An example using the SUN provider - PowerPoint PPT Presentation

1 / 49
About This Presentation
Title:

An example using the SUN provider

Description:

An example using the SUN provider The provider SUN is supplied in Java 2SDK. SUN provides both an implementation of the NIST Digital Signature Algorithm (DSA), and – PowerPoint PPT presentation

Number of Views:76
Avg rating:3.0/5.0
Slides: 50
Provided by: Zeyn9
Category:

less

Transcript and Presenter's Notes

Title: An example using the SUN provider


1
An example using the SUN provider
  • The provider SUN is supplied in Java 2SDK.
  • SUN provides both
  • an implementation of the NIST Digital Signature
    Algorithm (DSA), and
  • an implementation of the MD5 and NIST SHA-1
    message digest algorithms.
  • Class MessageDigest
  • looking at code that generates a message digest
    from a message.
  • MessageDigest messagedigest MessageDigest.
    getInstance("SHA")MessageDigest messagedigest
    MessageDigest.getInstance("SHA", "SUN")
  • getInstance() method can be used in two different
    way.
  • The first requires only the algorithm to be
    specified.
  • The second requires both the algorithm and the
    provider to be specified.
  • Both return an instance of a class that
    implements the SHA algorithm.

2
  • Next, we pass the message through the
    message-digest generator.
  • int n 0   byte
    rgb new byte 1000   while
    ((n inputstreamMessage.read(rgb)) gt -1)  
          
    messagedigest.update(rgb, 0, n) 
     
  • This code works well for large messages of
    unknown length.
  • The update() method also accepts a single byte as
    an argument for messages of a few bytes in
    length, and
  • a byte array for messages of a fixed or
    predictable size.
  •  
  •  The final step involves generating the message
    digest itself.
  • rgb messagedigest.digest
    ()
  • The resulting digest is encoded in an array of
    bytes.

3
Message Digest Algorithm
  • A message digest algorithm computes a (typically
    shorter) fixed-size string from a message called
    the message digest (also known as a digital
    fingerprint).
  • Any change to the original message will result
    in a different message digest, providing a way to
    verify the integrity (that is, check the
    fingerprint) of the original message.

The message digest algorithm creates a message
digest from a message.
4
  • The Complete Source Code for a program that
    Generates a Message

5
  • import java.security.MessageDigest
  • import java.security.NoSuchAlgorithmException
  • import java.io.InputStream
  • import java.io.OutputStream
  • import java.io.FileInputStream
  • import java.io.FileOutputStream
  • import java.io.IOException
  • Public class MessageDigestGenerator
  • public void generateMessageDigest(
    InputStream inputstreamMessage,
  • OutputStream outputstreamMessageDigest)
  • throws NoSuchAlgorithmException,
  • IOException
  • MessageDigest messagedigest
    MessageDigest.getInstance("SHA")
  • int n 0
  • byte rgb new byte 1000
  • while ((n inputstreamMessage.re
    ad(rgb)) gt -1)

6
  • rgb messagedigest.digest()
  • outputstreamMessageDigest.write(rgb)
  • public static void main(String
    rgstring)
  • try
  • FileInputStream fileinputstream new
    FileInputStream(rgstring0)
  • FileOutputStream fileoutputstream new
    FileOutputStream(rgstring1)
  • new MessageDigestGenerator().
    generateMessageDigest (fileinputstream,


  • fileoutputstream)
  • fileinputstream.close()
  • fileoutputstream.close()

7
Classes InputStream OutputStream
  • public abstract class InputStream extends Object
  • This abstract class is the superclass of all
    classes representing an input stream of bytes.
  • Applications that need to define a subclass of
    InputStream must always provide a method that
    returns the next byte of input.
  • public abstract class OutputStream extends Object
  • This abstract class is the superclass of all
    classes representing an output stream of bytes.
  • An output stream accepts output bytes and sends
    them to some sink.
  • Applications that need to define a subclass of
    OutputStream must always provide at least a
    method that writes one byte of output.

8
InputStream class read method detailed
  • int read (byte b)
  • Reads some number of bytes from the input stream
    and stores them into the buffer array b.
  • The number of bytes actually read is returned as
    an integer.
  • This method blocks until input data is available,
    end of file is detected, or an exception is
    thrown.
  • If b is null, a NullPointerException is thrown
  • .If the length of b is zero, then no bytes are
    read and 0 is returned
  • otherwise, there is an attempt to read at least
    one byte.
  • If no byte is available because the stream is at
    end of file, the value -1 is returned
  • otherwise, at least one byte is read and stored
    into b.
  • Parameter b - the buffer into which the data is
    read.
  • Returns the total number of bytes read into the
    buffer, or -1 is there is no more data because
    the end of the stream has been reached.
  • Throws IOException - if an I/O error occurs.
  • NullPointerException- if b is null.

9
OutputStream class write method detailed
  • void write (byte b)
  • Writes b.length bytes from the specified byte
    array to this output stream.
  • The general contract for write(b) is that it
    should have exactly the same effect as the call
  • write(b, 0, b.length).
  • Parameters b - the data.
  • Throws IOException if an I/O error occurs.
  • Class IOException
  • java.lang.Object
  • java.lang.Throwable
  • java.lang.Exception
  • java.io.IOException

10
Class FileInputStream
  • public class FileInputStream extends

  • InputStream
  • A FileInputStream obtains input bytes from a file
    in a file system.
  • What files are available depends on the host
    environment.
  • FileInputStream is meant for reading streams of
    raw bytes such as image data.
  • For reading streams of characters, consider using
    FileReader.

11
FileInputStream Constructor
  • public FileInputStream(String name) throws


  • FileNotFoundException
  • Creates a FileInputStream by opening a connection
    to an actual file, the file named by the path
    name name in the file system.
  • A new FileDescriptor object is created to
    represent this file connection.
  • First, if there is a security manager, its
    checkRead method is called with the name argument
    as its argument.
  • If the named file does not exist, is a directory
    rather than a regular file, or for some other
    reason cannot be opened for reading then a
    FileNotFoundException is thrown.

12
Class FileOutputStream
  • public class FileOutputStream extends
    OutputStream
  • A file output stream is an output stream for
    writing data to a File or to a FileDescriptor.
  • Whether or not a file is available or may be
    created depends upon the underlying platform.
  • Some platforms, in particular, allow a file to be
    opened for writing by only one FileOutputStream
    (or other file-writing object) at a time.
  • In such situations the constructors in this class
    will fail if the file involved is already open.
  • FileOutputStream is meant for writing streams of
    raw bytes such as image data.
  • For writing streams of characters, consider using
    FileWriter.

13
FileOutputStream Constructor
  • public FileOutputStream(String name) throws

  • FileNotFoundException
  • Creates an output file stream to write to the
    file with the specified name.
  • A new FileDescriptor object is created to
    represent this file connection.
  • First, if there is a security manager, its
    checkWrite method is called with name as its
    argument.
  • Parameters name - the system-dependent filename
  • Throws FileNotFoundException
  • if the file exists but is a directory rather
    than a regular file,
  • if the file does not exist but cannot be
    created, or
  • if the file cannot be opened for any other
    reason
  • SecurityException
  • if a security manager exists and its checkWrite
    method denies write access to the file.

14
Key in Cryptographic Circles
  • A key is a piece of information used to encrypt
    and/or decrypt information
  • There are two types of key-based cryptography
  • secret-key and public-key.
  • Secret-key cryptography uses a single key that
    both encrypts and decrypts the information to be
    protected.
  • Both the sender and the receiver must share the
    secret-key.
  • Secret-key cryptography is also known as
    symmetric cryptography.
  • Public-key cryptography uses two keys
  • a public key and a private key.
  • One key decrypts information encrypted with the
    other.
  • Only the private key must be protected.
  • Public key cryptography is used for
    authentication.

15
Class KeyPairGenerator
  • To generate a digital signature (and encrypt
    data), we need keys.
  • Key generation, in its algorithm-independent
    form, is not substantially similar to creating
    and using a message digest.
  • KeyPairGenerator keypairgenerator
  • KeyPairGenerator.getInstance
    ("DSA")
  • this code creates an instance of a class that
    generates DSA-compatible keys.
  • A second (if necessary) argument specifies the
    provider.

16
  • After a key-pair generator instance is created,
    it must be initialized.
  • We can initialize key-pair generators in one of
    two ways
  • algorithm-independent or
    algorithm-dependent.
  • Which method we use depends on the amount of
    control we want over the final result.
  •  keypairgenerator.initialize(1024, new
    SecureRandom())
  • Keys based on different algorithms differ in how
    they're generated, but they have one parameter in
    common -- the key's strength.
  • Strength is a relative term that corresponds
    roughly to how hard the key will be to "break."
  • If we use the algorithm-independent initializer,
    we can specify only the strength -- any
    algorithm-dependent values assume reasonable
    defaults.
  •   

17
  • DSAKeyPairGenerator dsakeypairgenerator
    (DSAKeyPairGenerator)    

      keypairgenerator   DSAParams dsaparams new
    DSAParams()               private BigInteger p
    BigInteger(...)         private BigInteger q
    BigInteger(...)         private BigInteger g
    BigInteger(...)         public BigInteger
    getP()                     return p        
             public BigInteger getQ()        
                return q                 
    public BigInteger getG()        
                return g                 
    dsakeypairgenerator.initialize(dsaparams, new
    SecureRandom())

18
  • While the defaults are usually good enough, if we
    need more control, it is available.
  • Let's assume we used the engine to create a
    generator of DSA-compatible keys, as in the code
    above.
  • The engine loaded and instantiated an instance of
    a class that implements the DSAKeyPairGenerator
    interface.
  • If we cast the generic key-pair generator we
    received to DSAKeyPairGenerator, we then gain
    access to the algorithm-dependent method of
    initialization.
  • To initialize a DSA key-pair generator, we need
    three values
  • the prime P, the subprime Q, and
    the base G.
  • These values are captured in an inner class
    instance that is passed to the initialize()
    method.
  • The SecureRandom class provides a secure source
    of random numbers used in the key-pair
    generation.
  •   return keypairgenerator.generateKeyPai
    r()
  • The final step involves generating the key pair
    itself.

19
  • The Complete Source Code for a program that
    Generates a Key Pair.

20
  • import java.security.Key
  • import java.security.KeyPair
  • import java.security.KeyPairGenerator
  • import java.security.NoSuchAlgorithmException
  • import java.security.SecureRandom
  • import java.io.File
  • import java.io.InputStream
  • import java.io.OutputStream
  • import java.io.FileInputStream
  • import java.io.FileOutputStream
  • import java.io.ObjectInputStream
  • import java.io.ObjectOutputStream
  • import java.io.IOException
  • public class KeyTools
  • public static void writeToFile(Key key,
    File file) throws IOException
  • FileOutputStream fileoutputstream new
    FileOutputStream(file)
  • ObjectOutputStream objectoutputstream new

  • ObjectOutputStream(fileoutputstream)
    objectoutputstream.writeObject(key)
  • objectoutputstream.close()

21
  • public static Key readFromFile(File file)
  • throws ClassNotFoundException,
  • IOException
  • FileInputStream fileinputstream new
    FileInputStream(file)
  • ObjectInputStream objectinputstream new

  • ObjectInputStream (fileinputstream)
  • Key key (Key)objectinputstream.readObject(
    )
  • objectinputstream.close()
  • return key
  • public static void writeToStream(Key key,
    OutputStream outputstream)

  • throws IOException
  • new ObjectOutputStream (outputstream)
    .writeObject(key)
  • public static Key readFromStream
    (InputStream inputstream)
  • throws
    ClassNotFoundException,IOException

22
  • public static KeyPair generateKeyPair()
    throws NoSuchAlgorithmException
  • KeyPairGenerator keypairgenerator
    KeyPairGenerator.getInstance("DSA")
  • keypairgenerator.initialize(1024, new
    SecureRandom())
  • return
  • keypairgenerator.generateKeyPair()
  • public static void main(String
    rgstring)
  • try
  • File filePublic new File(rgstring0)
  • File filePrivate new
    File(rgstring1)
  • KeyPair keypair generateKeyPair()
  • writeToFile(keypair.getPublic(),
    filePublic)
  • writeToFile(keypair.getPrivate(),
    filePrivate)
  • catch (Exception ex)

23
Class ObjectOutputStream
  • An ObjectOutputStream writes primitive data types
    and graphs of Java objects to an OutputStream.
  • public class ObjectOutputStream extends
    OutputStream
  • For example to write an object that can be read
    by the example in ObjectInputStream
  • FileOutputStream fos new FileOutputStream("t.tmp
    ")
  • ObjectOutputStream oos new ObjectOutputStream(fo
    s)
  • oos.writeInt(12345)
  • oos.writeObject ("Today")
  • oos.writeObject(new Date())
  • oos.close()

24
  • Only objects that support the java.io.Serializable
    interface can be written to streams.
  • The class of each serializable object is encoded
    including the class name and signature of the
    class, the values of the object's fields and
    arrays, and the closure of any other objects
    referenced from the initial objects.
  • The method writeObject is used to write an object
    to the stream.
  • Any object, including Strings and arrays, is
    written with writeObject.
  • Multiple objects or primitives can be written to
    the stream.
  • The objects must be read back from the
    corresponding ObjectInputstream with the same
    types and in the same order as they were written

25
  • Digital Signature

26
  • A digital signature is also generated from a
    message.
  • It differs from a message digest because the
    private key of the message generator is
    incorporated into the computation.
  • The result is a message that has been "signed" by
    the one who holds the private key.
  • The computation is carried out in such a way
    that anyone can use the message generator's
    public key to verify that the entity signed it.
  • A good digital signature algorithm guarantees
    that the digital signature can't be forged
    (assuming the private key is secret),
  • that the signature is good for only the message
    from which it was generated,
  • that the message cannot be changed without
    invalidating the signature
  • that the message's authenticity can be verified.

27
The digital signature algorithm creates a digital
signature from a message and a private key.
28
Class Signature
  • The creation and use of an instance of the
    Signature class is also similiar to the two
    previous examples.
  • The differences lie in how the instance is used
    either
  • to sign or
  • to verify a message.
  •     Signature signature
    Signature.getInstance ("DSA")
  • Firstly, we use the engine to get an instance of
    the appropriate type.
  • What we do next depends on whether or not we are
    signing or verifying a message.
  •   
    signature.initSign (privatekey)
  • In order to sign a message, we must first
    initialize the signature instance with the
    private key of the entity that is signing the
    message.
  •   
    signature.initVerify(publickey)
  • In order to verify a message, we must initialize
    the signature instance with the public key of the
    entity that claims it signed the message.

29
  •    int n 0   byte rgb new byte
    1000   while ((n inputstreamMessage.read(rgb
    )) gt -1)         signature.update(rgb, 0,
    n)  
  • Next, regardless of whether or not we are signing
    or verifying, we must pass the message through
    the signature generator.
  • This process is similiar to the earlier example
    of generating a message digest.
  • The final step consists of generating the
    signature or verifying a signature.
  • rgb
    signature.sign()
  • If we are signing a message, the sign() method
    returns the signature.
  •    signature.verify
    (rgbSignature)
  • If we are verifying the signature previously
    generated from a message,
  • we must use the verify() method.
  • It takes as a parameter the previously generated
    signature and determines whether or not it is
    still valid.

30
The Complete Source Code for a program that Signs
a Message
31
  • import java.security.Signature
  • import java.security.PrivateKey
  • import java.security.NoSuchAlgorithmException
  • import java.security.InvalidKeyException
  • import java.security.SignatureException
  • import java.io.File
  • import java.io.InputStream
  • import java.io.FileInputStream
  • import java.io.IOException
  • public class Sign
  • public static byte generateSignature
    (PrivateKey privatekey, InputStream


  • inputstreamMessage)
  • throws NoSuchAlgorithmException,
    nvalidKeyException, SignatureException,


  • IOException
  • Signature signature Signature.getInstance(
    "DSA")
  • signature.initSign (privatekey)
  • int n 0

32
  • public static void main(String rgstring)
  • try
  • File filePrivate new
    File(rgstring0)
  • File fileMessage new
    File(rgstring1)
  • File fileSignature new
    File(rgstring2)
  • PrivateKey privatekey
    (PrivateKey)KeyTools.readFromFile(filePrivate)
  • FileInputStream fileinputstream new
    FileInputStream(fileMessage)
  • byte rgb generateSignature(privateke
    y, fileinputstream)
  • fileinputstream.close()
  • SignatureTools.writeToFile(rgb,
    fileSignature)
  • catch (Exception ex)
  • ex.printStackTrace()

33
  • The Complete Source Code for a program that
    Verifies a Message.

34
  • import java.security.Signature
  • import java.security.PublicKey
  • import java.security.NoSuchAlgorithmException
  • import java.security.InvalidKeyException
  • import java.security.SignatureException
  • import java.io.File
  • import java.io.InputStream
  • import java.io.IOException
  • import java.io.OutputStream
  • import java.io.FileInputStream
  • import java.io.FileOutputStream
  • public class Verify
  • public static boolean verifySignature
    (PublicKey publickey,
  • Input Stream inputstreamMessage,
    byte rgbSignature)
  • throws NoSuchAlgorithmException,
    InvalidKeyException,
  • SignatureException,IOException
  • Signature signature Signature.getInstance("DSA")
  • signature.initVerify(publickey)

35
  • public static void main(String
    rgstring)
  • try
  • File filePublic new File(rgstring0)
  • File fileMessage new
    File(rgstring1)
  • File fileSignature new
    File(rgstring2)
  • PublicKey publickey (PublicKey)KeyTools
    .readFromFile(filePublic)
  • FileInputStream fileinputstream new
    FileInputStream(fileMessage)
  • byte rgb SignatureTools.readFromFile
    (fileSignature)
  • if (verifySignature (publickey,
    fileinputstream, rgb))
  • System.out.println ("true")
  • else
  • System.out.println ("false")
  • fileinputstream.close()

36
  • The JCA conveniently hides all the low-level
    implementation and algorithm-specific details,
    allowing you to work at a higher, more abstract
    level.
  • Of course, one of the risks of such an abstract
    approach is the increased likelihood that we
    won't recognize erroneous output resulting from
    bugs.
  • Given the role of cryptography, this can be a
    significant problem.
  • Consider the "off-by-one" bug in the update line
    below
  •    int n 0   byte rgb new byte
    1000   while ((n inputstreamMessage.read(rgb
    )) gt -1)         messagedigest.update(rgb, 0,
    n - 1)  

37
  • SUN version 1.5    sun.security.provider.Sun
  • SunRsaSign version 1.5   
  •  sun.security.rsa.SunRs
    aSign
  • SunJSSE version 1.5
  •      com.sun.net.ssl.internal.
    ssl.Provider
  • SunJCE version 1.5
  •  com.sun.crypto.provider.S
    unJCE
  • SunJGSS version 1.0     
  • sun.security.jgss.SunPro
    vider
  • SunSASL version 1.5

  • com.sun.security.sasl.
    Provider
  • SunDeploy-MSCrypto 1.5  version  
  • com.sun.deploy.security.MSCryptoProvid
    er

38
  • package sun.security.provider
  • import java.io.
  • import java.util. import java.security.
  • public final class Sun extends Provider
  • private static final String INFO "SUN "
    "(DSA key/parameter generation DSA signing "
    "SHA-1, MD5 digests SecureRandom X.509
    certificates JKS keystore)"
  • public Sun() / We are the SUN provider /
  • super("SUN", 1.2, INFO)
  • AccessController.doPrivileged(new
    java.security.PrivilegedAction()
  • public Object run() / Signature engines
    /
  • put("Signature.SHA1withDSA", "sun.security.provid
    er.DSA")
  • put("Alg.Alias.Signature.DSA", "SHA1withDSA")
  • put("Alg.Alias.Signature.DSS", "SHA1withDSA")
  • put("Alg.Alias. Signature. SHA/DSA",
    "SHA1withDSA")
  • put("Alg.Alias.Signature.SHA-1/DSA",
    "SHA1withDSA")
  • put("Alg.Alias.Signature.SHA1/DSA",
    "SHA1withDSA")
  • put("Alg.Alias.Signature.SHAwithDSA",
    "SHA1withDSA")
  • put("Alg.Alias.Signature.DSAWithSHA1",
    "SHA1withDSA")
  • put("Alg.Alias.Signature.OID.1.2.840.10040.4.3",
    "SHA1withDSA")
  • put("Alg.Alias.Signature.1.2.840.10040.4.3",
    "SHA1withDSA")

39
  • Key Pair Generator engines /
  • put( KeyPairGenerator.DSA", "sun.security.provide
    r.DSAKeyPairGenerator")
  • put("Alg.Alias.KeyPairGenerator.OID.1.2.840.10040.
    4.1", "DSA")
  • put("Alg.Alias.KeyPairGenerator.1.2.840.10040.4.1"
    , "DSA")
  • put("Alg.Alias.KeyPairGenerator.1.3.14.3.2.12",
    "DSA")
  • / Digest engines /
  • put("MessageDigest.MD5", "sun.security.provider.M
    D5")
  • put( "MessageDigest.SHA", "sun.security.provider.
    SHA")
  • put("Alg.Alias.MessageDigest.SHA-1", "SHA")
  • put("Alg.Alias.MessageDigest.SHA1", "SHA")
  • / Algorithm Parameter Generator engines /
  • put ("AlgorithmParameterGenerator.DSA",
  • "sun.security.provider.DSAParam
    eterGenerator")
  • / Algorithm Parameter engines /
  • put("AlgorithmParameters.DSA", "sun.security.provi
    der.DSAParameters")
  • put("Alg.Alias.AlgorithmParameters.1.3.14.3.2.12",
    "DSA")
  • put("Alg.Alias.AlgorithmParameters.1.2.840.10040.4
    .1", "DSA")
  • / Key factories /
  • put( KeyFactory.DSA", "sun.security.provider.DSAK
    eyFactory")

40
  • / SecureRandom /
  • put("SecureRandom.SHA1PRNG", "sun.security.provide
    r.SecureRandom")
  • / Certificates /
  • put("CertificateFactory.X509", "sun.security.provi
    der.X509Factory")
  • put("Alg.Alias.CertificateFactory.X.509",
    "X509")
  • / KeyStore /
  • put ("KeyStore. JKS", "sun.security.provider.Java
    KeyStore")
  • / KeySize /
  • put("Signature.SHA1withDSA KeySize", "1024")
  • put("KeyPairGenerator.DSA KeySize", "1024")
    put("AlgorithmParameterGenerator.DSA KeySize",
    "1024")
  • / Implementation type software or hardware
    /
  • put("Signature.SHA1withDSA ImplementedIn",
    "Software")
  • put("KeyPairGenerator.DSA ImplementedIn",
    "Software")
  • put("MessageDigest.MD5 ImplementedIn",
    "Software")
  • put("MessageDigest.SHA ImplementedIn",
    "Software")
  • put("AlgorithmParameterGenerator.DSA
    ImplementedIn", "Software")
  • put("AlgorithmParameters.DSA ImplementedIn",
    "Software")
  • put("KeyFactory.DSA ImplementedIn", "Software")
  • put("SecureRandom.SHA1PRNG ImplementedIn",
    "Software")

41
Example Java Security Providers
  • The following Java2 applet enumerates all the
    Java Security Providers available to the j2re and
    their associated properties and values.
  • These property values specify the
    engine.algorithms and the classes that implement
    them, as well as other properties.
  • The public method of the applet is accessed by a
    scripted call to the method from JavaScript.
  • The method returns the data in a formatted table
    string.
  • A JavaScript function embeds the table of
    results into a simple html page in another
    scripted window.

42
  • import java.io.
  • import java.util.
  • import java.awt.
  • import java.security.
  • public class SecProviders extends
    java.applet.Applet
  • public void init() // end init()
  • public String getSecurityProviders()
  • StringBuffer strbuff new
    StringBuffer(10000)
  • //typical size of buffer to hold html string
    output
  • try
  • Provider p
    Security.getProviders()
  • strbuff.append("lttable
    border1 cellpadding 3gt")
  • for (int i 0 i lt p.length i)
  • strbuff.append("lttrgtlttd bgcolor blue colspan
    2gtltfont size1 coloryellowgtltbgt" pi
    "nbsp nbsp nbsp nbsp"
  • pi. getClass(). getName()
    "lt/bgtlt/fontgtlt/trgt\r\n")

43
  • for (Enumeration e pi.keys()

  • e.hasMoreElements())
  • String key (String)
    e.nextElement()
  • strbuff.append("lttrgtlttdgt" key "lt/tdgtlttdgt"
    pi.getProperty(key) "lt/tdgtlt/trgt\r\n")
  • strbuff.append("lt/tablegt\r\n"
    )
  • return
    strbuff.toString()
  • catch (Exception e)
  • return e.toString()

44
The subclasses of the Provider class
  • For each service implemented by the provider,
    there must be a property whose name is the type
    of service
  • Signature.algName one or more spaces attrName
  • MessageDigest.algName one or more spaces
    attrName
  • KeyPairGenerator.algName one/more spaces
    attrName
  • SecureRandom.algName one /spaces attrName
  • KeyFactory.algName one / spaces attrName
  • CertificateFactory.certType one or more spaces
    attrName
  • KeyStore.storeType one or more spaces attrName
  • AlgorithmParameterGenerator.algName one /
    spaces attrName
  • AlgorithmParameters.algName one / more spaces
    attrName

45
Java Security Provider Examples
  • The default provider "SUN" implements the
    SHA1withDSA Digital Signature Algorithm in
    software.
  • In the master class for the provider "SUN", it
    sets the "Signature.SHA1withDSA ImplementedIn" to
    have the value "Software" via the following
  • put ("Signature.SHA1withDSA ImplementedIn",
    "Software")
  • The default provider "SUN" implements the
    Digital Signature Algorithm (whose standard name
    is "SHA1withDSA") in a class named DSA in the
    sun.security.provider package.
  • Its subclass of Provider sets the
    Signature.SHA1withDSA property to have the value
    "sun.security.provider.DSA" via the following
  • put("Signature.SHA1withDSA", "sun.security.provide
    r.DSA")

46
getProvidersmethod
  • public static Provider getProviders()
  • Returns an array containing all the installed
    providers. The order of the providers in the
    array is their preference order.
  • Returns an array of all the installed providers.

47
getProvidermethod
  • public static Provider getProvider(String name)
  • Returns the provider installed with the specified
    name, if any.
  • Returns null if no provider with the specified
    name is installed.
  • Parameters name - the name of the provider to
    get.
  • Returns he provider of the specified name.

48
get Providers method
  • public static Provider getProviders (Map
    filter)
  • Returns an array containing all installed
    providers that satisfy the specified selection
    criteria, or
  • Returns null if no such providers have been
    installed.
  • The returned providers are ordered according to
    their preference order
  • Parameters filter - the criteria for selecting
    providers. The filter is case-insensitive.
  • Returns all the installed providers that
    satisfy the selection criteria, or null if no
    such providers have been installed.
  • Throws InvalidParameterException - if the
    filter is not in the required format
  • The selection criteria are represented by a map.
  • Each map entry represents a selection criterion.
  • A provider is selected iff it satisfies all
    selection criteria.

49
The key entry
  • The key for any entry in such a map must be in
    one of the following two formats
  • ltcrypto_servicegt.ltalgorithm_or
    _typegt
  • MessageDigest.SHA-384 , MessageDigest.MD5 ,
  • The cryptographic service name must not contain
    any dots.
  • The value associated with the key must be an
    empty string.
  • A provider satisfies this selection criterion
    iff the provider implements the specified
    algorithm or type for the specified cryptographic
    service.
  • ltcrypto_servicegt.ltalgorithm_or_typegt
    ltattribute_namegt
  • Provider.id className , Provider.id version ,
    KeyStore.JKS ImplementedIn ,
  • MessageDigest.SHA ImplementedIn ,
    KeyFactory.DSA ImplementedIn
  • The cryptographic service name must not contain
    any dots.
  • The value associated with the key must be a
    non-empty string.
  • A provider satisfies this selection criterion iff
    the provider implements the specified algorithm
    or type for the specified cryptographic service
    and its implementation meets the constraint
    expressed by the specified attribute name/value
    pair.
Write a Comment
User Comments (0)
About PowerShow.com