Tuesday, January 2, 2018

Security Algorithms






java.security

Provides the classes and interfaces for the security framework that implements. 
  1. fine-grained access control security architecture.
  2. Generation and storage of cryptographic public key pairs,
  3. A number of exportable cryptographic operations including those for message digest and signature generation. 
  4. Signed/guarded objects and secure random number generation. 
  5. The cryptographic and secure random number generator classes in particular


java.security.cert

classes and interfaces for 
  1. parsing and managing certificates, 
  2. certificate revocation lists (CRLs), 
  3. and certification paths

java.security.AccessController
  1. to decide whether an access to a critical system resource is to be allowed or denied,
  2. based on the security policy currently in effect,
  3. to mark code as being "privileged", thus affecting subsequent 
  4. access determinations, and
  5. to obtain a "snapshot" of the current calling context so access-control
  6. decisions from a different context can be made with respect to 
  7. the saved context.
  8. The checkPermission method determines whether the access request indicated 
  9. by a specified permission should be granted or denied.
  10.  FilePermission perm = new FilePermission("/temp/testFile", "read");
  11.  AccessController.checkPermission(perm);
  12. true=true
  13. false= AccessControlException
java.security.messageDigest

This MessageDigest class provides applications the functionality of a message digest algorithm, such as SHA-1 or SHA-256. Message digests are secure one-way hash functions that take arbitrary-sized data and output a fixed-length hash value.

A MessageDigest object starts out initialized. The data is processed through it using the update methods. At any point reset can be called to reset the digest. Once all the data to be updated has been updated, one of the digest methods should be called to complete the hash computation.

The digest method can be called once for a given number of updates. After digest has been called, the MessageDigest object is reset to its initialized state.

Implementations are free to implement the Cloneable interface. Client applications can test cloneability by attempting cloning and catching the CloneNotSupportedException:


 MessageDigest md = MessageDigest.getInstance("SHA");

 try {
     md.update(toChapter1);
     MessageDigest tc1 = md.clone();
     byte[] toChapter1Digest = tc1.digest();
     md.update(toChapter2);
     ...etc.
  catch (CloneNotSupportedException cnse) {
     throw new DigestException("couldn't make digest of partial content");
 }
 }

Note that if a given implementation is not cloneable, it is still possible to compute intermediate digests by instantiating several instances, if the number of digests is known in advance.

Note that this class is abstract and extends from MessageDigestSpi for historical reasons. Application developers should only take notice of the methods defined in this MessageDigest class; all the methods in the superclass are intended for cryptographic service providers who wish to supply their own implementations of message digest algorithms.

Every implementation of the Java platform is required to support the following standard MessageDigest algorithms:

  • MD5
  • SHA-1
  • SHA-256
These algorithms are described in the MessageDigest section of the Java Cryptography Architecture Standard Algorithm Name Documentation. Consult the release documentation for your implementation to see if any other algorithms are supported.

extends MessageDigestSpi

See also:
DigestInputStream, DigestOutputStream






Abstract class for representing access to a system resource. All permissions have a name (whose interpretation depends on the subclass), as well as abstract functions for defining the semantics of the particular Permission subclass.

Most Permission objects also include an "actions" list that tells the actions that are permitted for the object. For example, for java.io.FilePermission object, the permission name is the pathname of a file (or directory), and the actions list (such as "read, write") specifies which actions are granted for the specified file (or for files in the specified directory). The actions list is optional for Permission objects, such as java.lang.RuntimePermission, that don't need such a list; you either have the named permission (such as "system.exit") or you don't.

An important method that must be implemented by each subclass is the implies method to compare Permissions. Basically, "permission p1 implies permission p2" means that if one is granted permission p1, one is naturally granted permission p2. Thus, this is not an equality test, but rather more of a subset test.

Permission objects are similar to String objects in that they are immutable once they have been created. Subclasses should not provide methods that can change the state of a permission once it has been created.

implements GuardSerializable

See also:
Permissions, PermissionCollection




at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)