Many of us would like to use a Test certificate during production phase of our project. Here I try to explain how to generate and use Test Certificate for Applet Signing.

I have not mentioned on how to get the certificate signed by Certificate Authorities like Verisign or Thawte.

The documents explains the procedure only for Windows Platform. The code has been tested on Windows NT 4.0 using JDK1.2.2/ JDK1.3.

Note: The code may not work with JDK1.3.0_01 or JDK1.3.1

Necessary Tools
1. "jarsigner" utility bundled along with JDK1.2/1.3
2. "keytool" utility bundled along with JDK1.2/1.3
3. JDK Plugin 1.3.
4. HTML Converter 1.3

Setting-up Self Signed Certificate
1. Create a directory say, javasign
2. Generate your own test certificate.

keytool -genkey -keystore suresh.store -alias sureshcert

This command will prompt for password and other details such as username, email, organisation unit etc and will create a file suresh.store in the javasign directory.
3. Export the certificate using the following command.

keytool -export -keystore suresh.store -alias sureshcert -file suresh.cer

Important: have the extension of exported certificate file as "cer".
This command will create a file suresh.cer in the directory javasign.
4. Install the certificate by double clicking the "cer" file in windows explorer.


Modifying Code
Since we are using JDK Plugin, we can harness the complete power of Java and use even Swing packages in the Applet.

Signing the Files
1. Create jar file of your Applet using the jar utility of JDK.Suppose the class files

jar cvf TestApplet.jar TestApplet.class

2. Copy the jar file to the javasign directory and issue following command to sign the jar file.

jarsigner -keystore suresh.store TestApplet.jar sureshcert

This command will prompt for pass-phrase. Enter the password which you used for creating the certificate.

Modifying the HTML File
Use the archive attribute along with the code attribute in the Applet tag

Sample file

<html> <body> <applet archive="TestApplet.jar" code="TestApplet.class" width="400" height="400"> </applet> </body> </html>

Then use the HTML Converter to convert the file to include OBJECT and EMBED tag for IE and Netscape

Necessary Tools
1. "signtool" utility.
2. netscape.security package : capsapi_classes.zip package

Setting-up Self Signed Certificate
Recommended Link :http://developer.netscape.com/docs/manuals/signedobj/signtool/index.htm
1. Important Before installing new keys and certificates in the key and certificate databases, you must set the database password (if you have not done so already). To set the password for the key and certificate databases currently being used by Communicator, click the Security icon in the Communicator toolbar, click Passwords, and click Set Password to create a password.
2. Copy from your communicator profile key3.db and cert7.db to a directory say c:\suresh.
3. Use following command to generate a test object-signing certificate

Signtool -d c:\suresh -G sureshkey

Certificates contain standard information about the entity they identify, such as the common name and organization name.
The Netscape Signing Tool prompts you for this information when you run the command with the -G option.


Modifying Code
Recommended Link: http://developer.netscape.com/docs/manuals/signedobj/capabilities/index.htm
Example file:

import java.applet.Applet; import java.awt.*; import java.io.*; // To compile, add java40.jar to the class path. import netscape.security.PrivilegeManager; public class WriteFile extends Applet { public void paint(Graphics g) { String slash = System.getProperty("file.separator"); try { // Support added for Netscape's Capabilities API. if (SecurityContext.isCapableOf("UniversalFileAccess")) { PrivilegeManager.enablePrivilege("UniversalFileAccess"); } String userdir = System.getProperty("user.dir"); g.drawString("Successfully read user.dir ..." + userdir, 10, 10); String fileName = userdir + slash + "tmpfoo"; DataOutputStream dos; dos = new DataOutputStream(new FileOutputStream(fileName)); dos.writeChars("This was written by a trusted applet.\n"); dos.close(); g.drawString("Successfully wrote to file " + fileName, 10, 30); } catch (Exception e) { g.drawString("WriteFile: caught " + e, 10, 10); } } }

import java.util.Hashtable; import netscape.security.PrivilegeManager; public class SecurityContext { private static Boolean communicator; public static synchronized boolean isCommunicator() { if (communicator == null) { communicator = Boolean.FALSE; try { // Try to find one of the netscape.security classes. Class t = Class.forName("netscape.security.UserDialogHelper"); communicator = Boolean.TRUE; } catch (Exception e) { // Can't find netscape.security package. } } return communicator.booleanValue(); } private static Hashtable hash = new Hashtable(); public static synchronized boolean isCapableOf(String s) { if (!isCommunicator()) return false; Boolean granted = (Boolean) hash.get(s); if (granted == null) { granted = Boolean.FALSE; try { // Ask for the capability. PrivilegeManager.enablePrivilege(s); granted = Boolean.TRUE; } catch (Exception e) { // Capability not granted. } hash.put(s, granted); } return granted.booleanValue(); } }

Signing the Files
1. Suppose the class files generated by compiling the above two files are in the directory : "signdir1"
2. Then use the following signtool command, which creates and signs the file:

Signtool -d c:\suresh -k sureshkey -Z WriteFile.jar signdir1

Modifying the HTML File
Use the archive attribute along with the code attribute in the Applet tag

Sample file

<html> <body> <applet archive="WriteFile.jar" code="WriteFile.class" width="400" height="400"> </applet> </body> </html>

Recommended Link:http://www.microsoft.com/java/security

Necessary Tools
1. Tools and Package from "Microsoft SDK for Java"
  a) cabarc : for creating cabinet files
  b) makecert: which creates a test X.509 certificate.
  c) signcode: for signing the code.
  d) com.ms.security package.
2. Detailed help for above tools available in MSDN Library Help

Setting-up Self Signed Certificate

makecert -sk sureshkey -r -ss ca suresh.cer makecert -is ca -ic suresh.cer -ss sureshstore

Modifying Code
Example file:

import java.io.*; import java.awt.*; import java.applet.Applet; import com.ms.security.*; public class write extends Applet { public void init() { try { if (Class.forName("com.ms.security.PolicyEngine") != null) PolicyEngine.assertPermission(PermissionID.SYSTEM); } catch (Throwable cnfe) { } MyThread t=new MyThread(); t.start(); } public void paint(Graphics g) { g.drawString("Try to write a file",15,15); } } class MyThread extends Thread { public void run() { try { FileWriter fw=new FileWriter("score.txt"); fw.write("high score: 14\n"); fw.close(); } catch(Exception e) { System.out.println(e); } } }

Signing the Files
1. Suppose the class files generated by compiling the above two files are in the directory : "signdir1". Change to signdir1 directory
2. Then use the following command, which creates the cab file:

cabarc -r -p n write.cab *.*

3. Then sign the cab file using following command

Signcode -j javasign.dll -jp low -s sureshstore write.cab

Modifying the HTML File
Use the cabbase attribute along with the code attribute in the Applet tag
Sample file

<html> <body> <applet code="write.class" width="400" height="400"> <param name=cabbase value=write.cab> <param name=... value=...> </applet> </body> </html>

If we intend to use Swing package, but do not want to use Plugin, then we have to include swing.jar or swingall.jar in the codebase or alternatively include swing.jar in archive attribute or swing.cab in cabbase tag of Applet tag. Remaining steps remain the same as explained for each browser