使用Maven jar插件和Bouncy Castle签署Applet

时间:2010-01-07 20:55:04

标签: applet maven-plugin access-denied signed signed-applet

我对签名的Java小程序有疑问 - 具体来说,为什么它没有使用我的证书签名。我在Eclipse中使用Maven。

applet(a)允许用户选择本地文件或目录,(b)加密文件,以及(c)将文件上传到基于PHP的网页。小程序已签名,大概是使用我的证书 - 即通过Maven代码,使用maven-jar插件。例如:

<plugin>                
   <groupId>org.apache.maven.plugins</groupId>
   <artifactId>maven-jar-plugin</artifactId>                
<executions>

         标志             
       
                的 /
       /图像/                           SRC /主/资源/ META-INF / MANIFEST.MF                    假          [PATH_TO_MY_KEYSTORE]         [我的阿里亚斯]         [******]         [******]         [PATH_TO_SIGNED_JAR]         真正         真正            

(显然我已经屏蔽了一些,因为我为偏执的gits工作!)一切都很好地打包,applet加载到页面中;然而,有两件事情很麻烦:(1)当applet加载时,它将Bouncy Castle军团识别为用于签署applet的证书;(2)applet使用JFileChooser可以访问文件系统时“访问”在尝试执行上述(c),将文件发送到网站时,会拒绝“对文件的权限”。 (我使用Apache HTTP Components来执行此操作。)

我的applet与依赖的罐子分开包装 - 包括Bouncy Castle罐子。

我的问题是:为什么BC是我applet的签名者而不是我自己的证书,如上所述?这是Maven的问题吗?当然,在开发中,一切正常,因为Eclipse为Applet Viewer编写了策略文件。

这是Eclipse中输出的一个片段 - 看起来一切都应该是honky-dory:

[DEBUG] Configuring mojo 'org.apache.maven.plugins:maven-jar-plugin:2.2:sign' with basic configurator -->
[DEBUG]   (s) alias = myalias
[DEBUG]   (s) basedir = C:\..\target
[DEBUG]   (f) finalName = app-0.0.1-SNAPSHOT
[DEBUG]   (s) jarPath = C:\..\app-0.0.1-SNAPSHOT.jar
[DEBUG]   (s) keypass = 1234
[DEBUG]   (s) keystore = C:\..\my.keystore
[DEBUG]   (s) project = MavenProject: App:app:0.0.1-SNAPSHOT @ C:\..\app\pom.xml
[DEBUG]   (f) signedjar = C:\..\signed.jar
[DEBUG]   (f) skip = false
[DEBUG]   (s) storepass = 1234
[DEBUG]   (s) verbose = true
[DEBUG]   (s) verify = true
[DEBUG]   (f) workingDirectory = C:\..\app
[DEBUG] -- end configuration --
[INFO] [jar:sign]
[DEBUG] Setting context classloader for plugin to: /plugins/org.apache.maven.plugins:maven-jar-plugin:2.2@48/thread:main (instance is: ClassRealm[/plugins/org.apache.maven.plugins:maven-jar-plugin:2.2@48/thread:main, parent: ClassRealm[plexus.core, parent: null]])
[DEBUG] jarsigner executable=[C:\Java\jdk1.6.0_16\jre\..\bin\jarsigner.exe]
[DEBUG] mdkirs: false C:\..\app
[DEBUG] Executing: cmd.exe /X /C '"C:\Java\jdk1.6.0_16\jre\..\bin\jarsigner.exe -verbose -keystore C:\...\my.keystore -storepass ****** -keypass ****** -signedjar C:\...\signed.jar C:\...\target\app-0.0.1-SNAPSHOT.jar myalias"'
[INFO]  updating: META-INF/MANIFEST.MF
[INFO]    adding: META-INF/APP.SF
[INFO]    adding: META-INF/APP.RSA
[INFO]    adding: com/
[INFO]    adding: com/applet/
  ...
[INFO]    adding: images/
[INFO]   signing: com/applet/DemoApplet$1.class
[INFO]   signing: log4j.xml
[INFO]   signing: target.classes
[debug] jarsigner executable=[C:\Java\jdk1.6.0_16\jre\..\bin\jarsigner.exe]
[debug] Executing: cmd.exe /X /C '"C:\Java\jdk1.6.0_16\jre\..\bin\jarsigner.exe -verify -verbose C:\...\signed.jar"'

非常感谢任何帮助。谢谢。顺便提一下,这是堆栈跟踪:

General exception: access denied (java.io.FilePermission C:\Documents and Settings\Paul\My Documents\text.txt read)
java.security.AccessControlException: access denied (java.io.FilePermission C:\Documents and Settings\Paul\My Documents\text.txt read)
at java.security.AccessControlContext.checkPermission(Unknown Source)
at java.security.AccessController.checkPermission(Unknown Source)
at java.lang.SecurityManager.checkPermission(Unknown Source)
at java.lang.SecurityManager.checkRead(Unknown Source)
at java.io.File.isFile(Unknown Source)
at sun.awt.shell.ShellFolder.isFile(Unknown Source)
at org.apache.commons.httpclient.methods.multipart.FilePartSource.<init>(FilePartSource.java:68)
at com.securustek.applet.DemoApplet.sendFiles(DemoApplet.java:1098)
at com.securustek.applet.DemoApplet.actionPerformed(DemoApplet.java:448)
at javax.swing.AbstractButton.fireActionPerformed(Unknown Source)
at javax.swing.AbstractButton$Handler.actionPerformed(Unknown Source)
at javax.swing.DefaultButtonModel.fireActionPerformed(Unknown Source)
at javax.swing.DefaultButtonModel.setPressed(Unknown Source)
at javax.swing.plaf.basic.BasicButtonListener.mouseReleased(Unknown Source)
at java.awt.AWTEventMulticaster.mouseReleased(Unknown Source)
at java.awt.Component.processMouseEvent(Unknown Source)
at javax.swing.JComponent.processMouseEvent(Unknown Source)
at java.awt.Component.processEvent(Unknown Source)
at java.awt.Container.processEvent(Unknown Source)
at java.awt.Component.dispatchEventImpl(Unknown Source)
at java.awt.Container.dispatchEventImpl(Unknown Source)
at java.awt.Component.dispatchEvent(Unknown Source)
at java.awt.LightweightDispatcher.retargetMouseEvent(Unknown Source)
at java.awt.LightweightDispatcher.processMouseEvent(Unknown Source)
at java.awt.LightweightDispatcher.dispatchEvent(Unknown Source)
at java.awt.Container.dispatchEventImpl(Unknown Source)
at java.awt.Window.dispatchEventImpl(Unknown Source)
at java.awt.Component.dispatchEvent(Unknown Source)
at java.awt.EventQueue.dispatchEvent(Unknown Source)
at java.awt.EventDispatchThread.pumpOneEventForFilters(Unknown Source)
at java.awt.EventDispatchThread.pumpEventsForFilter(Unknown Source)
at java.awt.EventDispatchThread.pumpEventsForHierarchy(Unknown Source)
at java.awt.EventDispatchThread.pumpEvents(Unknown Source)
at java.awt.EventDispatchThread.pumpEvents(Unknown Source)
at java.awt.EventDispatchThread.run(Unknown Source)

再次感谢。

1 个答案:

答案 0 :(得分:0)

我不确定,但可能是因为证书本身因为安全访问问题......我的意思是它可能会过期。它是新创造的吗? 但是仍然应该有更多细节来分析...

您检查过MANIFEST类结构吗?它们都签了吗?

相关问题
最新问题