CertificatesWhat is a CertificateCertificateSlide 4Certificate with AppletsSample code to create/write to a fileGrant PermissionSlide 8Slide 9Slide 10Slide 11Slide 12Slide 13Save Policy FileSlide 15Slide 16Slide 17CitationCertificatesBy Purvi ShahWhat is a Certificate•A certificate is basically a digitally signed statement from one entity (person, company, etc.), saying that the public key of another entity has some particular value. •Some certificate related classes, included in java.security.cert package, are certificate, certificateFactory, and X509certificateCertificate•The Java Cryptography Architecture (JCA) in JDK 1.2 provides Certificate factory support to generate certificates and certificate revocation lists (CRLs) from their encodings.Certificate•JDK 1.2 also introduces keytool, jarsigner, and policy tool. These tools provide features such as creating a public-private pair, verify authority, and policy configuration.•This bring us to our next topic, using certificate and policy file to gain permission between a client and an applet.Certificate with Applets•The policy file must have an entry to grant permission.•The following examples shows you how to create a file. When you try to run the file, you should get a security exception since the applet doesn’t have permission to access it. Type http://java.sun.com/docs/books/tutorial/security1.2/tour1/example-1dot2/WriteFile.html to run the file.Sample code to create/write to a fileimport java.awt.*; import java.io.*; import java.lang.*; import java.applet.*; public class WriteFile extends Applet { String myFile = "writetest"; File f = new File(myFile); DataOutputStream dos; public void init() { String osname = System.getProperty("os.name"); } public void paint(Graphics g) { try { dos = new DataOutputStream(new BufferedOutputStream(new FileOutputStream(myFile),128)); dos.writeChars("Cats can hypnotize you when you least expect it\n"); dos.flush(); g.drawString("Successfully wrote to the file named " + myFile + " -- go take a look at it!", 10, 10); } catch (SecurityException e) { g.drawString("writeFile: caught security exception: " + e, 10, 10); } catch (IOException ioe) { g.drawString("writeFile: caught i/o exception", 10, 10); } } }Grant Permission•So how do you grant the required permission to a client? Well, here is what’s needed.•First you must create a policy entry granting this permission. •To do so, choose the Add Policy Entry button in the main Policy Tool window.Grant Permission•You should see a Policy Entry dialog box.•A CodeBase value indicates the code source location. •A SignedBy value indicates the alias for a certificate stored in a keystore.Grant Permission•If you have both a CodeBase and a SignedBy entry, the permissions) will be granted only to code that is both from the specified location and signed by the named alias. •To grant client the permission it needs, grant the permission to all code from the location (URL) where client is stored. •Type the following URL into the CodeBase text box, Leave SignedBy empty: http://java.sun.com/docs/books/tutorial/security1.2/tour1/example-1dot2/.Grant Permission•Now you are ready to grant permissions to that code. •Choose the Add Permission button to bring up the Permissions dialog box.Grant Permission•Choose File Permission from the Permission drop-down list. The complete permission type name (java.io.FilePermission) now appears in the text box to the right of the drop-down list. •Type the following in the text box to the right of the list labeled Target Name to specify the file name, whatever the client file name is. •Specify write access by choosing the write option from the Actions drop-down list. •Click the OK button.Grant Permission•A window similar to the following should appear, where writetest is the file name.•Click Done on this box.•Specifying policy entry is now complete.Grant Permission•The following box should appear when you select DoneSave Policy File•Choose the Save As command from the File menu. This brings up the Save As dialog box.Grant Permission•Now that you have the policy file saved, how do you grant permission for the code? The following slides will explain just that.•Open the policy file, which should look like this.Grant Permission•Choose add policy entry. You should see this box pop up.•Type in location or the URL in the codebase box. For example, file:/C:/Test/ •Click add permissionGrant Permission•You should see this box.•Choose property permission, target name, and read from the options.•Click ok and save this file.Citation•Dageforde, Mary. “Quick Tour of controlling applets”. Security in Java 2 SDK 1.2. [http://java.sun.com/docs/books/tutorial/security1.2/index.html]