JAR 的清单一起添加到 JAR 文件的 META-INF 目录中.
After creating public/private keys, creating the associate certificate and signing which one of your applet jars with the certificate you should create a hash for each file in the JAR and sign them with the private key. These hashes, the public key, and the certificate must be added to the META-INF directory of the JAR file alongside the JAR’s manifest.
这是命令行:
$ jar -tf SignedApplet.jar
见链接
这篇关于自签名小程序未获得完全许可的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
