Question

我有一个用我自己的证书签名的非常基本的Java Applet。当我在我的网站上试用它时，我收到的消息是应用程序被安全设置阻止。

这就是我所做的。我使用jarsigner工具签署了jar文件：

jarsigner -keystore keystore.p12 -storetype pkcs12  -tsa http://timestamp.comodoca.com/rfc3161 TestApplet1.jar codesign

当我验证罐子时，我看起来都很好：

$ jarsigner -verify -verbose -certs TestApplet1.jar

s k      415 Thu Oct 09 12:19:18 CEST 2014 META-INF/MANIFEST.MF

      [entry was signed on 9-10-14 12:19]
      X.509, EMAILADDRESS=test@test.nl, CN=codesigning 2014, OU=Test, O="Test BV ", L=Stad, ST=ZH, C=NL (codesign)
      [certificate is valid from 11-8-14 11:19 to 11-8-15 11:29]
      X.509, CN=CA-TEST (ca-test)
      [certificate is valid from 23-2-11 9:37 to 23-2-16 9:46]

         496 Thu Oct 09 12:19:18 CEST 2014 META-INF/CODESIGN.SF
        4666 Thu Oct 09 12:19:18 CEST 2014 META-INF/CODESIGN.RSA
smk      226 Tue Oct 07 16:31:54 CEST 2014 .classpath

      [entry was signed on 9-10-14 12:19]
      X.509, EMAILADDRESS=test@test.nl, CN=codesigning 2014, OU=Test, O="Test BV ", L=Stad, ST=ZH, C=NL (codesign)
      [certificate is valid from 11-8-14 11:19 to 11-8-15 11:29]
      X.509, CN=CA-TEST (ca-test)
      [certificate is valid from 23-2-11 9:37 to 23-2-16 9:46]

smk      370 Tue Oct 07 16:31:54 CEST 2014 .project

      [entry was signed on 9-10-14 12:19]
      X.509, EMAILADDRESS=test@test.nl, CN=codesigning 2014, OU=Test, O="Test BV ", L=Stad, ST=ZH, C=NL (codesign)
      [certificate is valid from 11-8-14 11:19 to 11-8-15 11:29]
      X.509, CN=CA-TEST (ca-test)
      [certificate is valid from 23-2-11 9:37 to 23-2-16 9:46]

smk      792 Tue Oct 07 16:34:30 CEST 2014 nl/test/applet/TestApplet1.class

      [entry was signed on 9-10-14 12:19]
      X.509, EMAILADDRESS=test@test.nl, CN=codesigning 2014, OU=Test, O="Test BV ", L=Stad, ST=ZH, C=NL (codesign)
      [certificate is valid from 11-8-14 11:19 to 11-8-15 11:29]
      X.509, CN=CA-TEST (ca-test)
      [certificate is valid from 23-2-11 9:37 to 23-2-16 9:46]

           0 Tue Oct 07 16:33:50 CEST 2014 nl/
           0 Tue Oct 07 16:33:50 CEST 2014 nl/test/
           0 Tue Oct 07 16:33:50 CEST 2014 nl/test/applet/

  s = signature was verified 
  m = entry is listed in manifest
  k = at least one certificate was found in keystore
  i = at least one certificate was found in identity scope

jar verified.

我使用标记

创建了一个非常基本的html文件

<body>
    <p>Test page TestApplet1</p>

    <applet code="nl.test.applet.TestApplet1.class"
        archive="TestApplet1.jar"
        id="TestApplet1"
        height="0" width="0">
    </applet>

    <script type="text/javascript">
        alert(document.getElementById("TestApplet1").helloWorld());
    </script>
</body>

但是当我在测试网站上部署它并尝试运行applet时，安全设置会阻止applet。我收到的消息是：＆＃34; 您的安全设置已阻止不受信任的应用程序运行＆＃34;。

当我将安全级别设置为＆＃34; Medium ＆＃34;，使用Java控制面板，然后我再次打开网页时，我收到安全警告：＆＃34; 请求以下位置的未签名应用程序获得运行权限。＆＃34;

我的做法出了什么问题？

顺便说一句，我已将CA证书导入IE证书存储区和Java控制面板中管理的证书中的受信任根CA.

欢迎提出任何建议。

Answer 1

查看this link

基本上，自签名小程序的行为与您注意到的方式相同。这是因为Java的安全标准。如果要删除警告，则需要购买证书。

希望这有帮助。

Answer 2

您需要执行以下步骤：

用钥匙签署所有罐子
确保使用https。
如果您使用http或自签名的ssl证书进行https，则需要将主机添加到安全例外列表中（jcontrol - ＆gt;安全选项卡 - ＆gt;编辑站点列表）

签名的java applet被安全设置阻止

2 个答案: