17 March, 2014

Deploying Java 7 Update 51

With Java 7 Update 51, Oracle really beefed up the various security settings, making it even more annoying to deploy java, in a way where you don't bother your users with update reminders, certificate errors and whatnot.

I've tried to gather bits and pieces over the last couple of months (ever since Java 7 Update 40, when rulesets were introduced), as my time permitted it. This is just my attempt to gather all the information I've found and tested in one place.

Most of the important bits I've found here:
https://blogs.oracle.com/java-platform-group/entry/introducing_deployment_rule_sets
This entire mini-guide is based on Java 7 Update 51, installed on a 32-bit Windows Vista (or newer) computer. I'm assuming that you don't have a certificate issued by an approved certificate authority, and as such that you, at least for testing purposes, are going to need a self-signed certificate.

First off, you'll need the Java Development Kit (JDK) in order to package and sign the ruleset. So start by downloading and installing it http://www.oracle.com/technetwork/java/javase/downloads/index.html.

For most of the following steps, you'll need your Administrator Command Prompt:
  1. Open your Start-menu.
  2. In the search-field of your Start-menu, type "cmd" (without the "quotes").
  3. In the list of found items, right click the "cmd" program and select Run as administrator.
Now that you've installed the JDK, you can generate your own, self-signed, public/private key pair. To simplify this process (and to make it prettier) I've created a small batch file on GitHub: What this file does, is:
Line 2-5: Check if the (work) folder "C:\javaTemp" exists, and create it if it doesn't. Then change the work folder to "C:\javaTemp".
Line 7: Generates the certificate key pair.
Line 9: Exports the public certificate.
Line 11: Imports the public certificate into the Java keystore.

For a more in-depth explanation of what the various commands do, please use Google and Oracle's documentation.

Now that the certificate is created and ready to use, it's time to create your ruleset. I've used Oracle's examples as a reference in this guide. I suggest you use the same, and modify it to your needs. I suggest that you read the "action" tag description in the documentation from Oracle. Here's an example taken directly from Oracle:
Save that to your work folder (in my guide here, that work folder is "C:\javaTemp"). It is important that your XML is valid. I've found that an easy way to quickly validate the XML file, is to open it in Internet Explorer. If you've forgotten to close a tag, then Internet Explorer will complain about it ;)

Now you'll need to package the ruleset.xml to DeploymentRuleSet.jar. It's very important that you do not specify the aboslute path to ruleset.xml. I learned this the hard way. It's basically just two commands, which I've made into a small batch script here:
What this file does:
Line 2-6: Check if the (work) folder "C:\javaTemp" exists, and that "C:\javaTemp\ruleset.xml exists", if not then give an error and stop the script.
Line 9: Compress the "ruleset.xml" into "DeploymentRuleSet.jar".
Line 11: Sign "DeploymentRuleSet.jar".
Line 12-22: Some error handling.

Now copy the signed "DeploymentRuleSet.jar" to "C:\Winwows\Sun\Java\Deployment" and you're ready to test it.

You can also copy my pre-made "deployment.config" and "deployment.properties" to the "C:\Windows\Sun\Java\Deployment" folder:
I might add my transform file later.