Signing Software With Netscape Signing Tool 1.1

Table of Contents | Previous | Next | Last

Signing Software with Netscape Signing Tool 1.1

Chapter 5
Signing Inline JavaScript Scripts

This chapter describes how to use the Netscape Signing Tool to sign inline JavaScript scripts and package the digital signature and related information in a JAR file.

Important These capabilities were available in version .60 of the Netscape Signing Tool only through the use of the Page Signer Perl script. Although versions 1.0 and 1.1 still support such Perl scripts, the capabilities of Page Signer are provided through the -J option for signtool, described in Chapter 2, "Using the Netscape Signing Tool." If you prefer to continue using the Page Signer Perl script to maintain compatibility with other scripts, you may do so, but Netscape recommends that you use the signtool options for new projects.

Sections in this chapter:

Modifying the HTML Page
Signing Scripts

For more information about JavaScript and signed scripts, see JavaScript Security Model in Communicator 4.x on Netscape DevEdge.

Modifying the HTML Page

The <SCRIPT> tag for a signed script must include two attributes:

An ARCHIVE attribute whose value is the name of the JAR file that contains the script's digital signature. If you do not include an ARCHIVE attribute, Communicator uses the ARCHIVE attribute from an earlier script on the same page.

Either an ID attribute whose value is a string that associates the script with a digital signature in the JAR file, or an SRC attribute that retrieves a script from the JAR file.

If you use the SRC attribute, the script itself must be stored in the JAR file as well as the script's digital signature. If you keep all your scripts in separate files, you don't need to use the -J option; just use the -k option to sign the whole directory. If you use both inline scripts and separate scripts identified by the SRC attribute in the same page, the -J option automatically extracts and signs the inline scripts.

In addition to inline scripts and JavaScript files, you can sign event handler scripts and JavaScript entities. You cannot sign javascript: URLs. You must identify handler scripts and JavaScript entities within the HTML file as follows:

To sign an event handler, you add an ID attribute for the event handler to the tag containing the event handler. In addition, the HTML page must also contain a signed inline script preceding the event handler. That <SCRIPT> tag must supply the ARCHIVE attribute.

To sign a JavaScript entity, you do not do anything special to the entity. Instead, the HTML page must also contain a signed inline script preceding the JavaScript entity. That <SCRIPT> tag must supply the ARCHIVE and ID attributes.

Important Every script and event handler in the same HTML file, whether the script or handler needs to perform privileged operations or not, must include an ARCHIVE attribute and a SRC or ID attribute. When Communicator parses the HTML, it checks the signature of every script and event handler and flags the page as unsigned if any of them is signed incorrectly. Signtool generates a warning if it encounters a script or event handler that is lacking a SRC or ID attribute. If you encounter this problem and don't fix it, Communicator treats everything in the page as unsigned and all privileged operations will fail.

For more details on signed JavaScript and examples, see JavaScript Security Model in Communicator 4.x on Netscape DevEdge.

To request access to specific targets, such as UniversalFileRead, you use the Java Capabilities API from within JavaScript. For more information about the Java Capabilities classes, see Java Capabilities API. For information about the system targets you can use this API to access, see Netscape System Targets. Both of these documents are on Netscape DevEdge.

Signing Scripts

This section demonstrates how to use the Netscape Signing Tool to sign a directory of HTML and JavaScript files. The HTML file contains an inline JavaScript script, as well as a reference to the JavaScript source file. The directory is named signdir. To begin with, this directory contains two files, installation.js and test.html.

This Unix example explores the contents of the signdir directory:

% cd signdir
% ls
installation.js  test.html
% cat test.html
<HTML>
<HEAD>
<SCRIPT ARCHIVE="handler.jar" ID=1>
function getsExpandedPrivileges() {
   // Request privilege
   netscape.security.PrivilegeManager.enablePrivilege
      ("UniversalBrowserRead");
      return history[0] != "";
}
</SCRIPT>
</HEAD>
<BODY onLoad="alert(getsExpandedPrivileges() ? 'Pass' : 'FAIL');" ID=2>
<SCRIPT SRC="installation.js"></SCRIPT>
</BODY>
</HTML>

% cat installation.js
function cAlert(x) {
      if(!this.silent) {
                alert(x);
      }
}
% cd ..

This command uses signtool to specify a signing certificate and to sign the contents of the signdir directory:

% signtool -k MySignCert -J --leavearc signdir 
using certificate directory: /u/jsmith/.netscape

Generating inline signatures from HTML files in: signdir 
Processing HTML file: test.html

signing: signdir/handler.jar 
Generating signdir/handler.arc/META-INF/manifest.mf file.. 
--> inlineScripts/1 
--> inlineScripts/2 
--> installation.js 
adding signdir/handler.arc/installation.js to signdir/handler.jar...(deflated 35%) 
Generating zigbert.sf file.. 
Enter Password or Pin for "Communicator Certificate DB": 
adding signdir/handler.arc/META-INF/manifest.mf to signdir/handler.jar...(deflated 44%) 
adding signdir/handler.arc/META-INF/zigbert.sf to signdir/handler.jar...(deflated 40%) 
adding signdir/handler.arc/META-INF/zigbert.rsa to signdir/handler.jar...(deflated 40%) 
jarfile "signdir/handler.jar" signed successfully 
removing: signdir/handler.arc 
Directory signdir signed successfully.

The ARCHIVE="handler.jar" tag in the inline script causes the Netscape Signing Tool to create a new directory called handler.arc within the signdir directory. The tool also creates a new file called handler.jar at the top level of the signdir directory. The handler.arc directory holds all the information that will later be stuffed into the handler.jar file.

The tool then extracts the inline JavaScript script, which has a tag of "ID=1", copies it to the file named 1 in the handler.arc/inlineScripts directory, and signs the file. The event handler, which has a tag of "ID=2", is copied to the file handler.arc/inlineScripts/2.

The second <SCRIPT> section in test.html has no ARCHIVE tag, so it inherits the archive created for the first script: handler.jar. The tool copies the script specified in this section, installation.js, to the handler.arc directory, and signs the script.

Finally, the entire handler.arc directory, including the META-INF subdirectory, is copied into the JAR file handler.jar.

The signdir directory now contains four items:

% cd signdir
% ls -F
handler.arc/      handler.jar      installation.js  test.html

The handler.jar file contains the information in the hander.arc directory in compressed form. The handler.arc directory contains three items:

% cd handler.arc
% ls -F
META-INF/         inlineScripts/    installation.js

The inlineScripts directory was created to contain JavaScript that was stripped out of test.html. This JavaScript was signed and its signature was stored in the META-INF directory, but the inlineScripts directory itself is not stored in the JAR file. When Communicator checks the signatures of the inline Javascript, it strips the inline JavaScript out of the HTML and verifies it against the signatures in the JAR file.

% cd inlineScripts 
% ls 
1  2

The files in the inlineScripts directory are named from the "ID" attribute specified in the HTML. Communicator uses the ID attribute to associate the signatures in the JAR file with the inline JavaScript in the HTML.

The file named 1 was created to hold the inline JavaScript script, which had ID="1", from the file test.html:

% cat 1

function getsExpandedPrivileges() { 
   // Request privilege 
   netscape.security.PrivilegeManager.enablePrivilege 
      ("UniversalBrowserRead"); 
      return history[0] != ""; 
}

The file named 2 was created to hold the event handler, which had ID="2", from test.html:

% cat 2

onLoad="alert(getsExpandedPrivileges() ? 'Pass' : 'FAIL');" ID=2>

% cd .. 
% ls 
META-INF/         inlineScripts/    installation.js

The file named installation.js was copied to the handler.arc directory from the signdir directory during the signing operation.

% cd .. 
% ls 
handler.arc/      handler.jar      installation.js  test.html

The META-INF directory contains the digital signature files and related information organized according to the JAR Format. You don't need to concern yourself with the contents of this directory or the details of the JAR format to use the Netscape Signing Tool.

Note that the contents of the handler.arc directory are no longer needed, because they have been copied into the handler.jar file.

The signtool option -v verifies that the signing and archiving operations were successful:

% signtool -v handler.jar 
using certificate directory: /u/jsmith/.netscape 
archive "handler.jar" has passed crypto verification.

          status   path
    ------------   ----------------
     NOT PRESENT   1
     NOT PRESENT   2
        verified   installation.js

Files 1 and 2 are specified as NOT PRESENT because the files in the inlineScripts directory are not actually packaged into the JAR file. Their signatures, however, are present in the JAR file.

Table of Contents | Previous | Next | Last

Last Updated: 06/19/98 13:23:52

Any sample code included above is provided for your use on an "AS IS" basis, under the Netscape License Agreement - Terms of Use

Chapter 5 Signing Inline JavaScript Scripts

Modifying the HTML Page

Signing Scripts

Chapter 5
Signing Inline JavaScript Scripts