Breaking the Sandbox Barrier, Part 1

Tuesday Dec 4th 2001 by Nitin Nanda

It is sometimes necessary for client applications to use the features that are restricted by the sandbox model, like reading from a file system or writing to a file. In Internet Explorer, this can be accomplished by signing the applet with a digital certificate and authenticating it after downloading. Here's a refresher course.

In this article, we will explain the Java "Sandbox" model and tell you when it is necessary to cross the restrictions imposed by the model. We will then provide a step-by-step procedure to create an applet, package the applet into a .cab file, create digital certificates (for testing), sign the .cab with digital certificates so that the applet can use features beyond the sandbox model, such as writing to a file on the client machine.

We'll first offer information on signing applets with digital certificates for Internet Explorer and then enumerate the steps for Netscape Communicator.

The Sandbox Model

On the Internet, there are big risks associated with virus attacks against which the virus scanner is helpless. Instead of trying to spot hostile code, Java's security mechanisms prevent attacks by stopping hostile actions. Java's Sandbox model defines actions an applet can safely perform and which it cannot. All commercial browsers conform to this basic policy. Applets are not allowed to:

  • Read from a file system on the client machine
  • Write to a file or delete it
  • Delete a file on the file system
  • Connect to a network port on any machine other than the HTTP server it came from
  • Execute another program, load a library or DLL, and so on.

Digitally Signing an Applet for Microsoft Internet Explorer

But the Sandbox model imposes a physical restriction on where certain components can reside while deploying a three-tier application. Since an applet is allowed to talk to the middle-tier components just residing on its own Web server, it can put a lot of load on the Web server. Moreover, at times it might be required for the applet to log error messages on the client machine by writing to a file. In these cases, the applet cannot reasonably operate within the periphery of the Sandbox model. Java provides a mechanism by which applet code can be signed using digital certificates, which gives the applet additional privileges. Signed .jar/.cab files allow us to trust the applet, because they allow us to verify the applet has come from a trustworthy source and assure us that it has not been tampered during the download process.

In this section, we will demonstrate the signing of an applet employing Microsoft Authenticode technology. This signed applet would be embedded in a Web page and run in Internet Explorer to create a disk file. Creating disk files is not permitted by the Sandbox model; but after signing and authenticating the applet code, the applet can go beyond the limitations imposed by the Sandbox model and create a file on the disk. The article below covers the following topics:

  • Create a Java applet that creates a file on the client machine
  • Create a test digital certificate using Microsoft Authenticode technology
  • Package the Applet in a .cab file and sign the .cab file with test digital certificate using Microsoft Authenticode and MS SDK Java tools
  • Load the applet through HTML page from signed .cab file in Internet Explorer to demonstrate the creation of file on the client machine.

Creating a Java Applet

Let us create a sample applet that adds a button 'Create File' in the init method and associates an event handler method actionPerformed for the applet.

import java.awt.*;
import java.awt.event.*;
import java.applet.*;

public class SampleSignedApplet extends Applet implements ActionListener
	String msg_;
	Button btnCreateFile_;
	public void init()
		btnCreateFile_ = new Button("Create File");		

	public void actionPerformed(ActionEvent ae)
		String str = ae.getActionCommand();
		if(str.equals("Create File"))
     public void createFile()
			//Create a SampleDigitalCertificate file 
FileOutputStream fileStream = 
   new FileOutputStream(
BufferedWriter out = 
        new BufferedWriter(new 

String fileMsg = "Hello World from a signed  
			out.write(fileMsg, 0, fileMsg.length());
		msg_ = "Disk file has been created
		catch(Exception ex)
			msg_ = "Exception!! Disk file couldn't be
    public void paint(Graphics g)
        g.drawString(msg_, 50, 100);

When a user clicks on the 'Create File' button, the method actionPerformed calls createFile method. The createFile method creates a text file 'SampleDigitalCertificate.txt' on the c: drive of the user's machine and prints a message in this file. The applet then displays the message for successful creation of the file. If any failure occurs, then a failure message is also displayed.

Use the javac command to compile the applet. This produces a SampleSignedApplet.class file.

Packaging in a .cab File

The class file SampleSignedApplet.class is packaged into the cab file Run the dubuild utility in the same directory that contains SampleSignedApplet.class to produce the file. The dubuild utility comes with MS SDK for Java. The dubuild command is used as following:

dubuild . /I *.class /D "Sample Signed Certificate"

Use the makecab.bat file provided with the source code to generate the .cab file.

Creating a Sample Digital Certificate

The sample digital certificate is produced employing Microsoft Authenticode technology utilities makecert and cert2spc.

The makecert command produces SampleCertificate.cer certificate request file with a SampleCertificate.pvk private key file. We have given the signer's information in X.500 standard while creating this certificate request. The parameters to the makecert command are the following:

  • CommonName (CN) -- common name of a person, e.g., "ABCSystems"
  • organizationUnit (OU) -- department or unit, e.g., "Web Services Unit"
  • organizationName (O) -- large organization name, e.g., "ABCSystems Inc."
  • localityName (L) -- locality (city) name, e.g., "Palo Alto"
  • stateName (S) -- state or province name, e.g., "California"
  • country ( C ) -- two-letter country code, e.g., "CH"

makecert -sv SampleCertificate.pvk -n "CN=ABCSystems, OU= Web Services Unit,
O= ABCSystems Inc., L= Palo Alto, S= California, C=CH" SampleCertificate.cer

We need to enter the private key password in the dialog box invoked by makecert command. This password is required while signing the code.

We then create a Software Publisher Certificate (SPC) with the Authenticode cert2spc utility from SampleCertificate.cer. The SampleCertificate.spc is a X.509 sample certificate signed by the test root authority.

cert2spc SampleCertificate.cer SampleCertificate.spc

The file createcert.bat creates the sample digital certificate.

Signing the .cab File

Now, we sign the using SampleCertificate.spc. The Authenticode utility signcode is employed to perform this task.

signcode -j javasign.dll -jp LOW -spc SampleCertificate.spc -v SampleCertificate.pvk -
n "Sample Certificate"

We have used the SampleCertificate.pvk private key. We need to enter the same private key password in the dialog box invoked by signcode utility.

Running the Signed Applet

Finally, we run SampleSignedApplet applet in Microsoft Internet Explorer from a Web page SampleSignedApplet.htm using the following HTML code:

<applet code="SampleSignedApplet.class" align="baseline" width="250"
height="150" name="Sample Signed Applet"> <param name="cabbase" value=""> </applet>

The machine on which SampleSignedApplet.htm is run should have enabled the Trust the Test Root option by running the SetReg command first: SetReg 1 TRUE

The SampleSignedApplet source code is downloaded form the Internet Explorer displays the following dialog box when running the SampleSignedApplet.htm:

This dialog box informs the user that he is about to run 'Sample Certificate' program signed by a test certificate and distributed by Sample Certificate. Click yes in the security dialog that comes up. Security dialog comes up only if the intranet/internet security level is set to medium-low or higher in the client browser. Clicking yes in this dialog box runs the SampleSignedApplet producing following output:

Clicking on 'Create File' produces a text file SampleSignedApplet.txt on the c: drive.



All files for article

About the Authors

Nitin Nanda is the associate project manager in the R&D Centre of Quark, Inc., based in Chandigarh, India. He is the manager responsible for the front office suite of components for a CRM product. He has co-authored: Professional Java Data and Beginning Java Databases, both from Wrox Press.

Sunil Kumar is the associate team lead in the R&D Centre of Quark, Inc. He is responsible for design and development of a call center component for a CRM product being engineered in Java/ASP/DCOM-MTS/SQL Server. He worked with RAMCO Systems, developing generic ERP software prior to joining Quark.

Mobile Site | Full Site
Copyright 2017 © QuinStreet Inc. All Rights Reserved