Home | Contact Us | FAQ | Search & Site Map | Link to Us
Sign In | Join | Other 45 Sites in Network
HomeAnnouncementsWhite Papers
Discussion GroupsFirst AidDatabasesJavaBeansGUIJava 3DVirtual MachineCORBASecurityToolsGeneral
Java DirectoryOpen Source ProjectsSample Book ChaptersUser GroupsWeb Resources
Related Topics
Databases.NETMore Topics ...
Java Forum / Security / April 2004

Tip: Looking for answers? Try searching our database.

Root Certificate Installer

Thread view: 
Enable EMail AlertsStart New Thread
Roedy Green - 30 Apr 2004 00:29 GMT
I have written up a proposal for a tool to automatically update root
certificates.

See http://mindprod.com/projrootcertinstaller.html

It would be nice if we could get all the code signing authorities to
use it.

--
Canadian Mind Products, Roedy Green.
Coaching, problem solving, economical contract programming.
See http://mindprod.com/jgloss/jgloss.html for The Java Glossary.
Reply to this Message
Michel Gallant - 30 Apr 2004 02:17 GMT
Here is a cert-import utility I wrote a few years ago (just updated signature to JPI v 1.4+):
  http://www.jensign.com/JavaScience/www/importcertutil

The certificate is self-signed (JavaScience1). The SHA1 hash of the signing cert is:
 2348 2020 230F CE40 F47E C415 EF61 F08B 7AB6 FE07

It was originally designed for just the purpose you mentioned below.

- Mitch Gallant
  www.jensign.com

> I have written up a proposal for a tool to automatically update root
> certificates.
[quoted text clipped - 8 lines]
> Coaching, problem solving, economical contract programming.
> See http://mindprod.com/jgloss/jgloss.html for The Java Glossary.
Reply to this Message
Roedy Green - 30 Apr 2004 02:58 GMT
>Here is a cert-import utility I wrote a few years ago (just updated signature to JPI v 1.4+):
>   http://www.jensign.com/JavaScience/www/importcertutil

I tried it out with Java 1.4.2_04

Audio cache: enabled
ClassLoader cache size: 10
Accept: false
java.security.AccessControlException: access denied
(java.util.PropertyPermission user.home read)
    at java.security.AccessControlContext.checkPermission(Unknown
Source)
    at java.security.AccessController.checkPermission(Unknown
Source)
    at java.lang.SecurityManager.checkPermission(Unknown Source)
    at java.lang.SecurityManager.checkPropertyAccess(Unknown
Source)
    at java.lang.System.getProperty(Unknown Source)
    at ImportCert.getDefaultStoresInfo(ImportCert.java:124)
    at ImportCert.init(ImportCert.java:102)
    at com.opera.PluginPanel.run(PluginPanel.java:441)
    at java.lang.Thread.run(Unknown Source)
--
Canadian Mind Products, Roedy Green.
Coaching, problem solving, economical contract programming.
See http://mindprod.com/jgloss/jgloss.html for The Java Glossary.
Reply to this Message
Roedy Green - 30 Apr 2004 03:46 GMT
>java.security.AccessControlException: access denied
>(java.util.PropertyPermission user.home read)

I don't know why it is doing that. Perhaps we need an applet that just
figures out which permissions ARE enabled, and possibly displays the
corresponding policy files.

--
Canadian Mind Products, Roedy Green.
Coaching, problem solving, economical contract programming.
See http://mindprod.com/jgloss/jgloss.html for The Java Glossary.
Reply to this Message
Roedy Green - 30 Apr 2004 04:08 GMT
>Audio cache: enabled
>ClassLoader cache size: 10
>Accept: false
>java.security.AccessControlException: access denied
>(java.util.PropertyPermission user.home read)

that is with Opera.  believe it has its own policy file.  It worked
with Mozilla.

--
Canadian Mind Products, Roedy Green.
Coaching, problem solving, economical contract programming.
See http://mindprod.com/jgloss/jgloss.html for The Java Glossary.
Reply to this Message
Roedy Green - 30 Apr 2004 05:38 GMT
>>   http://www.jensign.com/JavaScience/www/importcertutil
>
[quoted text clipped - 5 lines]
>java.security.AccessControlException: access denied
>(java.util.PropertyPermission user.home read)

Here is Opera's policy file.  It is so close to Sun's I can't see why
it would deny you the right to look at user.home.

// Standard extensions get all permissions by default

grant codeBase "file:${java.home}/lib/ext/*" {
       permission java.security.AllPermission;
};

// Opera package classes get all permissions

grant {
       permission java.lang.RuntimePermission
"accessClassInPackage.sun.*";
};

// default permissions granted to all domains

grant {
       // Allows any thread to stop itself using the
java.lang.Thread.stop()
       // method that takes no argument.
       // Note that this permission is granted by default only to
remain
       // backwards compatible.
       // It is strongly recommended that you either remove this
permission
       // from this policy file or further restrict it to code
sources
       // that you specify, because Thread.stop() is potentially
unsafe.
       // See "http://java.sun.com/notes" for more information.
       permission java.lang.RuntimePermission "stopThread";

       // allows anyone to listen on un-privileged ports
       permission java.net.SocketPermission "localhost:1024-",
"listen";

       // "standard" properies that can be read by anyone

       permission java.util.PropertyPermission "java.version",
"read";
       permission java.util.PropertyPermission "java.vendor", "read";
       permission java.util.PropertyPermission "java.vendor.url",
"read";
       permission java.util.PropertyPermission "java.class.version",
"read";
       permission java.util.PropertyPermission "os.name", "read";
       permission java.util.PropertyPermission "os.version", "read";
       permission java.util.PropertyPermission "os.arch", "read";
       permission java.util.PropertyPermission "file.separator",
"read";
       permission java.util.PropertyPermission "path.separator",
"read";
       permission java.util.PropertyPermission "line.separator",
"read";

       permission java.util.PropertyPermission
"java.specification.version", "read";
       permission java.util.PropertyPermission
"java.specification.vendor", "read";
       permission java.util.PropertyPermission
"java.specification.name", "read";

       permission java.util.PropertyPermission
"java.vm.specification.version", "read";
       permission java.util.PropertyPermission
"java.vm.specification.vendor", "read";
       permission java.util.PropertyPermission
"java.vm.specification.name", "read";
       permission java.util.PropertyPermission "java.vm.version",
"read";
       permission java.util.PropertyPermission "java.vm.vendor",
"read";
       permission java.util.PropertyPermission "java.vm.name",
"read";
};
grant codeBase "file:/E:/Program Files/Opera75/classes/Opera.jar" {
permission java.security.AllPermission; };

--
Canadian Mind Products, Roedy Green.
Coaching, problem solving, economical contract programming.
See http://mindprod.com/jgloss/jgloss.html for The Java Glossary.
Reply to this Message


Free Magazines

Get these publications absolutely FREE for up to 12 months. There are no hidden fees and no obligation. Simply choose a title, complete the application form and submit it. Read more ...

Oracle MagazineNetwork ComputingComputer WorldBio-IT WorldeWeekInformation WeekInfosecurity
 
Sign In
Join
My Latest Posts
My Monitored Threads
My Blog
My Photo Gallery
My Profile
My Homepage
Start New Thread
Enable EMail Alerts
Rate this Thread



©2008 Advenet LLC   Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.