Java Reference
In-Depth Information
C
AUTION
The classes
PersistentStorage
and
Utilities
are not part of the JNLP API, but they
are utility classes developed for this topic, freely available to readers. These classes
and other utility code relating to the client side of the JNLP technology will be dis-
cussed in the next chapter.
Signing JAR Files with the
Jarsigner
Tool
Most JNLP Clients, including Web Start, use the security API in the Java 2 platform. The Java
2 SE JRE 1.2.x supports code signing with the SHA-with-SDA algorithm. J2SE JRE 1.3 also
supports MD2withRSA and MD5withRSA.
The steps to sign your JAR files with auto-certificates (useful only for development purposes)
are as follows:
1. Prepare the directory in which you want to store your keys, and remember to have the
Java signing tools in the path, located in the bin directory of any J2SE JDK distribution.
2. Create a test key store; that is, “
testks”
.
keytool -genkey -keystore testks -alias myself
The keytool utility will start asking information about yourself to be used in the certifi-
cate. It will take awhile. When the program asks for the user password, you should type
only the “return” key so to use the same password as the one entered for key store.
3. Then, to create a test certificate, type the following:
keytool -selfcert -keystore testks -alias myself
4.
After awhile, the key store will be ready. To use it for testing your JAR files, launch the
following command with
myResource.jar
as the JAR file name:
jarsigner -keystore testks myResource.jar myself
This will sign the JAR file that will be considered signed by the JNLP Client.
If you have your own certificate anyway, just follow the last step to digitally sign your JAR
files. The result of the digital signing will be two files stored in the META-INF directory of the
signed JAR file.
T
IP
You can move or copy the obtained
testks
file (the key store) for signing your JAR
files.
