ProblemYou want to digitally sign your JAR file. SolutionGet or forge a digital certificate, and use the jarsigner program. DiscussionA JAR file can be digitally signed to verify the identity of its creator. This is very similar to digital signing of web sites: consumers are trained not to enter sensitive information such as credit card numbers into a web form unless the "padlock" icon shows that it is digitally signed. Signing JAR files uses the Security API in the core Java 2 platform. You can sign JAR files for use with Java applets (see Chapter 18) or JWS (Recipe 23.13). In either case, the jarsigner tool included in the JDK is used. You can purchase a certificate from one of the commercial signing agencies when you are ready to go live. Meanwhile, for testing, you can " self-sign" a certificate. Here are the steps needed to sign a JAR file with a test certificate:
The jarsigner tool updates the META-INF directory of your JAR file to contain certificate information and digital signatures for each entry in the archive. This can take a while, depending on the speed of your CPU, the number of entries in the archive, and so on. The end result is a signed JAR file that is acceptable to applet-enabled browsers, Java Web Start, and any other mechanisms that require a signed JAR file. See AlsoFor more information on signing and permissions, see Java Security by Scott Oaks (O'Reilly). For more information on the other JDK tools mentioned here, see the documentation that accompanies the JDK you are using. |