having trouble using signed java applet

[Darren]

I have been bugging Winzip for many years to add some jar support, but
every time they refuse. They won't even make jar a configurable
extension.

Well i won't argue with you. You know far more about this sort of thing than
I do but perhaps winzip was on about the directory?

Are you using Beta 10.0? No. 9.

I am trying to figure out how Winzip could possibly generate that
message. Main-Class in an entry INSIDE the manifest. Winzip is not
involved with content. It is just a container.

Hey I'm with you on that one but what can I say? That#s what it said

If you posted the weird jar somewhere, perhaps I could figure out what
you did.

Alt.binaries perhaps?

 

[Darren]

don't use it to add elements. It uses compression techniques that
Java does not understand.

I had no intention of using it for that only for viewing jar file contents.

 

[Darren]

for some reason the fool thing insists you collapse flags

jar -tf Helloserver.jar

hey no i got it with 'jar tf Helloserver.jar'
the help doc is misleading.

 

[Darren]

If you posted your code and your bat files we would not be playing
doctor in the dark.

I did once and I got mocked for doing so but if you prefer here it is.

package uk.me.g7wap.helloserver;
import java.awt.*;
import java.applet.*;
import java.net.*;
import java.io.*;
import java.security.*;
import java.lang.*;
public class Helloserver extends Applet
{
private String hostname = "http://g7wap.dyndns.org/";
private String protocol = "http://";
private String port="80";
private String buf;
private URL location;
private Object content;
private String tmpStr = "GET / HTTP / 1.1\r\n\r\n";//Accept:
*/*\r\n\r\n";//Accept-Language: en-gb\r\n\r\nXXXXXXXXXXXXXXX:
XXXXXXXXXXXXX\r\n\r\nUser-Agent: HelloServer 1\r\n\r\n";
private byte[] getStr = tmpStr.getBytes();
public void init()
{
hello();
}
public void paint(Graphics g)
{
g.drawString(buf, 50, 60 );
}

/**
* Method hello
*
*
* @return
*
*/
protected boolean hello()
{
String str,server;
byte[] ba = new byte[1024];
int bytesRead;
Socket socket=new Socket();
buf="";
try
{
// O P E N
socket = new Socket();
socket.setSoTimeout(3000);
socket.connect(new InetSocketAddress("10.0.0.254", 80),3000 );

}
catch(AccessControlException u)
{
buf=u.getMessage();
}
catch(MalformedURLException u)
{
buf=u.getMessage();
}
catch (UnknownHostException u)
{
return false;
}

catch(SocketTimeoutException u)
{
return false;
}
catch(IOException u)
{

}
try
{

InputStream is = socket.getInputStream();
try
{

OutputStream os= socket.getOutputStream();
try
{
os.write(getStr,0,tmpStr.length());
}
catch(IOException u)
{

}
}
catch(IOException u)
{
}
// R E A D
// -1 means eof.
// You don't necessarily get all you ask for in one read.
// You get what's immediately available.
bytesRead = is.read( ba, 0 /* offset in ba */, ba.length /* bytes to
read */ );
if (bytesRead!=-1)
{
System.out.println(bytesRead);
buf=new String(ba);
System.out.println(buf);
is.close();
}
}
catch(IOException u)
{
}
// C L O S E
try
{
socket.close();
}
catch(IOException u)
{
}
return true;
}

}

I trust you have code like this:

package uk.me.g7wap/helloserver;

no
package uk.me.g7wap.helloserver;

public class Helloserver

in a file called C:\uk\me\g7wap\helloserver\Helloserver.java

no the java is located elsewhre but the class is produced in
C:\uk\me\g7wap\helloserver\
so C:\uk\me\g7wap\helloserver\Helloserver.class

I trust you created your jar with some code like this:

c:
cd \

rem your main.mft should look like this:
rem Main-Class uk/me/g7wap/helloserver.Helloserver
rem following should be on one line:
jar.exe -cvfm
uk\me\g7wap\helloserver.jar
uk\me\g7wap\helloserver\main.mft
uk\me\g7wap\helloserver\*.class

then you signed it with:

jarsigner.exe helloserver.jar mycert

no more like
C:\>cd C:\applets\uk\me\g7wap\helloserver

C:\applets\uk\me\g7wap\helloserver>

C:\applets\uk\me\g7wap\helloserver>c:\j2sdk1.4.2_06\bin\jar cvf
Helloserver.jar Helloserver.class
added manifest
adding: Helloserver.class(in = 2224) (out= 1332)(deflated 40%)
C:\applets\uk\me\g7wap\helloserver>c:\j2sdk1.4.2_06\bin\jarsigner
Helloserver.jar dazkey
Enter Passphrase for keystore:

C:\applets\uk\me\g7wap\helloserver>c:\j2sdk1.4.2_06\bin\jarsigner -verify -v
erbose -certs Helloserver.jar

141 Thu Sep 22 13:16:28 BST 2005 META-INF/MANIFEST.MF
194 Thu Sep 22 13:16:30 BST 2005 META-INF/DAZKEY.SF
932 Thu Sep 22 13:16:30 BST 2005 META-INF/DAZKEY.RSA
0 Thu Sep 22 13:14:26 BST 2005 META-INF/
smk 2224 Thu Sep 22 01:28:36 BST 2005 Helloserver.class

X.509, CN=darren simpson, OU=Unknown, O=g7wap, L=mylocation,
ST=myprovince, C=uk (
dazkey)


s = signature was verified
m = entry is listed in manifest
k = at least one certificate was found in keystore
i = at least one certificate was found in identity scope

jar verified.

Is your way better. Is your manifest file an executable script?

 

[Dag Sunde]

no more like
C:\>cd C:\applets\uk\me\g7wap\helloserver

C:\applets\uk\me\g7wap\helloserver>

C:\applets\uk\me\g7wap\helloserver>c:\j2sdk1.4.2_06\bin\jar cvf
Helloserver.jar Helloserver.class

<snipped/>


Ahh... There we have your class not found error!

When you "jar" a class in a package, you must position yourself
one step above the package (In the case above, in C:\), and execute
jar from there. Giving it the full path down to your class-files.

c:\> jar -cfv helloserver.jar uk\me\g7wap\helloserver\*.class

Now, helloserver.jar will be present in the C:\ root, and it will
contain the full package.

 

[Darren]

<snipped/>


Ahh... There we have your class not found error!

When you "jar" a class in a package, you must position yourself
one step above the package (In the case above, in C:\), and execute
jar from there. Giving it the full path down to your class-files.
you mean in C:\applets\
c:\> jar -cfv helloserver.jar uk\me\g7wap\helloserver\*.class

Ah hence the c flag. It would be easier if jar read an enironment vairiable,
documentroot or codebase or something.

Now, helloserver.jar will be present in the C:\ root, and it will
contain the full package.

I'll try it and let you know

well the jar file looks more encouraging
C:\applets>c:\j2sdk1.4.2_06\bin\jarsigner -verify -verbose -certs
uk\me\g7wap\helloserver\Helloserver.jar

165 Thu Sep 22 17:22:48 BST 2005 META-INF/MANIFEST.MF
218 Thu Sep 22 17:22:48 BST 2005 META-INF/DAZKEY.SF
932 Thu Sep 22 17:22:48 BST 2005 META-INF/DAZKEY.RSA
0 Thu Sep 22 17:21:58 BST 2005 META-INF/
smk 2224 Thu Sep 22 01:28:36 BST 2005
uk/me/g7wap/helloserver/Helloserver.class

It's strange. I thought the package would have forced the directory
structure but then again jar is just an archiver

Now the clas not found is gone. I get
java.lang.NullPointerException
at sun.plugin.util.GrayBoxPainter.showLoadingError(Unknown Source)
at sun.plugin.AppletViewer.showAppletStatus(Unknown Source)
at sun.applet.AppletPanel.createApplet(Unknown Source)
at sun.plugin.AppletViewer.createApplet(Unknown Source)
at sun.applet.AppletPanel.runLoader(Unknown Source)
at sun.applet.AppletPanel.run(Unknown Source)
at java.lang.Thread.run(Unknown Source)
Exception in thread "Thread-5" java.lang.NullPointerException
at sun.plugin.util.GrayBoxPainter.showLoadingError(Unknown Source)
at sun.plugin.AppletViewer.showAppletException(Unknown Source)
at sun.applet.AppletPanel.runLoader(Unknown Source)
at sun.applet.AppletPanel.run(Unknown Source)
at java.lang.Thread.run(Unknown Source)
java.lang.NullPointerException
at sun.plugin.util.GrayBoxPainter.showLoadingError(Unknown Source)
at sun.plugin.AppletViewer.showAppletStatus(Unknown Source)
at sun.applet.AppletPanel.run(Unknown Source)
at java.lang.Thread.run(Unknown Source)
Exception in thread "thread applet-null" java.lang.NullPointerException
at sun.plugin.util.GrayBoxPainter.showLoadingError(Unknown Source)
at sun.plugin.AppletViewer.showAppletException(Unknown Source)
at sun.applet.AppletPanel.run(Unknown Source)
at java.lang.Thread.run(Unknown Source)

 

[Darren]

it is...

That's brave

 

[Darren]

hint. Whatever you want to know about, look up that word in the java
glossary at http://mindprod.com/jgloss.html

In this case the entry is at http://mindprod.com/jgloss/applet.html

It's an excellent site and though i have added to my favourites the next
time i do a rebuild because I'm senile i'll completely forget to back up my
favourites and bookmarks so with your permission i'll add it to my web site.

 

[Darren]

Please re-read the examples I gave you at:

http://mindprod.com/jgloss/javacexe.html
http://mindprod.com/jgloss/jarexe.html
http://mindprod.com/jgloss/jar.html
http://mindprod.com/jgloss/jarsigner.html
http://mindprod.com/jgloss/classpath.html

You have repeatedly refused to post code or bat files. I can't tell
what you are doing. You are demanding surgery by flashlight.

Not true. I have posted my code twice though my code has changed sonce the
first time and the socond time was in another part of this thread today as
you've probably already read

Your class should be in a package. That package name should be
reflected in its member name in the jar.

I think what you are doing is:

c:
cd \uk\me\g7wap\helloserver
jar.exe -cvfm helloserver.jar main.mft *.class

which is wrong. Jar.exe is incredibly stupid. You must have the
precise package info on the command line as I show you at
http://mindprod.com/jgloss/jarexe.html

I've got you page open as i'm replying One would think that sun would add a
tag in jar to include path information relative to the class base directory
but then again who am i to argue with sun.

 

[Darren]

Hello Darren...

I promised in another thread to sign an applet, and send it to you
so you could test if it worked at all...

I sendt a test-setup with source & a signed applet to your
"devslashnul.net" address, but i suspect that isn't a valid one.

Indeed its a faux address, your mail will bounce. I've used a similar
protocol to another poster (Roedy Green I think) who took his domain name,
reversed it and made a package out of it.

If you mail me your address, I'll send it to you.

ukWIBBLEmeWIBBLEg7wapWOBBLEdarren

reverse the whole thing it, replace WOBBLE with at and WIBBLE with dot and
you have it.

 

[Darren]

you can download the source and jar for a signed applet at
http://mindprod.com/products1.html#WASSUP
It also has an ant script for building it.

There's some good stuff on there

 

[Oliver Wong]

ukWIBBLEmeWIBBLEg7wapWOBBLEdarren

reverse the whole thing it, replace WOBBLE with at and WIBBLE with dot and
you have it.

I don't presume to know your e-mail address better than you, but
shouldn't you replace WOBBLE and WIBBLE *BEFORE* doing the reversing? And is
the reversing a character by character reversing, or a word by word one? =)
Or was giving an intentionally faulty algorithm part of the "trick" to evade
havester-bots? (if so, sorry for spoiling it)

Woe betide the day when our e-mail obfuscation techniques require
something more powerful than a Turing Machine to solve.

(E.g. Here's a set of 160 programs written in java. If the nth program
eventually terminates, then the nth bit in the ASCII representation of my
e-mail is a 1, otherwise it is a 0).

- Oliver

 

[Darren]

I don't presume to know your e-mail address better than you, but
shouldn't you replace WOBBLE and WIBBLE *BEFORE* doing the reversing? And is
the reversing a character by character reversing, or a word by word one? =)
Or was giving an intentionally faulty algorithm part of the "trick" to evade
havester-bots? (if so, sorry for spoiling it)

Now that's just nit picking.
BTW how do you reverse a . and a @ but he who was to decypher it managed ok.

 

[Oliver Wong]

Now that's just nit picking.
BTW how do you reverse a . and a @ but he who was to decypher it managed
ok.

The reverse of the string "." is ".", in my opinion (and similarly for
"@"). If I were to follow your instructions literally, I'd start with the
string "ukWIBBLEmeWIBBLEg7wapWOBBLEdarren", reverse it to get
"nerradELBBOWpaw7gELBBIWemELBBIWku", replace "WOBBLE" with at (no changes
since WOBBLE never occurs in the new string), replace WIBBLE with dot (no
change because WIBBLE never occurs either) and end up with
"nerradELBBOWpaw7gELBBIWemELBBIWku"

- Oliver

 

[Darren]

The reverse of the string "." is ".", in my opinion (and similarly for
"@"). If I were to follow your instructions literally, I'd start with the
string "ukWIBBLEmeWIBBLEg7wapWOBBLEdarren", reverse it to get
"nerradELBBOWpaw7gELBBIWemELBBIWku", replace "WOBBLE" with at (no changes
since WOBBLE never occurs in the new string), replace WIBBLE with dot (no
change because WIBBLE never occurs either) and end up with
"nerradELBBOWpaw7gELBBIWemELBBIWku"

Fortunately you would be too clever to do something silly like that but
thanks for the laughs though. I creased myself.

 

[Roedy Green]

Alt.binaries perhaps?

you could post it on a website or email it to me.
my email address is shown as a graphic at
http://mindprod.com/feedback/feedback.html

 

[Roedy Green]

hey no i got it with 'jar tf Helloserver.jar'

the first is wrong, the second is ok, the - is optional, combining the
flags is not.

 

[Roedy Green]

I did once and I got mocked for doing so but if you prefer here it is.

There are people here for the sole purpose of ragging newbies.

All you can do is put them in your killfile. The correct thing to do
is post code, preferably a SSCCE. See
http://mindprod.com/jgloss/snippet.html

 

[Roedy Green]

or quoted :

Here is your problem, as I predicted two posts back. You are in the
wrong directory to create your jar. You must be in the directory BELOW
your master package. e.g. C:\applets.

Please read the http://mindprod.com/jarexe.html entry again, and also
the sample bat stuff I posted.

There is further confusion if the class files live in
C:\applets\uk\me\g7wap\helloserver
or
C:\uk\me\g7wap\helloserver

I am assuming the first.

Start with
cd C:\applets
THEN build your jar. The command line will have the full package name
spelled out over and over.
You can use set package=uk\me\g7wap\helloserver
and %package% to abbreviate.

 

[Roedy Green]

Ah hence the c flag. It would be easier if jar read an enironment vairiable,
documentroot or codebase or something.

As I warn you in http://mindprod.com/jgloss/jarexe.html jar.exe is
braindamaged with no common sense at all. It will happily create jars
with package names and member names out of sync with not so much as a
warning message.