| 1 | How to permanently accept DOHRobot.jar: |
|---|
| 2 | Starting with Java 7u40, you can no longer accept a JAR file signed by an untrusted source. |
|---|
| 3 | This will cause the robot to ask for permission to run on every test. |
|---|
| 4 | To resolve this issue, in your Java Control Panel: |
|---|
| 5 | 1. Go to Security->Manage Certificates |
|---|
| 6 | 2. In the Certificate Type drop down at the top of the dialog, select Signer CA. |
|---|
| 7 | 3. Click Import and find root-ca.crt under util/doh/robot (you may need to change the filter to display All Files). You should now have The Dojo Foundation as a CA. |
|---|
| 8 | 4. Run a doh test. |
|---|
| 9 | 5. When the security dialog pops up, check Allow to run as usual. At the bottom of the dialog you will notice some new small blue text labeled something like "Show options." Expand that and check the box to permanently accept the applet. |
|---|
| 10 | |
|---|
| 11 | Notes on self-signing the JAR file (easy, but always asks for permission to run): |
|---|
| 12 | |
|---|
| 13 | PC |
|---|
| 14 | -- |
|---|
| 15 | 1. Download JDK 1.4. |
|---|
| 16 | 2. create key file called "key" (using keytool and jarsigner?) |
|---|
| 17 | 3. compilerobot.bat |
|---|
| 18 | |
|---|
| 19 | MAC |
|---|
| 20 | --- |
|---|
| 21 | I used the version of java preinstalled and the mac and it seemed to work. |
|---|
| 22 | |
|---|
| 23 | 1. create key file: |
|---|
| 24 | |
|---|
| 25 | $ keytool -genkey -alias dojo |
|---|
| 26 | |
|---|
| 27 | 2. Run compilerobot.sh (creates DOHRobot.jar): |
|---|
| 28 | |
|---|
| 29 | $ sh compilerobot.sh |
|---|
| 30 | |
|---|
| 31 | |
|---|
| 32 | Notes on properly signing the JAR: |
|---|
| 33 | The best way is to ask around for the magically signed dohrobot keystore. |
|---|
| 34 | |
|---|
| 35 | If you need to regenerate the signature because it expired or whatever, it is actually a big pain... you will need to set up openssl to have the same "Dojo Toolkit"ish names as the keytool command below |
|---|
| 36 | The following REM stuff is the first time init to get the root-ca.key (better to just ask around for it): |
|---|
| 37 | REM cd openssl |
|---|
| 38 | REM cat "unique_subject = no" > index.txt.attr |
|---|
| 39 | REM cat "01" > serial.txt |
|---|
| 40 | REM openssl genrsa -des3 -out root-ca.key 1024 |
|---|
| 41 | REM openssl req -new -x509 -days 3650 -key root-ca.key -out root-ca.crt -config openssl.cnf |
|---|
| 42 | REM cd ../ |
|---|
| 43 | REM keytool -genkey -dname "CN=, OU=Dojo Toolkit, O=The Dojo Foundation, ST=California, C=US" -validity 365 -alias dojo -keystore dohrobot < key |
|---|
| 44 | del openssl\dohrobot_csr.pem |
|---|
| 45 | keytool -certreq -alias dojo -file openssl\dohrobot_csr.pem -keystore dohrobot |
|---|
| 46 | cd openssl |
|---|
| 47 | openssl ca -verbose -config openssl.cnf -days 365 -in dohrobot_csr.pem -out dohrobot.pem -keyfile root-ca.key -cert root-ca.crt |
|---|
| 48 | openssl x509 -in dohrobot.pem -out dohrobot.pem -outform PEM |
|---|
| 49 | del dohrobot.chain |
|---|
| 50 | copy dohrobot.pem + root-ca.crt dohrobot.chain |
|---|
| 51 | REM FIXME: remove bad character from end of dohrobot.chain at this point, otherwise you will get an error about the cert being too big |
|---|
| 52 | cd ../ |
|---|
| 53 | keytool -import -alias dojo -file openssl/dohrobot.chain -keystore dohrobot < key |
|---|
