Hi Thad,
Yes, I think I was chasing a red-herring with the bad CA certificate theory
:)
I now think my problem has to do with the way I am calling applet methods
from Javascript.
I have some JavaScript that calls 3 or 4 applet methods that perform trusted
operations (don't worry the methods are designed so that a malicious hacker
can't steal my signed applet and do bad things with it :).
With the original NS security model I used the PrivilegeManager class to
enable privileges each time the method was called, allowing trusted
operations to be performed.
Now I suspect with the Java 2 security model, since I call 'trusted' signed
applet methods from JavaScript, whose execution thread has 'unknown'
origin, the thread is not trusted and trusted operations fail.
I really think this is what's happening.
So, is it possible to call signed applet methods from JavaScript and perform
trusted operations with the Java 2 security model? Or does the execution
thread have to originate from the signed applet in order to perform trusted
operations?
I've tried launching threads from within my signed applet to perform trusted
operations when a method is called from JavaScript, assuming that since the
thread originates in trusted code perhaps it will be trusted (?!?!) but this
doesn't quite work in NS6.
Thanks for any insight you may have into this,
-Randy.
"Thad Humphries" <[EMAIL PROTECTED]> wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> Mine says the same thing: "Could not verify this certificate because
> of unknown problems."
>
> But I'm not siging with that. I am signing with a cert purchased from
> VeriSign: my server id message calls it "Digital ID Class 3 - Netscape
> Object Signing" and it we bought it from VeriSign for our facility.
>
> For older Java 1.1 applets that are to run in ID and for Install
> Shield installers we also have a "Digital ID Class 3 - Microsoft
> Software Validation v2" certificate.
>
> On Mon, 09 Apr 2001 21:25:28 GMT, "Randy" <[EMAIL PROTECTED]> wrote:
>
> >Hi Thad,
> >
> >Thanks for your reply, but I don't think my problem is with signing my
code
> >but getting the signed code to work in Netscape 6. I don't see anything
in
> >the code signing instructions that are specific to NS6. Am I missing
> >something?
> >
> >As I said, my signed applet works everywhere but NS6.
> >
> >When I open the html page that references my applet, I get the security
> >dialog indicating NS6 has recognized my applet as signed. When I grant
> >permission, the applet loads and initializes properly. However, when my
> >applet attempts to open a file, security exceptions are thrown (as seen
in
> >console) , as if the applet is not trusted.
> >
> >One thing I did find is that in my NS6 installation, the certificate for
my
> >certifcate authority, "Verisign Class 3 CA - Commercial Content/Software
> >Publisher" cannot be verified.
> >
> >Too see this I opened Security Manager, selected
> >Certificates->Authorities->"Verisgn Class 3 CA - Commercial
Content/Software
> >Publisher" and then View. The window that pops up says "Could not verify
> >this certificate because of unknown problems."
> >
> >So, my theory is that because NS6 can't verify the CA that issued my
signing
> >certificate, NS6 doesn't trust my signed applet.
> >
> >So, my question is, how come this Verisign CA can't be verified and how
do I
> >fix this?
> >
> >Is this just my problem?
> >
> >Thanks again for your response Thad.
> >
> >-Randy.
> >
> >
> >
> >
> >"Thad Humphries" <[EMAIL PROTECTED]> wrote in message
> >[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> >> See
> >> http://developer.netscape.com/library/documentation/signedobj/signtool
> >> for how to use the signtool and your current certificate to sign you
> >> applet for Netscape 6.
> >>
> >> The signed applet will also work with IE and the Java 1.3 plugin.
> >>
> >> On Fri, 06 Apr 2001 01:07:29 GMT, "Randy" <[EMAIL PROTECTED]> wrote:
> >>
> >> >Hello,
> >> >
> >> >What's the official word on signed applets for NS6?
> >> >Is NS6 still buggy with respect to signed applets?
> >> >
> >> >I have a signed applet that works perfectly well in NS 4.7x but locks
up
> >> >NS6.
> >> >
> >> >I understand that NS6 now uses Sun's Java Plug-in and that calls to
> >> >PrivilegeManager to grant specific privileges are no longer required.
I
> >also
> >> >understand that 4.7x signed applets should still work since the old
> >security
> >> >classes (ie. PrivilegeManager) are stubbed.
> >> >
> >> >I'm finding that my applet throws security exceptions when I attempt
file
> >> >access and sometimes locks up NS6 under NT 4.0 .
> >> >
> >> >Thanks for any comments on this,
> >> >
> >> >Randy.
> >> >
> >> >
> >>
> >
> >
>
