Running signed applets with appletviewer

Claudiane Grando (Claudiane_Grando@oti.com)
Mon, 01 Dec 1997 16:35:01 -0500

From: Claudiane_Grando@oti.com (Claudiane Grando (OTT))
To: java-security@web2.javasoft.com ('smtp: java-security@java.sun.com')
Date: Mon, 01 Dec 1997 16:35:01 -0500
Subject: Running signed applets with appletviewer

I've been trying to get applet signing to work with the appletviewer in the
past few days but I haven't had any luck so far. I looked at the messages on

the JavaSecurity Q&A Archive that talk about the use of javakey, but none of

them answered my question: why can't I get signed applets to run with the
appletviewer?!?!?!

First, I've tried the example from
http://java.sun.com/security/signExample/index.html. I followed all the
steps, created Duke as a trusted identity and imported its certificate
without any problems. But when I try to run the signed applet I still get a
Security Exception, just like with the unsigned applet!!

I've then decided to try signing and then running my own applet. I've
followed the instructions in http://java.sun.com/security/usingJavakey.html,

I've entered myself into the database as a signer, got public and private
keys, genereated a certificate, created the jar, signed it...
Just as before, all seemed to be just fine, but again, when I tried to run
the signed applet I got a Security Exception!! Here is the stack trace:

sun.applet.AppletSecurityException: checkwrite
at sun.applet.AppletSecurity.checkWrite(AppletSecurity.java:432)
at java.io.FileOutputStream.<init>(FileOutputStream.java:63)
at WriteFileTest.paint(WriteFileTest.java:28)
at java.awt.Component.dispatchEventImpl(Component.java:1723)
at java.awt.Container.dispatchEventImpl(Container.java:935)
at java.awt.Component.dispatchEvent(Component.java:1704)
at java.awt.EventDispatchThread.run(EventDispatchThread.java:63)

I was getting ready to give up this applet signing thing when I decided to
try it with HotJava (1.1beta), and to my surprise, it worked!!

So it seems to me that javakey works, and the problem is really with the
appletviewer!! Am I right, the appletviewer doesn't know how to handle all
this, or am I missing something here??!

I've also noticed that just by putting a class file inside a jar and then
trying to run from there (using <applet code=WriteFileTest.class
archive="WriteFileTestUnsigned.jar" width=500 height=150></applet>) causes
the same security problem! So maybe the fact that I couldn't make it work
with the appletviewer has nothing to do with certificates and signing, but
with the appletviewer not knowing how to handle jars? Just speculating...

BTW, I'm running jdk1.1.4 under Win95.

Any help will be greatly appreciated!

Thanks in advance,
Clau claudiane_grando@oti.com