-
Bug
-
Resolution: Not an Issue
-
P1
-
None
-
1.2.0
-
generic
-
solaris_2.6
1. Set JAVA_HOME to JDK 1.2 Beta 3-L
2. Untar the tar file in attachment 2 of this email
3. Change to the TestDigSig directory.
4. Create a keystore and public/private key pair entry with alias your_first_name using the keytool -genkey command.
5. Export your self-signed certificate to a file called your_first_name.certificate using the keytool -export command.
6. Compile the Java source file writeFile.java.
7. Create a JAR file called your_first_name.jar that contains writeFile.class (use jar cvf your_first_name.jar).
8. Remove the writeFile.class file from your directory. (BE SURE TO DO THIS)
9. Sign the JAR file your_first_name.jar using the jarsigner utility.
10. Edit the HTML template DigitalSig.html provided in the TestDigSig directory so that the JAR file name in this file is the name of the JAR file you signed.
11. Now Pretend you are someone else. Remove your ~/.keystore file.
12. Import the certificate into your keystore database (that was created with the -export option) using keytool with the -import option.
13. Modify your .java.policy file to grant permissions to applets signed by alias, where alias is the alias you used when you imported the certificate into your keystore.
grant signedBy "alias" {
permission java.util.PropertyPermission "os.name", "read";
permission java.util.PropertyPermission "user.name", "read";
permission java.io.FilePermission "/tmp/-", "write";
};
14. Load the HTML file DigitalSig.html using the appletviewer application:
appletviewer DigitalSig.html
------------ Code ---------------
/**
* By default, this applet raises a security exception.
*
* With JDK 1.2 appletviewer,
* if you configure your system to allow applets signed by "Duke"
* to run on your system, then this applet can run and write a file
* to your /tmp directory. (or to the file named "tmpfoo" on a
* Windows system)
*
* @version JDK 1.2
* @author Marianne Mueller, with minor modifications by SES course developers
*/
import java.awt.*;
import java.io.*;
import java.lang.*;
import java.applet.*;
import java.util.Properties;
public class writeFile extends Applet {
String myFile = "/tmp/foo";
File f = new File(myFile);
DataOutputStream dos;
public void init() {
String osname = System.getProperty("os.name");
if (osname.indexOf("Windows") != -1) {
myFile="tmpfoo";
}
}
public void paint(Graphics g) {
try {
dos = new DataOutputStream(new BufferedOutputStream(new FileOutputStream(myFile),128));
dos.writeChars("Cats can hypnotize you when you least expect it\n");
dos.flush();
g.drawString("Successfully wrote to the file named " + myFile + " -- go take a look at it!", 10, 10);
String name = System.getProperty("user.name");
g.drawString("And, successfully got user.name ..." + name, 10, 30);
}
catch (SecurityException e) {
g.drawString("writeFile: caught security exception", 10, 10);
e.printStackTrace();
}
catch (IOException ioe) {
g.drawString("writeFile: caught i/o exception", 10, 10);
}
}
}
------------ End Of Code ---------------
------------ HTML Code ---------------
<html>
<head>
<title>Running Applet From Signed JAR File</title>
</head>
<body bgcolor=white>
<!-- Replace the "merwyn.jar" with the name of your signed jar file -->
<applet
archive="merwyn.jar"
code ="writeFile.class"
width=400 height=220>
</applet>
</body>
</head>
</html>
------------ End Of HTML Code ---------------
Sorry, I wasn't clearer but I thought that you might run the sample. I am saying that access is denied when it should be accepted.
Also, added the following line to the .java.policy file:
keystore ".keystore";
When I added it to the start of the file, like this:
grant signedBy "merwyn" {
keystore ".keystore";
permission java.util.PropertyPermission "os.name", "read";
permission java.util.PropertyPermission "user.name", "read";
permission java.io.FilePermission "/tmp/-", "write";
};
I got the following error message:
SIGSEGV 11* segmentation violation
si_signo [11]: SIGSEGV 11* segmentation violation
si_errno [0]: Error 0
si_code [1]: SEGV_MAPERR [addr: 0xef53005c]
stackbase=EDB82000, stackpointer=EDB80ABC
Full thread dump:
"Thread-5" (TID:0xee2e7290, sys_thread_t:0x130570, state:R) prio=5 *current thread*
at java.lang.ClassLoader$NativeLibrary.load(Native Method)
at java.lang.ClassLoader.loadLibrary(ClassLoader.java:957)
at java.lang.Runtime.loadFileInternal(Runtime.java:321)
at java.lang.Runtime.loadLibrary0(Runtime.java:424)
at java.lang.System.loadLibrary(System.java:638)
at java.util.zip.Inflater.<clinit>(Inflater.java:47)
at java.util.zip.ZipFile.getInputStream(ZipFile.java:97)
at java.util.jar.JarFile.getBytes(JarFile.java:210)
at java.util.jar.JarFile.<init>(JarFile.java:102)
at java.util.jar.JarFile.<init>(JarFile.java:74)
at sun.net.www.protocol.jar.JarFileFactory.get(JarFileFactory.java:85)
at sun.net.www.protocol.jar.JarURLConnection.connect(JarURLConnection.java:91)
at sun.net.www.protocol.jar.JarURLConnection.getJarFile(JarURLConnection.java:75)
at sun.misc.URLClassPath$JarLoader.<init>(URLClassPath.java:363)
at sun.misc.URLClassPath.getLoader(URLClassPath.java:246)
at sun.misc.URLClassPath.getLoader(URLClassPath.java:216)
at sun.misc.URLClassPath.getResource(URLClassPath.java:92)
at sun.misc.URLClassPath.getResource(URLClassPath.java:102)
at sun.applet.AppletClassLoader.findLocalClass(AppletClassLoader.java:92)
at java.lang.ClassLoader.loadClass(ClassLoader.java:246)
"Screen Updater" (TID:0xee2e6d28, sys_thread_t:0x279d78, state:R) prio=4
at java.lang.Object.wait(Native Method)
at java.lang.Object.wait(Object.java:315)
at sun.awt.ScreenUpdater.nextEntry(ScreenUpdater.java:81)
at sun.awt.ScreenUpdater.run(ScreenUpdater.java:101)
"AWT-InputMethodManager" (TID:0xee2fe028, sys_thread_t:0x24a8e8, state:CW) prio=5
at java.lang.Object.wait(Native Method)
at java.lang.Object.wait(Object.java:315)
at sun.awt.im.ExecutableInputMethodManager.run(InputMethodManager.java:290)
at java.lang.Thread.run(Thread.java:490)
"thread applet-writeFile.class" (TID:0xee2fe8d8, sys_thread_t:0x2302a0, state:CW) prio=4
at java.lang.Object.wait(Native Method)
at java.lang.Thread.join(Thread.java:867)
at java.lang.Thread.join(Thread.java:920)
at sun.applet.AppletPanel.run(AppletPanel.java:268)
at java.lang.Thread.run(Thread.java:490)
"AWT-Motif" (TID:0xee330ea0, sys_thread_t:0x215310, state:CW) prio=5
at java.lang.Object.wait(Native Method)
at sun.awt.motif.MToolkit.run(Native Method)
at java.lang.Thread.run(Thread.java:490)
"AWT-Input" (TID:0xee330e40, sys_thread_t:0x20e3a8, state:CW) prio=5
at sun.awt.motif.InputThread.run(Native Method)
"AWT-EventQueue-0" (TID:0xee331108, sys_thread_t:0x1caae8, state:MW) prio=5
at java.lang.ClassLoader.findNative(ClassLoader.java:985)
at sun.awt.motif.X11Graphics.<clinit>(X11Graphics.java:100)
at sun.awt.motif.MComponentPeer.getGraphics(MComponentPeer.java:206)
at java.awt.Component.getGraphics(Component.java:1395)
at java.awt.Component.dispatchEventImpl(Component.java:1990)
at java.awt.Container.dispatchEventImpl(Container.java:912)
at java.awt.Window.dispatchEventImpl(Window.java:527)
at java.awt.Component.dispatchEvent(Component.java:1951)
at java.awt.EventQueue.dispatchEvent(EventQueue.java:167)
at java.awt.EventDispatchThread.run(EventDispatchThread.java:45)
"SoftReference sweeper" (TID:0xee3046c8, sys_thread_t:0x7f240, state:CW) prio=9
at java.lang.Object.wait(Native Method)
at java.lang.Object.wait(Object.java:315)
at java.lang.Runtime.waitForMemoryAdvice(Runtime.java:569)
at java.lang.ref.SoftReference$Sweeper.run(SoftReference.java:524)
at java.lang.Thread.run(Thread.java:490)
"Finalizer" (TID:0xee300318, sys_thread_t:0x60e60, state:CW) prio=8
at java.lang.Object.wait(Native Method)
at java.lang.ref.ReferenceQueue.remove(ReferenceQueue.java:107)
at java.lang.ref.ReferenceQueue.remove(ReferenceQueue.java:122)
at java.lang.ref.Finalizer$FinalizerThread.run(Finalizer.java:127)
"Reference handler" (TID:0xee3003c8, sys_thread_t:0x5e420, state:CW) prio=10
at java.lang.Object.wait(Native Method)
at java.lang.Object.wait(Object.java:315)
at java.lang.ref.Reference$ReferenceHandler.run(Reference.java:186)
"Async Garbage Collector" (TID:0xee3001b0, sys_thread_t:0x5a5f0, state:R) prio=1
"Idle thread" (TID:0xee3001f8, sys_thread_t:0x5a4c8, state:R) prio=0
"Clock" (TID:0xee3002d0, sys_thread_t:0x53198, state:CW) prio=12
"main" (TID:0xee300038, stillborn) : <thread not active>
Monitor Cache Dump:
www.protocol.jar.JarFileFactory@EE3075D8'>sun.net.www.protocol.jar.JarFileFactory@EE3075D8/EE37B9A8: owner "Thread-5" (0x130570, 1 entry)
sun.applet.AppletClassLoader@EE2FEA60/EE4C1A58: owner "Thread-5" (0x130570, 1 entry)
java.lang.Runtime@EE300568/EE353438: owner "Thread-5" (0x130570, 1 entry)
java.util.Vector@EE300F58/EE356340: owner "Thread-5" (0x130570, 1 entry)
sun.awt.ScreenUpdater@EE2E6D28/EE4D68B8: owner "Screen Updater" (0x279d78, 1 entry)
java.util.Vector@EE300F20/EE356388: owner "Thread-5" (0x130570, 1 entry)
Waiting to enter:
"AWT-EventQueue-0" (0x1caae8)
java.util.jar.JarFile@EE2E7768/EE4D8728: owner "Thread-5" (0x130570, 1 entry)
<unknown key> (0x5a5f0): owner "Async Garbage Collector" (0x5a5f0, 1 entry)
Registered Monitor Dump:
utf8 hash table: <unowned>
JNI pinning lock: <unowned>
JNI global reference lock: <unowned>
BinClass lock: <unowned>
Class linking lock: <unowned>
System class loader lock: <unowned>
Code rewrite lock: <unowned>
Heap lock: <unowned>
Monitor IO lock: <unowned>
Child death monitor: <unowned>
Event monitor: <unowned>
I/O monitor: <unowned>
Waiting to be notified:
"AWT-Input" (0x20e3a8)
Alarm monitor: <unowned>
Waiting to be notified:
"Clock" (0x53198)
Sbrk lock: <unowned>
Thread queue lock: <unowned>
Waiting to be notified:
"main" (0x0)
Monitor registry: owner "Thread-5" (0x130570, 1 entry)
Thread Alarm Q:
sys_thread_t 0x20e3a8 [Timeout in 216 ms]
Abort
When I added it to the end of the file, like this:
grant signedBy "merwyn" {
permission java.util.PropertyPermission "os.name", "read";
permission java.util.PropertyPermission "user.name", "read";
permission java.io.FilePermission "/tmp/-", "write";
keystore ".keystore";
};
I got the following error message:
java.security.AccessControlException: access denied (java.io.FilePermission /tmp/foo write)
at java.security.AccessControlContext.checkPermission(AccessControlContext.java:155)
at java.security.AccessController.checkPermission(AccessController.java:279)
at java.lang.SecurityManager.checkPermission(SecurityManager.java:453)
at java.lang.SecurityManager.checkWrite(SecurityManager.java:774)
at java.io.FileOutputStream.<init>(FileOutputStream.java:65)
at writeFile.paint(writeFile.java:35)
at java.awt.Component.dispatchEventImpl(Component.java:1997)
at java.awt.Container.dispatchEventImpl(Container.java:912)
at java.awt.Component.dispatchEvent(Component.java:1951)
at java.awt.EventQueue.dispatchEvent(EventQueue.java:167)
at java.awt.EventDispatchThread.run(EventDispatchThread.java:45)
I added the keystore as you recomended outside the grant block and the applet worked as expected.
2. Untar the tar file in attachment 2 of this email
3. Change to the TestDigSig directory.
4. Create a keystore and public/private key pair entry with alias your_first_name using the keytool -genkey command.
5. Export your self-signed certificate to a file called your_first_name.certificate using the keytool -export command.
6. Compile the Java source file writeFile.java.
7. Create a JAR file called your_first_name.jar that contains writeFile.class (use jar cvf your_first_name.jar).
8. Remove the writeFile.class file from your directory. (BE SURE TO DO THIS)
9. Sign the JAR file your_first_name.jar using the jarsigner utility.
10. Edit the HTML template DigitalSig.html provided in the TestDigSig directory so that the JAR file name in this file is the name of the JAR file you signed.
11. Now Pretend you are someone else. Remove your ~/.keystore file.
12. Import the certificate into your keystore database (that was created with the -export option) using keytool with the -import option.
13. Modify your .java.policy file to grant permissions to applets signed by alias, where alias is the alias you used when you imported the certificate into your keystore.
grant signedBy "alias" {
permission java.util.PropertyPermission "os.name", "read";
permission java.util.PropertyPermission "user.name", "read";
permission java.io.FilePermission "/tmp/-", "write";
};
14. Load the HTML file DigitalSig.html using the appletviewer application:
appletviewer DigitalSig.html
------------ Code ---------------
/**
* By default, this applet raises a security exception.
*
* With JDK 1.2 appletviewer,
* if you configure your system to allow applets signed by "Duke"
* to run on your system, then this applet can run and write a file
* to your /tmp directory. (or to the file named "tmpfoo" on a
* Windows system)
*
* @version JDK 1.2
* @author Marianne Mueller, with minor modifications by SES course developers
*/
import java.awt.*;
import java.io.*;
import java.lang.*;
import java.applet.*;
import java.util.Properties;
public class writeFile extends Applet {
String myFile = "/tmp/foo";
File f = new File(myFile);
DataOutputStream dos;
public void init() {
String osname = System.getProperty("os.name");
if (osname.indexOf("Windows") != -1) {
myFile="tmpfoo";
}
}
public void paint(Graphics g) {
try {
dos = new DataOutputStream(new BufferedOutputStream(new FileOutputStream(myFile),128));
dos.writeChars("Cats can hypnotize you when you least expect it\n");
dos.flush();
g.drawString("Successfully wrote to the file named " + myFile + " -- go take a look at it!", 10, 10);
String name = System.getProperty("user.name");
g.drawString("And, successfully got user.name ..." + name, 10, 30);
}
catch (SecurityException e) {
g.drawString("writeFile: caught security exception", 10, 10);
e.printStackTrace();
}
catch (IOException ioe) {
g.drawString("writeFile: caught i/o exception", 10, 10);
}
}
}
------------ End Of Code ---------------
------------ HTML Code ---------------
<html>
<head>
<title>Running Applet From Signed JAR File</title>
</head>
<body bgcolor=white>
<!-- Replace the "merwyn.jar" with the name of your signed jar file -->
<applet
archive="merwyn.jar"
code ="writeFile.class"
width=400 height=220>
</applet>
</body>
</head>
</html>
------------ End Of HTML Code ---------------
Sorry, I wasn't clearer but I thought that you might run the sample. I am saying that access is denied when it should be accepted.
Also, added the following line to the .java.policy file:
keystore ".keystore";
When I added it to the start of the file, like this:
grant signedBy "merwyn" {
keystore ".keystore";
permission java.util.PropertyPermission "os.name", "read";
permission java.util.PropertyPermission "user.name", "read";
permission java.io.FilePermission "/tmp/-", "write";
};
I got the following error message:
SIGSEGV 11* segmentation violation
si_signo [11]: SIGSEGV 11* segmentation violation
si_errno [0]: Error 0
si_code [1]: SEGV_MAPERR [addr: 0xef53005c]
stackbase=EDB82000, stackpointer=EDB80ABC
Full thread dump:
"Thread-5" (TID:0xee2e7290, sys_thread_t:0x130570, state:R) prio=5 *current thread*
at java.lang.ClassLoader$NativeLibrary.load(Native Method)
at java.lang.ClassLoader.loadLibrary(ClassLoader.java:957)
at java.lang.Runtime.loadFileInternal(Runtime.java:321)
at java.lang.Runtime.loadLibrary0(Runtime.java:424)
at java.lang.System.loadLibrary(System.java:638)
at java.util.zip.Inflater.<clinit>(Inflater.java:47)
at java.util.zip.ZipFile.getInputStream(ZipFile.java:97)
at java.util.jar.JarFile.getBytes(JarFile.java:210)
at java.util.jar.JarFile.<init>(JarFile.java:102)
at java.util.jar.JarFile.<init>(JarFile.java:74)
at sun.net.www.protocol.jar.JarFileFactory.get(JarFileFactory.java:85)
at sun.net.www.protocol.jar.JarURLConnection.connect(JarURLConnection.java:91)
at sun.net.www.protocol.jar.JarURLConnection.getJarFile(JarURLConnection.java:75)
at sun.misc.URLClassPath$JarLoader.<init>(URLClassPath.java:363)
at sun.misc.URLClassPath.getLoader(URLClassPath.java:246)
at sun.misc.URLClassPath.getLoader(URLClassPath.java:216)
at sun.misc.URLClassPath.getResource(URLClassPath.java:92)
at sun.misc.URLClassPath.getResource(URLClassPath.java:102)
at sun.applet.AppletClassLoader.findLocalClass(AppletClassLoader.java:92)
at java.lang.ClassLoader.loadClass(ClassLoader.java:246)
"Screen Updater" (TID:0xee2e6d28, sys_thread_t:0x279d78, state:R) prio=4
at java.lang.Object.wait(Native Method)
at java.lang.Object.wait(Object.java:315)
at sun.awt.ScreenUpdater.nextEntry(ScreenUpdater.java:81)
at sun.awt.ScreenUpdater.run(ScreenUpdater.java:101)
"AWT-InputMethodManager" (TID:0xee2fe028, sys_thread_t:0x24a8e8, state:CW) prio=5
at java.lang.Object.wait(Native Method)
at java.lang.Object.wait(Object.java:315)
at sun.awt.im.ExecutableInputMethodManager.run(InputMethodManager.java:290)
at java.lang.Thread.run(Thread.java:490)
"thread applet-writeFile.class" (TID:0xee2fe8d8, sys_thread_t:0x2302a0, state:CW) prio=4
at java.lang.Object.wait(Native Method)
at java.lang.Thread.join(Thread.java:867)
at java.lang.Thread.join(Thread.java:920)
at sun.applet.AppletPanel.run(AppletPanel.java:268)
at java.lang.Thread.run(Thread.java:490)
"AWT-Motif" (TID:0xee330ea0, sys_thread_t:0x215310, state:CW) prio=5
at java.lang.Object.wait(Native Method)
at sun.awt.motif.MToolkit.run(Native Method)
at java.lang.Thread.run(Thread.java:490)
"AWT-Input" (TID:0xee330e40, sys_thread_t:0x20e3a8, state:CW) prio=5
at sun.awt.motif.InputThread.run(Native Method)
"AWT-EventQueue-0" (TID:0xee331108, sys_thread_t:0x1caae8, state:MW) prio=5
at java.lang.ClassLoader.findNative(ClassLoader.java:985)
at sun.awt.motif.X11Graphics.<clinit>(X11Graphics.java:100)
at sun.awt.motif.MComponentPeer.getGraphics(MComponentPeer.java:206)
at java.awt.Component.getGraphics(Component.java:1395)
at java.awt.Component.dispatchEventImpl(Component.java:1990)
at java.awt.Container.dispatchEventImpl(Container.java:912)
at java.awt.Window.dispatchEventImpl(Window.java:527)
at java.awt.Component.dispatchEvent(Component.java:1951)
at java.awt.EventQueue.dispatchEvent(EventQueue.java:167)
at java.awt.EventDispatchThread.run(EventDispatchThread.java:45)
"SoftReference sweeper" (TID:0xee3046c8, sys_thread_t:0x7f240, state:CW) prio=9
at java.lang.Object.wait(Native Method)
at java.lang.Object.wait(Object.java:315)
at java.lang.Runtime.waitForMemoryAdvice(Runtime.java:569)
at java.lang.ref.SoftReference$Sweeper.run(SoftReference.java:524)
at java.lang.Thread.run(Thread.java:490)
"Finalizer" (TID:0xee300318, sys_thread_t:0x60e60, state:CW) prio=8
at java.lang.Object.wait(Native Method)
at java.lang.ref.ReferenceQueue.remove(ReferenceQueue.java:107)
at java.lang.ref.ReferenceQueue.remove(ReferenceQueue.java:122)
at java.lang.ref.Finalizer$FinalizerThread.run(Finalizer.java:127)
"Reference handler" (TID:0xee3003c8, sys_thread_t:0x5e420, state:CW) prio=10
at java.lang.Object.wait(Native Method)
at java.lang.Object.wait(Object.java:315)
at java.lang.ref.Reference$ReferenceHandler.run(Reference.java:186)
"Async Garbage Collector" (TID:0xee3001b0, sys_thread_t:0x5a5f0, state:R) prio=1
"Idle thread" (TID:0xee3001f8, sys_thread_t:0x5a4c8, state:R) prio=0
"Clock" (TID:0xee3002d0, sys_thread_t:0x53198, state:CW) prio=12
"main" (TID:0xee300038, stillborn) : <thread not active>
Monitor Cache Dump:
www.protocol.jar.JarFileFactory@EE3075D8'>sun.net.www.protocol.jar.JarFileFactory@EE3075D8/EE37B9A8: owner "Thread-5" (0x130570, 1 entry)
sun.applet.AppletClassLoader@EE2FEA60/EE4C1A58: owner "Thread-5" (0x130570, 1 entry)
java.lang.Runtime@EE300568/EE353438: owner "Thread-5" (0x130570, 1 entry)
java.util.Vector@EE300F58/EE356340: owner "Thread-5" (0x130570, 1 entry)
sun.awt.ScreenUpdater@EE2E6D28/EE4D68B8: owner "Screen Updater" (0x279d78, 1 entry)
java.util.Vector@EE300F20/EE356388: owner "Thread-5" (0x130570, 1 entry)
Waiting to enter:
"AWT-EventQueue-0" (0x1caae8)
java.util.jar.JarFile@EE2E7768/EE4D8728: owner "Thread-5" (0x130570, 1 entry)
<unknown key> (0x5a5f0): owner "Async Garbage Collector" (0x5a5f0, 1 entry)
Registered Monitor Dump:
utf8 hash table: <unowned>
JNI pinning lock: <unowned>
JNI global reference lock: <unowned>
BinClass lock: <unowned>
Class linking lock: <unowned>
System class loader lock: <unowned>
Code rewrite lock: <unowned>
Heap lock: <unowned>
Monitor IO lock: <unowned>
Child death monitor: <unowned>
Event monitor: <unowned>
I/O monitor: <unowned>
Waiting to be notified:
"AWT-Input" (0x20e3a8)
Alarm monitor: <unowned>
Waiting to be notified:
"Clock" (0x53198)
Sbrk lock: <unowned>
Thread queue lock: <unowned>
Waiting to be notified:
"main" (0x0)
Monitor registry: owner "Thread-5" (0x130570, 1 entry)
Thread Alarm Q:
sys_thread_t 0x20e3a8 [Timeout in 216 ms]
Abort
When I added it to the end of the file, like this:
grant signedBy "merwyn" {
permission java.util.PropertyPermission "os.name", "read";
permission java.util.PropertyPermission "user.name", "read";
permission java.io.FilePermission "/tmp/-", "write";
keystore ".keystore";
};
I got the following error message:
java.security.AccessControlException: access denied (java.io.FilePermission /tmp/foo write)
at java.security.AccessControlContext.checkPermission(AccessControlContext.java:155)
at java.security.AccessController.checkPermission(AccessController.java:279)
at java.lang.SecurityManager.checkPermission(SecurityManager.java:453)
at java.lang.SecurityManager.checkWrite(SecurityManager.java:774)
at java.io.FileOutputStream.<init>(FileOutputStream.java:65)
at writeFile.paint(writeFile.java:35)
at java.awt.Component.dispatchEventImpl(Component.java:1997)
at java.awt.Container.dispatchEventImpl(Container.java:912)
at java.awt.Component.dispatchEvent(Component.java:1951)
at java.awt.EventQueue.dispatchEvent(EventQueue.java:167)
at java.awt.EventDispatchThread.run(EventDispatchThread.java:45)
I added the keystore as you recomended outside the grant block and the applet worked as expected.