1 Reply Latest reply: Jul 21, 2010 3:11 PM by 843811 RSS

    Problems signing an existing applet (I think)?

    843811
      This is followed up to a topic left here: [t-5444779], because I now believe that I've failed to properly self-sign my .jar.

      The issue is this, I'm getting an error message: "java.security.AccessControlException: access denied (java.util.PropertyPermission jnlp read)" when I try to embed an applet in a website. The applet is 3rd party freeware called ImageJA, and contains no jnlps (nor does my code, since it's written in C#/html). It works properly if I set my java.policy file, but this will be used by analysts on a company intranet who can't all set their files.

      I get this error immediately, and there is no option given to say whether or not I trust the applet, which is why I believe something went wrong with the signing. I've tried to sign it multiple times. The first time I simply followed Sun's tutorial on signing an application ([http://download.oracle.com/docs/cd/E17476_01/javase/1.4.2/docs/guide/plugin/developer_guide/rsa_signing.html]), skipping the part about sending it off to VeriSign/Thawte. I tried some variations on that, to no effect. The most recent time I tried to sign it I followed these steps: [http://www-personal.umich.edu/~lsiden/tutorials/signed-applet/signed-applet.html]. After running a jarsigner -verify -verbose on the .jar it showed smk for all files. Do I need to make them register with the "i" identity scope as well somehow?

      The only other thing I can think of is that a .jnlp file is somehow required for this particular applet to run.
        • 1. Re: Problems signing an existing applet (I think)?
          843811

          I uploaded the applet to our server and tried running it as a client from there. When I do so I get a little more information, which might be helpful if anyone can assist:

          The publisher cannot be verified by a trusted source. Code will be treated as unsigned
          ij.ImageJApplet
          sun.security.ValidatorException: PXIX path verification failed:
          java.security.cert.CertPathValidatorException: signature check failed

          Sounds again like I did not self-sign correctly. Is there a way for me to clear my certificates and try again?