briped/deployment.config

## deployment.config
deployment.system.config=file\:C\:/Windows/Sun/Java/Deployment/deployment.properties
deployment.system.config.mandatory=true

## deployment.properties
deployment.version=7.0
deployment.expiration.decision=NEVER
deployment.expiration.decision.suppression=TRUE
deployment.security.level=HIGH
deployment.security.level.locked
deployment.security.mixcode=ENABLE
deployment.insecure.jres=NEVER
deployment.insecure.jres.locked
deployment.webjava.enabled=TRUE
deployment.proxy.type=3
deployment.proxy.type.locked
deployment.javaws.autodownload=NEVER
deployment.javaws.autodownload.locked
deployment.console.startup.mode=HIDE
deployment.javaws.shortcut=NEVER
deployment.system.tray.icon=FALSE
deployment.expiration.check.enabled=FALSE

## jarAndSign.cmd
@echo off
if not exist C:\javaTemp goto :missingWorkFolder
C:
cd \javaTemp
cls
if not exist C:\javaTemp\ruleset.xml goto :missingRuleSet

REM Package the ruleset.xml to DeploymentRuleSet.jar
"C:\Program Files\Java\jdk1.7.0_51\bin\jar.exe" -cvf DeploymentRuleSet.jar ruleset.xml
REM Sign the DeploymentRuleSet.jar with the self-signed certificate
"C:\Program Files\Java\jdk1.7.0_51\bin\jarsigner.exe" -verbose -keystore myKeyStore.pfx -storetype pkcs12 -storepass Pa$$w0rd -signedjar DeploymentRuleSet.jar DeploymentRuleSet.jar myCodeSigner
goto :end

:missingWorkFolder
echo C:\javaTemp is missing. Don't know how to continue.
goto :end

:missingRuleSet
echo C:\javaTemp\ruleset.xml is missing. Don't know how to continue.
goto :end

:end

## javaKeyGen.cmd
@echo off
if not exist C:\javaTemp mkdir C:\javaTemp
C:
cd \javaTemp
cls
REM First, generate a self-signed keypair
"C:\Program Files\Java\jdk1.7.0_51\bin\keytool.exe" -genkeypair -alias myCodeSigner -keystore myKeyStore.pfx -storetype pkcs12 -storepass Pa$$w0rd -keyalg RSA -keysize 2048 -keypass Pa$$w0rd -validity 365 -dname "CN=myCodeSigner, OU=IT, O=myOrganisation, L=myCity, ST=myState, C=DK"
REM Export the public certificate
"C:\Program Files\Java\jdk1.7.0_51\bin\keytool.exe" -exportcert -alias myCodeSigner -keystore myKeyStore.pfx -storetype pkcs12 -storepass Pa$$w0rd -file myCodeSigner.cer
REM Import the public certificate to the Java keystore
"C:\Program Files\Java\jdk1.7.0_51\bin\keytool.exe" -importcert -keystore "C:\Program Files\Java\jre7\lib\security\cacerts" -storepass changeit -alias myCodeSigner -noprompt -file myCodeSigner.cer

## ruleset.xml
<!-- Example Deployment Rule Set that allow a desktop administrator to control end-user's execution of browser applets.
	See http://docs.oracle.com/javase/7/docs/technotes/guides/jweb/security/deployment_rules.html -->
<ruleset version="1.0+">
	<rule>
		<id location="http://payroll.example.org" />
		<action permission="run" />
	</rule>
	<rule>
		<id location="http://knownvendor.example.com/program" />
		<action permission="run" version="SECURE-1.6" /><!-- For example if an application is known not to work on Java 1.7 -->
	</rule>
	<rule>
		<id location="http://localhost" />
		<action permission="run" />
	</rule>
	<rule>
		<id>
			<certificate algorithm="SHA-256"
				hash="794F53C746E2AA77D84B843BE942CAB4309F258FD946D62A6C4CCEAB8E1DB2C6" /><!-- Oracle's public certificate hash. Having this will allow things like the Java.com secure version check applet. -->
		</id>
		<action permission="run" />
	</rule>
	<rule>
		<id location="http://*.example.com">
			<certificate algorithm="SHA-256"
				hash="..." />
		</id>
		<action permission="default" version="SECURE" />
	</rule>
	<rule>
		<id /><!-- Because this is both blank and shown last, it will be the default policy. -->
		<action permission="block">
			<message>Blocked by corporate. Contact myemail@mycompany.com if you need to run this app.</message>
			<message locale="fr">Bloqué par l'entreprise. Contacter myemail@mycompany.com si vous avez besoin d'exécuter cette application.</message>
		</action>
	</rule>
</ruleset>
	deployment.system.config=file\:C\:/Windows/Sun/Java/Deployment/deployment.properties
	deployment.system.config.mandatory=true
	deployment.version=7.0
	deployment.expiration.decision=NEVER
	deployment.expiration.decision.suppression=TRUE
	deployment.security.level=HIGH
	deployment.security.level.locked
	deployment.security.mixcode=ENABLE
	deployment.insecure.jres=NEVER
	deployment.insecure.jres.locked
	deployment.webjava.enabled=TRUE
	deployment.proxy.type=3
	deployment.proxy.type.locked
	deployment.javaws.autodownload=NEVER
	deployment.javaws.autodownload.locked
	deployment.console.startup.mode=HIDE
	deployment.javaws.shortcut=NEVER
	deployment.system.tray.icon=FALSE
	deployment.expiration.check.enabled=FALSE
	@echo off
	if not exist C:\javaTemp goto :missingWorkFolder
	C:
	cd \javaTemp
	cls
	if not exist C:\javaTemp\ruleset.xml goto :missingRuleSet

	REM Package the ruleset.xml to DeploymentRuleSet.jar
	"C:\Program Files\Java\jdk1.7.0_51\bin\jar.exe" -cvf DeploymentRuleSet.jar ruleset.xml
	REM Sign the DeploymentRuleSet.jar with the self-signed certificate
	"C:\Program Files\Java\jdk1.7.0_51\bin\jarsigner.exe" -verbose -keystore myKeyStore.pfx -storetype pkcs12 -storepass Pa$$w0rd -signedjar DeploymentRuleSet.jar DeploymentRuleSet.jar myCodeSigner
	goto :end

	:missingWorkFolder
	echo C:\javaTemp is missing. Don't know how to continue.
	goto :end

	:missingRuleSet
	echo C:\javaTemp\ruleset.xml is missing. Don't know how to continue.
	goto :end

	:end
	@echo off
	if not exist C:\javaTemp mkdir C:\javaTemp
	C:
	cd \javaTemp
	cls
	REM First, generate a self-signed keypair
	"C:\Program Files\Java\jdk1.7.0_51\bin\keytool.exe" -genkeypair -alias myCodeSigner -keystore myKeyStore.pfx -storetype pkcs12 -storepass Pa$$w0rd -keyalg RSA -keysize 2048 -keypass Pa$$w0rd -validity 365 -dname "CN=myCodeSigner, OU=IT, O=myOrganisation, L=myCity, ST=myState, C=DK"
	REM Export the public certificate
	"C:\Program Files\Java\jdk1.7.0_51\bin\keytool.exe" -exportcert -alias myCodeSigner -keystore myKeyStore.pfx -storetype pkcs12 -storepass Pa$$w0rd -file myCodeSigner.cer
	REM Import the public certificate to the Java keystore
	"C:\Program Files\Java\jdk1.7.0_51\bin\keytool.exe" -importcert -keystore "C:\Program Files\Java\jre7\lib\security\cacerts" -storepass changeit -alias myCodeSigner -noprompt -file myCodeSigner.cer
	<!-- Example Deployment Rule Set that allow a desktop administrator to control end-user's execution of browser applets.
	See http://docs.oracle.com/javase/7/docs/technotes/guides/jweb/security/deployment_rules.html -->
	<ruleset version="1.0+">
	<rule>
	<id location="http://payroll.example.org" />
	<action permission="run" />
	</rule>
	<rule>
	<id location="http://knownvendor.example.com/program" />
	<action permission="run" version="SECURE-1.6" /><!-- For example if an application is known not to work on Java 1.7 -->
	</rule>
	<rule>
	<id location="http://localhost" />
	<action permission="run" />
	</rule>
	<rule>
	<id>
	<certificate algorithm="SHA-256"
	hash="794F53C746E2AA77D84B843BE942CAB4309F258FD946D62A6C4CCEAB8E1DB2C6" /><!-- Oracle's public certificate hash. Having this will allow things like the Java.com secure version check applet. -->
	</id>
	<action permission="run" />
	</rule>
	<rule>
	<id location="http://*.example.com">
	<certificate algorithm="SHA-256"
	hash="..." />
	</id>
	<action permission="default" version="SECURE" />
	</rule>
	<rule>
	<id /><!-- Because this is both blank and shown last, it will be the default policy. -->
	<action permission="block">
	<message>Blocked by corporate. Contact myemail@mycompany.com if you need to run this app.</message>
	<message locale="fr">Bloqué par l'entreprise. Contacter myemail@mycompany.com si vous avez besoin d'exécuter cette application.</message>
	</action>
	</rule>
	</ruleset>