Breaking the Sandbox Barrier, Part 2
Review Part 1
In our previous article, we covered how to break the barrier of the sandbox model in Microsoft Internet Explorer by making use of digital certificates. In this article, we will demonstrate how to do the same in Netscape Communicator. We will provide a step-by-step procedure to create an applet employing Netscape privileges APIs, create a digital certificate employing Netscape signing tools, and package and sign the applet into a .jar file.
Communicator security capabilities represent the user's approval or denial of access to specified system resources for a specified signer. Java code requests capabilities only when it needs such access. Examples of capabilities that a Java applet might ask for are: writing to the hard disk, reading from the hard disk, opening a remote connection, etc.
User visits a Web page through Communicator containing a Java applet. As the applet is being downloaded, Communicator transparently checks to see if the applet is signed and attempts to verify the signature. If the applet is signed and the signature is verified, the applet can request capabilities. If the applet is unsigned or if the signature is unverified, the applet is restricted to running inside the sandbox.
When the applet wants to request capabilities, the user is notified through a dialog box. The dialog box tells the user the identity of the signer, the capabilities that have been requested, and the associated risks. With this information, the user then decides to allow or deny the capabilities that the Java applet has requested. If the capabilities are approved, the applet is allowed to access only the specified system resources on the user's computer. If the capabilities are not approved, the applet is restricted to the sandbox. If the user so requests, Communicator will remember the capabilities the user has assigned to the applet's signer and transparently permit that signer those capabilities in the future.
Creating a Java Applet
Let us now create a sample applet, SampleSignedApplet.java that adds a button 'Create File' in the
init method and associates an event handler method
actionPerformed for the applet. The code is given below:
public class SampleSignedApplet extends Applet implements ActionListener
public void init()
btnCreateFile_ = new Button("Create File");
public void actionPerformed(ActionEvent ae)
String str = ae.getActionCommand();
public void createFile()
//Request for enabling the Communicator file //privelege access
//Create a SampleDigitalCertificate file
FileOutputStream fileStream =
BufferedWriter out =
String fileMsg = "Hello World from a signed
out.write(fileMsg, 0, fileMsg.length());
msg_ = "Disk file has been created successfully!";
msg_ = "Exception!! Disk file couldn't be created.";
public void paint(Graphics g)
g.drawString(msg_, 50, 100);
When the user clicks on the 'Create File' button, the method
actionPerformed calls the
createFile method contains an additional call,
PrivilegeManager.enablePrivilege("UniversalFileAccess"), in its beginning. This invokes Communicator's capabilities for requesting to grant the privileges for universal file access. These capabilities are only available for the duration of the
createFile method creates a text file, SampleDigitalCertificate.txt, on the C: drive of the user's machine and prints a message in this file. The applet then displays the message for successful creation of the file. If any failure occurs, then that failure message is also displayed.
You need to add capsapi_classes.zip in the system
classpath for using privilege APIs. Use the
javac command to compile the SampleSignedApplet.java applet. This produces a SampleSignedApplet.class file.
Creating a Sample Digital Certificate
Before creating the digital certificate, the user profile database must exist in Netscape Communicator. This is done by using the profile
myProfile with the database path
C:\Program Files\Netscape\Users\myProfile in our example. We then set the Communicator database password by clicking the Security icon in the Communicator toolbar, clicking Passwords and then clicking Set Password, to create a password. We are using the password 'helloThere' for our example.
The sample digital certificate is produced using the Netscape signing tool. We use the signtool utility for Windows NT 4.0 for generating the test certificate. This utility can be downloaded from OBJECT-SIGNING TOOLS at Netscape Corp.
The parameters to
- -G: Generates a new private-public key pair and corresponding object-signing certificate with the given nickname
- -d: Specifies your certificate database directory
- -p: Specifies a password for the private-key database.
Also the information about the signing entity is given as:
- certificate common name -- common name of a person, e.g., "ABCSystems"
- organization -- large organization name, e.g., "ABCSystems Inc."
- organization unit -- department or unit, e.g., "Web Services Unit"
- state or province -- state or province name, e.g., "California"
- country -- two-letter country code, e.g., "US"
- username: User Name
- address: e-mail or other address of the user.
We must exit Communicator before using the Netscape signing tool to generate the object signing certificate. Otherwise, we run the risk of corrupting our certificate and key databases. Now we run signtool with all the required information as follows:
signtool -G MyDemoCert -d "C:\Program Files\Netscape\Users\myProfile"
Provide the information given below after prompted for the information on the command line:
certificate common name: ABCSystems
organization: ABCSystems Inc.
organization unit: Web Services Unit
state or province: California
country (must be exactly 2 characters): US
username: ABC User
This generates the MyDemoCert test certificate. Also, by specifying the
-d option, we have also installed the certificate and keys in the Communicator database. The certificate will thenceforth be trusted as a code signing Certificate Authority certificate.
Signing and Packaging in a .jar File
We package the SampleSignedApplet.class file into the SampleSignedApplet.jar file by using the signtool utitility. This utility also signs the SampleSignedApplet.jar during the packaging process only. We put the SampleSignedApplet.class file into the directory
sign. The directory
sign is located under where we run the signtool. For example, if we run signtool from
c:\NetScapeDemo, then we have
signtool -d "C:\Program Files\Netscape\Users\myProfile" -k MyDemoCert -Z
SampleSignedApplet.jar -p helloThere sign
We have used the MyDemoCert produced and stored in the Communicator database in the previous step. We have also given the Communicator database path and password. It produces a signed SampleSignedApplet.jar containing SampleSignedApplet.class and the digital signature.
Running the Signed Applet
We are now ready to run the signed applet. We create an HTML file, SampleSignedApplet.htm, that contains the following HTML code:
<applet code="SampleSignedApplet.class" ARCHIVE=SampleSignedApplet.jar
align="baseline" width="300" height="150" name="Sample Signed Applet"> </applet> </pre>
We copy the SampleSignedApplet.jar where SampleSignedApplet.htm resides. Now, opening SampleSignedApplet.htm in Communicator produces the following output:
Click on the Create File button. It launches a Java security dialog asking for the grant of file access privileges:
Click Grant and see that
c:\SampleDigitalCertificate.txt has been created containing "Hello World from a signed applet!!" message.
About the Authors
Nitin Nanda is the associate project manager in the R&D Centre of Quark, Inc., based in Chandigarh, India. He is the manager responsible for the front office suite of components for a CRM product. He has co-authored: Professional Java Data and Beginning Java Databases, both from Wrox Press.
Sunil Kumar is the associate team lead in the R&D Centre of Quark, Inc. He is responsible for design and development of a call center component for a CRM product being engineered in Java/ASP/DCOM-MTS/SQL Server. He worked with RAMCO Systems, developing generic ERP software prior to joining Quark.