Question

I need to read a certificate file (private.der) from my JApplet to create a PrivateKey for RSA, but I am getting the error

access denied ("java.io.FilePermission" "private.der" "read")

I have learned that the JApplet is running in a sandbox and can't access files as long as it is not assigned. Correct me if I am wrong.

I signed it and it worked:

keytool -genkey -keyalg rsa -alias myKeyName
keytool -export -alias myKeyName -file myCertName.crt

jarsigner "RSA.jar" myKeyName

but I still get the error FilePermission Error.

Java Code

File f = new File("private.der");
FileInputStream fis = new FileInputStream(f);
DataInputStream dis = new DataInputStream(fis);
byte[] keyBytes = new byte[(int) f.length()];
dis.readFully(keyBytes);
dis.close();

PKCS8EncodedKeySpec spec = new PKCS8EncodedKeySpec(keyBytes);
KeyFactory kf = KeyFactory.getInstance("RSA");
PrivateKey key = kf.generatePrivate(spec);

If there is a flag / parameter for disabling the sandbox in Google Chrome, please give it to me. I am testing anyway with --allow-file-access-from-files --disable-web-security, because of the Same Origin Policy.

Was it helpful?

Solution 2

To read from a File you can do this:

byte[] keyBytes = (byte[]) AccessController.doPrivileged(new PrivilegedAction<Object>() {
    public Object run() {
        try {
            File f = new File("<path>\\private.der");
            FileInputStream fis = new FileInputStream(f);
            DataInputStream dis = new DataInputStream(fis);
            byte[] keyBytes = new byte[(int) f.length()];
            dis.readFully(keyBytes);
            dis.close();

            return keyBytes;
        } catch (Exception e) {
            e.printStackTrace();
            return null;
        }
    }
});

And then you can read the file and get the content as a byte array

OTHER TIPS

Signing the applet only serves to:

a) Identify the provider (usually better with a certificate from a CA).

b) Ensure that the content has not been modified by someone else.

By itself, it gives no security permissions. You need to grant the applets signed by someone the permissions they require in the security policy file.

This link is a bit old but explains the process well. http://www.pawlan.com/monica/articles/signedapps/

Oracle references points to Java Web Start applications instead of applets for this kind of issues, so you might explore it. http://docs.oracle.com/javase/tutorial/deployment/applet/security.html

Oh, and by the way, all these checks are internal to the JVM, so I doubt there is any flag/configuration to disable it in a browser.

Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top