Problem signing application!!

Dave Proulx (dproulx@mitre.org)
Mon, 07 Dec 1998 12:46:56 -0500

I have found quite a bit on-line about signing applets, but not very
much about signing applications. Additionally, I'm guessing that what
I'm trying to do is a little unusual, so no one has had to deal with
this sort of thing.

I've got an HTTP server (Netscape Enterprise) dispensing signed jar
files and Java clients (JDK1.2 beta4) which download the jars, load the
primary class file within the jar, instantiate it and execute one of its
methods. I install a SecurityManager on the client before the jar file
is downloaded. It's policy file is of the form:

grant signedBy "test" {
permission java.security.AllPermission;
};

The problem:
When control is handed over to the method within the newly loaded class
file, I get an AccessControlException when trying to access the system
properties (or any other Security controlled function). Running with
java.security.debug defined yields the following message in conjunction
wtih the AccessControlException.

access: domain that failed ProtectionDomain
(jar:http://jarhost.com:80/jars/signed.jar!/ <no certificates>)

This jar file has definitely been signed and with the private key
associated with the certificate referenced in the policy file (verified
using jarsigner -verify -verbose -certs signed.jar)

I was thinking that, possibly the act of loading and executing the class
file would cause it to lose it's association with its signature
information in the jar file, but according to the 'access' message
above, it appears that the association hasn't been lost, but the certs
have. The debug information gives no indication that there is any
problem with the certificates when the class is loaded and instantiated.

Finally, if I turn off the SecurityManager, everything runs just as I
want it to.

Any suggestions?

Thanks.
Dave.

-- 
----------------------------------------------------------
David Proulx	The MITRE Corp.		dproulx@mitre.org
----------------------------------------------------------