Integrity Checking Unprivileged Java Applets

M. Gallant 03/01/2002

Web browsers perform security checks on signed Java applets by checking the archive contents (cab for IE, jar for Netscape and JavaPlugin) and verifying the signed hash contents contained therein with a newly computed hash value on the class file contents, and by verifying the certificate certification path against installed root CA certificates in the local browser. If the signature fails (due to corrupted contents of the archive), the applet will not load. If the signature is properly verified, but if the certification path is not recognized, the end user may be warned of this status and depending on the browser, may allow execution to proceed after user approval.

Sometimes, it is useful to force downloaded applet integrity verification, even if the code does not require any privileged capability. To enable such integrity verification, the code must be archived and signed (cab for IE, jar for Netscape). The simplest approach is to assert permissions in the applet init() method, using the lowest privileges necessary. For example:

public void init() { // ----------- Check Privileges for IE Browsers --------- try { if (Class.forName("com.ms.security.PolicyEngine") != null) { // required for IE PolicyEngine.assertPermission(PermissionID.USERFILEIO); } } catch (Throwable cnfe) { System.out.println("Problem getting privileges for IE " + cnfe) ; } // --------- Check Privileges for Netscape Browsers ------------ try{ PrivilegeManager.enablePrivilege("UniversalBrowserRead") ; // required for NN } catch(Exception cnfe) { System.out.println("netscape.security.PrivilegeManager class not found") ; } }


Simple Example

Depending on the particular approach (IE versus Netscape native JVMs versus JavaPlugin) it may be possible to access the archive programatically to perform further inspection/auditing.

References: