Last active
August 29, 2015 13:57
-
-
Save briped/9603116 to your computer and use it in GitHub Desktop.
Java Deployment Files
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
deployment.system.config=file\:C\:/Windows/Sun/Java/Deployment/deployment.properties | |
deployment.system.config.mandatory=true |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
deployment.version=7.0 | |
deployment.expiration.decision=NEVER | |
deployment.expiration.decision.suppression=TRUE | |
deployment.security.level=HIGH | |
deployment.security.level.locked | |
deployment.security.mixcode=ENABLE | |
deployment.insecure.jres=NEVER | |
deployment.insecure.jres.locked | |
deployment.webjava.enabled=TRUE | |
deployment.proxy.type=3 | |
deployment.proxy.type.locked | |
deployment.javaws.autodownload=NEVER | |
deployment.javaws.autodownload.locked | |
deployment.console.startup.mode=HIDE | |
deployment.javaws.shortcut=NEVER | |
deployment.system.tray.icon=FALSE | |
deployment.expiration.check.enabled=FALSE |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
@echo off | |
if not exist C:\javaTemp goto :missingWorkFolder | |
C: | |
cd \javaTemp | |
cls | |
if not exist C:\javaTemp\ruleset.xml goto :missingRuleSet | |
REM Package the ruleset.xml to DeploymentRuleSet.jar | |
"C:\Program Files\Java\jdk1.7.0_51\bin\jar.exe" -cvf DeploymentRuleSet.jar ruleset.xml | |
REM Sign the DeploymentRuleSet.jar with the self-signed certificate | |
"C:\Program Files\Java\jdk1.7.0_51\bin\jarsigner.exe" -verbose -keystore myKeyStore.pfx -storetype pkcs12 -storepass Pa$$w0rd -signedjar DeploymentRuleSet.jar DeploymentRuleSet.jar myCodeSigner | |
goto :end | |
:missingWorkFolder | |
echo C:\javaTemp is missing. Don't know how to continue. | |
goto :end | |
:missingRuleSet | |
echo C:\javaTemp\ruleset.xml is missing. Don't know how to continue. | |
goto :end | |
:end |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
@echo off | |
if not exist C:\javaTemp mkdir C:\javaTemp | |
C: | |
cd \javaTemp | |
cls | |
REM First, generate a self-signed keypair | |
"C:\Program Files\Java\jdk1.7.0_51\bin\keytool.exe" -genkeypair -alias myCodeSigner -keystore myKeyStore.pfx -storetype pkcs12 -storepass Pa$$w0rd -keyalg RSA -keysize 2048 -keypass Pa$$w0rd -validity 365 -dname "CN=myCodeSigner, OU=IT, O=myOrganisation, L=myCity, ST=myState, C=DK" | |
REM Export the public certificate | |
"C:\Program Files\Java\jdk1.7.0_51\bin\keytool.exe" -exportcert -alias myCodeSigner -keystore myKeyStore.pfx -storetype pkcs12 -storepass Pa$$w0rd -file myCodeSigner.cer | |
REM Import the public certificate to the Java keystore | |
"C:\Program Files\Java\jdk1.7.0_51\bin\keytool.exe" -importcert -keystore "C:\Program Files\Java\jre7\lib\security\cacerts" -storepass changeit -alias myCodeSigner -noprompt -file myCodeSigner.cer |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<!-- Example Deployment Rule Set that allow a desktop administrator to control end-user's execution of browser applets. | |
See http://docs.oracle.com/javase/7/docs/technotes/guides/jweb/security/deployment_rules.html --> | |
<ruleset version="1.0+"> | |
<rule> | |
<id location="http://payroll.example.org" /> | |
<action permission="run" /> | |
</rule> | |
<rule> | |
<id location="http://knownvendor.example.com/program" /> | |
<action permission="run" version="SECURE-1.6" /><!-- For example if an application is known not to work on Java 1.7 --> | |
</rule> | |
<rule> | |
<id location="http://localhost" /> | |
<action permission="run" /> | |
</rule> | |
<rule> | |
<id> | |
<certificate algorithm="SHA-256" | |
hash="794F53C746E2AA77D84B843BE942CAB4309F258FD946D62A6C4CCEAB8E1DB2C6" /><!-- Oracle's public certificate hash. Having this will allow things like the Java.com secure version check applet. --> | |
</id> | |
<action permission="run" /> | |
</rule> | |
<rule> | |
<id location="http://*.example.com"> | |
<certificate algorithm="SHA-256" | |
hash="..." /> | |
</id> | |
<action permission="default" version="SECURE" /> | |
</rule> | |
<rule> | |
<id /><!-- Because this is both blank and shown last, it will be the default policy. --> | |
<action permission="block"> | |
<message>Blocked by corporate. Contact myemail@mycompany.com if you need to run this app.</message> | |
<message locale="fr">Bloqué par l'entreprise. Contacter myemail@mycompany.com si vous avez besoin d'exécuter cette application.</message> | |
</action> | |
</rule> | |
</ruleset> |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment