The aglet's policy file parser
(com.ibm.aglets.security.PolicyFileReader) does not
interpret the 'keystore' directive. Instead, it throws
an exception.
Furthermore (and more significant) the Aglets
Framework does not seem to support code authentication
based on signed jar files, DESPITE WHAT IS WRITTEN in
the aglets book, page 185, and at
http://www.trl.ibm.com/aglets/relnotes11b1.html
The framework simply IGNORES the 'signedBy' directive
(although the PolicyFileReader parses it), granting
persmissions to unsigned code.
I don't know if it is a bug in the AgletClassLoader
(which extends ClassLoader, NOT SecureClassLoader or
URLClassLoader) or the JarAgletClassLoader, or in the
Policy implementation.
As it is obvious from AgletRunTime, the keystore used
for user authentication is (unless otherwise
specified) ${user.home}/.keystore.
