Keystores
Java code can be signed, which entails obtaining
digital
certificates and running the
jarsigner
(or
equivalent) tool. You can grant permissions to code that is signed by
a particular entity.
If you choose to handle signed code, you must establish a keystore to hold the public keys of the signing entity. Before you run the signed code, you must obtain the public key certificate of the signing entity and install that certificate into your keystore. Some browsers (e.g., Netscape 6) allow you to accept the public key certificate when you first run the signed program, but usually you must install the public key certificate before running the program.
Administration of the keystore is handled by the
keytool
utility (see Chapter 10). By default, the keystore is held in a file
called .keystore in the user’s home
directory. When you install a public key certificate into the
keystore, you give that certificate an alias that is used to look up
the certificate in the future. For example, my public key certificate
lists my full name and other identifying information, but you may
enter it into your keystore with an alias of
sdo. This alias is the information that you
list in a policy file.
Get Java Security, 2nd Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.