Book Home Java Security Search this book

Appendix D. Quick Reference

Contents:

Package java.security
Package java.security.cert
Package java.security.interfaces
Package java.security.spec
Package javax.crypto
Package javax.crypto.interfaces
Package javax.crypto.spec
Miscellaneous Packages

This appendix contains a quick-reference guide to the classes that we have discussed in this book. The primary focus is on classes that are in the java.security package and its sub-packages, as well as the javax.crypto extension package. Accordingly, the classes listed in this appendix are organized by their primary package. Of course, there are a number of security-related classes--such as the various permission classes--that do not belong to one of these packages; these are listed in Section D.8, "Miscellaneous Packages" at the end of this appendix. Information in this appendix is based only on Java 1.2.[1]

[1]1.2 is now Java 2.

D.1. Package java.security

Class java.security.AccessControlContext

An access control context allows the access controller to substitute a different context (that is, a different set of protection domains) than the context provided by the stack of the current thread. This class might be used by a server thread to determine if a particular calling thread should be allowed to perform particular operations.

Class Definition

public final class java.security.AccessControlContext
	extends java.lang.Object {

	// Constructors
	public AccessControlContext(ProtectionDomain[]);

	// Instance Methods
	public void checkPermission(Permission);
	public boolean equals(Object);
	public int hashCode();
}

See also: AccessController

Class java.security.AccessController

The access controller is responsible for determining whether or not the current thread can execute a given operation. This decision occurs in the checkPermission() method and is based upon all the protection domains that are on the stack of the calling thread and the set of permissions that have been granted to those protection domains. The access controller is heavily used by the security manager to enforce a specific security policy, and it may be used by arbitrary code to enforce an application-specific security policy as well.

Class Definition

public final class java.security.AccessController
	extends java.lang.Object {

	// Class Methods
	public static native Object doPrivileged(PrivilegedAction);
	public static native Object doPrivileged(PrivilegedAction, 
                               AccessControlContext);
	public static native Object
                               doPrivileged(PrivilegedExceptionAction);
	public static native Object doPrivileged(PrivilegedExceptionAction, 
                               AccessControlContext);
	public static void checkPermission(Permission);
	public static AccessControlContext getContext();
}

See Also:Permission, ProtectionDomain, Policy

Class java.security.AlgorithmParameterGenerator

This engine class is used to generate algorithm-specific parameters, which may then be turned into algorithm parameters specifications to be used to initialize other engine classes. In normal usage, those engines can be initialized directly via the same init() methods that exist in this class; hence, this class is little used.

Class Definition

public class java.security.AlgorithmParameterGenerator {

	// Constructors
	protected AlgorithmParameterGenerator(
					AlgorithmParameterGeneratorSpi, Provider, String);

	// Class Methods
	public static final AlgorithmParameterGenerator
										getInstance(String);
	public static final AlgorithmParameterGenerator
									getInstance(String, String);

	// Instance Methods
	public final String getAlgorithm();
	public final Provider getProvider();
	public final void init(int);
	public final void init(int, SecureRandom);
	public final void init(AlgorithmParameterSpec);
	public final void init(AlgorithmParameterSpec, SecureRandom);
	public final AlgorithmParameters generateParameters();
}

See also: AlgorithmParameters

Class java.security.AlgorithmParameterGeneratorSpi

This class is the Security Provider Interface for the algorithm parameter generator. If you want to implement your own algorithm parameter generator, you subclass this class and register your implementation with an appropriate security provider.

Class Definition

public abstract class java.security.AlgorithmParameterGeneratorSpi {

	// Instance Methods
	protected abstract void engineInit(int, SecureRandom);
	protected abstract void engineInit(
								AlgorithmParameterSpec, SecureRandom);
	protected abstract AlgorithmParameters engineGenerateParameters();
}

See also: AlgorithmParameterGenerator

Class java.security.AlgorithmParameters

This engine class is used to generate algorithm-specific parameter specifications, which may then be used to initialize other engine classes. In normal usage, those engines can be initialized directly via the same init() methods that exist in this class; hence, this class is little used.

Class Definition

public class java.security.AlgorithmParameters {

	// Class Methods
	public static final AlgorithmParameters getInstance(String);
	public static final AlgorithmParameters getInstance(
									String, String);

	// Constructors
	protected AlgorithmParameters(AlgorithmParametersSpi,
								Provider, String);
	// Instance Methods
	public final String getAlgorithm();
	public final Provider getProvider();
	public final void init(AlgorithmParameterSpec);
	public final void init(byte[]);
	public final void init(byte[], String);
	public final AlgorithmParameterSpec getParameterSpec(Class);
	public final byte[] getEncoded();
	public final byte[] getEncoded(String);
	public final String toString();
}

See also: KeyPairGenerator

Class java.security.AlgorithmParametersSpi

This is the Security Provider Interface for algorithm parameters. If you want to implement your own algorithm parameters, you do so by subclassing this class and registering your implementation with an appropriate security provider.

Class Definition

public abstract class java.security.AlgorithmParametersSpi
		extends java.lang.Object {

	// Constructors
	public AlgorithmParametersSpi();

	// Protected Instance Methods
	protected abstract byte[] engineGetEncoded();
	protected abstract byte[] engineGetEncoded(String);
	protected abstract AlgorithmParameterSpec
							engineGetParameterSpec(Class);
	protected abstract void engineInit(AlgorithmParameterSpec);
	protected abstract void engineInit(byte[]);
	protected abstract void engineInit(byte[], String);
	protected abstract String engineToString();
}

See also: AlgorithmParameters

Class java.security.AllPermission

This class represents permissions to perform any operation. This permission is typically granted to extension classes, which (like the core API) need to be able to perform any operation. Although it is a permission class, instances of this class have no name and no actions. The implies() method of this class always returns true.

Class Definition

public final class java.security.AllPermission
	extends java.security.Permission {

	// Constructors
	public AllPermission();
	public AllPermission(String, String);

	// Instance Methods
	public boolean equals(Object);
	public String getActions();
	public int hashCode();
	public boolean implies(Permission);
	public PermissionCollection newPermissionCollection();
}

See also: Permission

Class java.security.BasicPermission

A basic permission represents a binary permission--that is, a permission that you either have or do not have. Hence, the action string in a basic permission is unused. A basic permission follows the same naming convention as java properties: a series of period-separated words, like "exitVM" or "xyz.payrollPermission". The BasicPermission class is capable of wildcard matching if the last word in the permission is an asterisk. This class serves as the superclass for a number of default permission classes.

Class Definition

public abstract class java.security.BasicPermission
	extends java.security.Permission
	implements java.io.Serializable {

	// Constructors
	public BasicPermission(String);
	public BasicPermission(String, String);

	// Instance Methods
	public boolean equals(Object);
	public String getActions();
	public int hashCode();
	public boolean implies(Permission);
	public PermissionCollection newPermissionCollection();
}

See also: Permission, PermissionCollection

Class java.security.CodeSource

A code source encapsulates the location from which a particular class was loaded and the public keys (if any) that were used to sign the class. This information is used by a secure class loader to define a protection domain associated with the class; typically, the class loader is the only object that uses a code source.

Class Definition

public class java.security.CodeSource
	extends java.lang.Object
	implements java.io.Serializable {

	// Constructors
	public CodeSource(URL, Certificate[]);

	// Instance Methods
	public boolean equals(Object);
	public final Certificate[] getCertificates();
	public boolean implies();
	public final URL getLocation();
	public int hashCode();
	public String toString();
}

See also: SecureClassLoader, ProtectionDomain

Class java.security.DigestInputStream

A digest input stream is an input filter stream that is associated with a message digest object. As data is read from the input stream, it is automatically passed to its associated message digest object; once all the data has been read, the message digest object will return the hash of the input data. You must have an existing input stream and an initialized message digest object to construct this class; once the data has passed through the stream, call the methods of the message digest object explicitly to obtain the hash.

Class Definition

public class java.security.DigestInputStream
	extends java.io.FilterInputStream {

	// Variables
	protected MessageDigest digest;

	// Constructors
	public DigestInputStream(InputStream, MessageDigest);

	// Instance Methods
	public MessageDigest getMessageDigest();
	public void on(boolean);
	public int read();
	public int read(byte[], int, int);
	public void setMessageDigest(MessageDigest);
	public String toString();
}

See also: DigestOutputStream, MessageDigest

a>
Class java.security.DigestOutputStream

A digest output stream is a filter output stream that is associated with a message digest object. When data is written to the output stream, it is also passed to the message digest object so that when the data has all been written to the output stream, the hash of that data may be obtained from the digest object. You must have an existing output stream and an initialized message digest object to use this class.

Class Definition

public classs java.security.DigestOutputStream
	extends java.io.FilterOutputStream {

	// Variables
	protected MessageDigest digest;

	// Constructors
	public DigestOutputStream(OutputStream, MessageDigest);

	// Instance Methods
	public MessageDigest getMessageDigest();
	public void on(boolean);
	public void setMessageDigest(MessageDigest);
	public String toString();
	public void write(int);
	public void write(byte[], int, int);
}

See also: DigestInputStream, MessageDigest

Interface java.security.Guard

An object of a class that implements the Guard interface may be used to protect access to a resource. In typical usage, a guard is an object of the Permission class, so that access to the guarded resource is granted if and only if the current thread has been granted the given permission. This interface is used by the GuardedObject class to guard access to another object.

Interface Definition

public abstract interface java.security.Guard {

	// Instance Methods
	public abstract void checkGuard(Object);
}

See also: GuardedObject, Permission

Class java.security.GuardedObject

A guarded object is a container for another object. The contained object is guarded using an object that implements the Guard interface; in typical usage, that would be an instance of a Permission object. The guarded object stores a serialized version of the object it contains; the contained object will be deserialized and returned by the getObject() method only if the guard object allows access.

Class Definition

public class java.security.GuardedObject
	extends java.lang.Object
	implements java.io.Serializable {

	// Constructors
	public GuardedObject(Serializable, Guard);

	// Instance Methods
	public Object getObject();
}

See also: Guard

Class java.security.Identity

An identity encapsulates public knowledge about an entity (that is, a person or a corporation--or anything that could hold a public key). Identities have names and may hold a public key, along with a certificate chain to validate the public key. An identity may belong to an identity scope, but this feature is optional and is not typically used. This class is deprecated in 1.2.

Class Definition

public abstract class java.security.Identity
	extends java.lang.Object
	implements java.security.Principal, java.io.Serializable {

	// Constructors
	protected Identity();
	public Identity(String);
	public Identity(String, IdentityScope);

	// Instance Methods
	public void addCertificate(Certificate);
	public final boolean equals(Object);
	public Certificate[] certificates();
	public String getInfo();
	public final String getName();
	public PublicKey getPublicKey();
	public final IdentityScope getScope();
	public int hashCode();
	public void removeCertificate(Certificate);
	public void setInfo(String);
	public void setPublicKey(PublicKey);
	public String toString();
	public String toString(boolean);

	// Protected Instance Methods
	protected boolean identityEquals(Identity);
}

See also: Certificate, IdentityScope, Principal, PublicKey

Class java.security.IdentityScope

An identity scope is a collection of identities; an identity may belong to a single identity scope. The notion is that scope is recursive: an identity scope may itself belong to another identity scope (or it may be unscoped). This class is deprecated in Java 1.2.

Class Definition

public abstract class java.security.IdentityScope
	extends java.security.Identity {

	// Constructors
	protected IdentityScope();
	public IdentityScope(String);
	public IdentityScope(String, IdentityScope);

	// Class Methods
	public static IdentityScope getSystemScope();
	protected static void setSystemScope(IdentityScope);

	// Instance Methods
	public abstract void addIdentity(Identity);
	public abstract Identity getIdentity(String);
	public Identity getIdentity(Principal);
	public abstract Identity getIdentity(PublicKey);
	public abstract Enumeration identities();
	public abstract void removeIdentity(Identity);
	public abstract int size();
	public String toString();
}

See also: Identity

Interface java.security.Key

A key is essentially a series of bytes that are used by a cryptographic algorithm. Depending on the type of the key, the key may be used only for particular operations and only for particular algorithms, and it may have certain mathematical properties (including a mathematical relationship to other keys). The series of bytes that comprise a key is the encoded format of the key.

Interface Definition

public abstract interface java.security.Key
	implements java.io.Serializable {

	// Instance Methods
	public abstract String getAlgorithm();
	public abstract byte[] getEncoded();
	public abstract String getFormat();
}

See also: PrivateKey, PublicKey, SecretKey

Class java.security.KeyFactory

A key factory is an engine class that is capable of translating between public or private key objects and their external format (and vice versa). Hence, key factories may be used to import or export keys, as well as to translate keys of one class (e.g., com.acme.DSAPublicKey) to another class (e.g., com.xyz.DSAPublicKeyImpl) as long as those classes share the same base class. Key factories operate in terms of key specifications; these specifications are the various external formats in which a key may be transmitted. Keys are imported via the generatePublic() and generatePrivate() methods, they are exported via the getKeySpec() method, and they are translated via the translateKey() method.

Class Definition

public class java.security.KeyFactory
	extends java.lang.Object {

	// Constructors
	protected KeyFactory(KeyFactorySpi, Provider, String);

	// Class Methods
	public static final KeyFactory getInstance(String);
	public static final KeyFactory getInstance(String, String);

	// Instance Methods
	public final PrivateKey generatePrivate(KeySpec);
	public final PublicKey generatePublic(KeySpec);
	public final String getAlgorithm();
	public final KeySpec getKeySpec(Key, Class);
	public final Provider getProvider();
	public final Key translateKey(Key);
}

See also: KeyFactorySpi, KeySpec

Class java.security.KeyFactorySpi

This is the Service Provider Interface for a key factory; if you want to implement your own key factory, you do so by extending this class and registering your implementation with an appropriate security provider. Instances of this class are expected to know how to create key objects from external key specifications and vice versa.

Class Definition

public abstract class java.security.KeyFactorySpi
	extends java.lang.Object {

	// Constructors
	public KeyFactorySpi();

	// Protected Instance Methods
	protected abstract PrivateKey engineGeneratePrivate(KeySpec);
	protected abstract PublicKey engineGeneratePublic(KeySpec);
	protected abstract KeySpec engineGetKeySpec(Key, Class);
	protected abstract Key engineTranslateKey(Key);
}

See also: KeyFactory, KeySpec

Class java.security.KeyPair

Public and private keys are mathematically related to each other and hence are generated together; this class provides an encapsulation of both the keys as a convenience to key generation.

Class Definition

public final class java.security.KeyPair
	extends java.lang.Object {

	// Constructors
	public KeyPair(PublicKey, PrivateKey);

	// Instance Methods
	public PrivateKey getPrivate();
	public PublicKey getPublic();
}

See also: KeyPairGenerator, PrivateKey, PublicKey

Class KeyPairGenerator

This is an engine class that is capable of generating a public key and its related private key. Instances of this class will generate key pairs that are appropriate for a particular algorithm (DSA, RSA, etc.). A key pair generator may be initialized to return keys of a particular strength (which is usually the number of bits in the key), or it may be initialized in an algorithmic-specific way; the former case is the one implemented by most key generators. An instance of this class may be used to generate any number of key pairs.

Class Definition

public abstract class java.security.KeyPairGenerator
	extends java.security.KeyPairGeneratorSpi {

	// Constructors
	protected KeyPairGenerator(String);

	// Class Methods
	public static KeyPairGenerator getInstance(String);
	public static KeyPairGenerator getInstance(String, String);

	// Instance Methods
	public final KeyPair genKeyPair();
	public String getAlgorithm();
	public final Provider getProvider();
	public void initialize(int);
	public void initialize(int, SecureRandom)
	public void initialize(AlgorithmParameterSpec, SecureRandom);
	public void initialize(AlgorithmParameterSpec);
}

See also: AlgorithmParameterSpec, KeyPair

Class KeyPairGeneratorSpi

This is the Service Provider Interface class for the key pair generation engine; if you want to implement your own key pair generator, you must extend this class and register your implementation with an appropriate security provider. Instances of this class must be prepared to generate key pairs of a particular strength (or length); they may optionally accept an algorithmic-specific set of initialization values.

Class Definition

public abstract class java.security.KeyPairGeneratorSpi
	extends java.lang.Object {

	// Constructors
	public KeyPairGeneratorSpi();

	// Instance Methods
	public abstract KeyPair generateKeyPair();
	public abstract void initialize(int, SecureRandom);
	public void initialize(AlgorithmParameterSpec, SecureRandom);
}

See also: AlgorithmParameterSpec, KeyPairGenerator, SecureRandom

Class java.security.KeyStore

This class is responsible for maintaining a set of keys and their related owners. In the default implementation, this class maintains the .keystore file held in the user's home directory, but you may provide an alternate implementation of this class that holds keys anywhere: in a database, on a remote filesystem, on a Java smart card, or any and all of the above. The class that is used to provide the default keystore implementation is specified by the keystore property in the $JDKHOME/lib/java.security file. The keystore may optionally require a passphrase for access to the entire keystore (via the load() method); this passphrase is often used only for sanity checking and is often not specified at all. On the other hand, private keys in the keystore should be protected (e.g., encrypted) by using a different passphrase for each private key.

Note that although the keystore associates entities with keys, it does not rely upon the Identity class itself.

Class Definition

public abstract class java.security.KeyStore
	extends java.lang.Object {

	// Constructors
	protected KeyStore(KeyStoreSpi, Provider, String);

	// Class Methods
	public static final String getDefaultType();
	public static KeyStore getInstance(String);
	public static KeyStore getInstance(String, String);

	// Instance Methods
	public final Enumeration aliases();
	public final boolean containsAlias(String);
	public final void deleteEntry(String);
	public final Certificate getCertificate(String);
	public final String getCertificateAlias(Certificate);
	public final Certificate[] getCertificateChain(String);
	public final Date getCreationDate(String);
	public final Key getKey(String, char[]);
	public final Provider getProvider();
	public final String getType();
	public final boolean isCertificateEntry(String);
	public final boolean isKeyEntry(String);
	public final void load(InputStream, char[]);
	public final void setCertificateEntry(String, Certificate);
	public final void setKeyEntry(String, Key, char[], Certificate[]);
	public final void setKeyEntry(String, byte[], Certificate[]);
	public final int size();
	public final void store(OutputStream, char[]);
}

See also: Certificate, PublicKey

Class java.security.MessageDigest

The message digest class is an engine class that can produce a one-way hash value for any arbitrary input. Message digests have two properties: they produce a unique hash for each set of input data (subject to the number of bits that are output), and the original input data is indiscernible from the hash output. The hash value is variously called a digital fingerprint or a digest. Message digests are components of digital signatures, but they are useful in their own right to verify that a set of data has not been corrupted. Once a digest object is created, data may be fed to it via the update() methods; the hash itself is returned via the digest() method.

Class Definition

public abstract class java.security.MessageDigest
	extends java.security.MessageDigestSpi {

	// Constructors
	protected MessageDigest(String);

	// Class Methods
	public static MessageDigest getInstance(String);
	public static MessageDigest getInstance(String, String);
	public static boolean isEqual(byte[], byte[]);

	// Instance Methods
	public Object clone();
	public byte[] digest();
	public byte[] digest(byte[]);
	public int digest(byte[], int, int);
	public final String getAlgorithm();
	public final int getDigestLength();
	public final Provider getProvider();
	public void reset();
	public String toString();
	public void update(byte);
	public void update(byte[]);
	public void update(byte[], int, int);
}
Class java.security.MessageDigestSpi

This is the Service Provider Interface for the message digest engine; if you want to implement your own message digest class, you do so by extending this class and registering your implementation with an appropriate security provider. Since the MessageDigest class itself extends this class, you may also extend the MessageDigest class directly. Implementations of this class are expected to accumulate a hash value over data that is fed to it as a series of arbitrary bytes.

Class Definition

public abstract class java.security.MessageDigestSpi
	extends java.lang.Object {

	// Constructors
	public MessageDigestSpi();

	// Instance Methods
	public Object clone();

	// Protected Instance Methods
	protected abstract byte[] engineDigest();
	protected int engineDigest(byte[], int, int);
	protected int engineGetDigestLength();
	protected abstract void engineReset();
	protected abstract void engineUpdate(byte);
	protected abstract void engineUpdate(byte[], int, int);
}

See also: MessageDigest

Class java.security.Permission

This class forms the base class for all types of permissions that are used by the access controller. A permission object encapsulates a particular operation (e.g., reading the file /tmp/foo). It does not, however, grant permission for that operation; rather, the permission object is constructed and passed to the access controller to see if that operation is one which the current security policy has defined as a permissible operation.

Permissions have names (e.g., the name of the file, or the name of the operation) and may optionally have actions (the semantics of which are dependent upon the type of permission). It is up to the implies() method to determine if one permission grants another; this allows you to specify wildcard-type permissions that imply specific permissions (e.g., the permission named "*" may imply the permission named "myfile").

Class Definition

public abstract class java.security.Permission
	extends java.lang.Object
	implements java.security.Guard, java.io.Serializable {

	// Constructors
	public Permission(String);

	// Instance Methods
	public void checkGuard(Object);
	public abstract boolean equals(Object);
	public abstract String getActions();
	public final String getName();
	public abstract int hashCode();
	public abstract boolean isReadOnly();
	public void setReadOnly();
	public PermissionCollection newPermissionCollection();
	public String toString();
}

See also: AccessController, BasicPermission, PermissionCollection, Policy

Class java.security.PermissionCollection

As you might infer, a permission collection is a collection of permission objects. In theory, a permission collection can be a set of arbitrary, unrelated permission objects; however, that usage is best avoided and left to the Permissions class. Hence, a permission collection should be thought of as a collection of one type of permission: a set of file permissions, a set of socket permissions, etc. A permission collection is responsible for determining if an individual permission (passed as a parameter to the implies() method) is contained in the set of permissions in the object; presumably, it will do that more efficiently than by calling the implies() method on each permission in the collection. If you implement a new permission class that has wildcard semantics for its names, then you must implement a corresponding permission collection to aggregate instances of that class (if you don't need wildcard matching, the default implementation of the Permission class will provide an appropriate collection).

Class Definition

public abstract class java.security.PermissionCollection
	extends java.lang.Object
	implements java.io.Serializable {

	// Constructors
	public PermissionCollection();

	// Instance Methods
	public abstract void add(Permission);
	public abstract Enumeration elements();
	public abstract boolean implies(Permission);
	public boolean isReadOnly();
	public void setReadOnly();
	public String toString();
}

See also: Permission, Permissions

Class java.security.Permissions

This class is an aggregate of permission collections. Hence, it is an appropriate collection object for a group of unrelated permission, which is its typical use: the Policy class uses instances of this class to represent all the permissions associated with a particular protection domain.

Class Definition

public final class java.security.Permissions
	extends java.security.PermissionCollection
	implements java.io.Serializable {

	// Constructors
	public Permissions();

	// Instance Methods
	public void add(Permission);
	public Enumeration elements();
	public boolean implies(Permission);
}

See also: Permission, PermissionCollection, Policy

Class java.security.Policy

The Policy class encapsulates all the specific permissions that the virtual machine knows about. This set of permissions is by default read from a series of URLs specified by policy.url properties in the $JDKHOME/lib/security/java.security file, although applications may specify their own policy objects by using the setPolicy() method of this class. Alternately, a different default implementation of the policy class may be specified by changing the policy.provider property in the java.security file.

Class Definition

public abstract class java.security.Policy
	extends java.lang.Object {

	// Constructors
	public Policy();

	// Class Methods
	public static Policy getPolicy();
	public static void setPolicy(Policy);

	// Instance Methods
	public abstract PermissionCollection getPermissions(CodeSource);
	public abstract void refresh();
}

See also: Permission, Permissions

Interface java.security.Principal

A principal is anything that has a name, such as an identity. The name in this case is often an X.500 distinguished name, but that is not a requirement.

Interface Definition

public abstract interface java.security.Principal {

	// Instance Methods
	public abstract boolean equals(Object);
	public abstract String getName();
	public abstract int hashCode();
	public abstract String toString();
}

See also: Identity

Interface java.security.PrivateKey

A private key is a key with certain mathematical properties that allows it to perform inverse cryptographic operations with its matching public key. Classes implement this interface only for type identification.

Interface Definition

public abstract interface java.security.PrivateKey
	implements java.security.Key {
}

See also: Key, PublicKey

Class java.security.ProtectionDomain

A protection domain encapsulates the location from which a class was loaded and the keys used to sign the class (that is, a CodeSource object) and the set of permissions that should be granted to that class. These protection domains are consulted by the access controller to determine if a particular operation should succeed; if the operation is in the set of permissions in each protection domain on the stack, then the operation will succeed. This class is typically only used within a class loader.

Class Definition

public class java.security.ProtectionDomain
	extends java.lang.Object {

	// Constructors
	public ProtectionDomain(CodeSource, PermissionCollection);

	// Instance Methods
	public final CodeSource getCodeSource();
	public final PermissionCollection getPermissions();
	public boolean implies(Permission);
	public String toString();
}

See also: AccessController, CodeSource, Permissions

Class java.security.Provider

An instance of the Provider class is responsible for mapping particular implementations to desired algorithm/engine pairs; instances of this class are consulted (indirectly) by the getInstance() methods of the engine classes to find a class that implements the desired operation. Instances of this class must be registered either with the Security class or by listing them in the $JDKHOME/lib/security/java.security file as a security.provider property.

Class Definition

public abstract class java.security.Provider
	extends java.util.Properties {

	// Constructors
	protected Provider(String, double, String);

	// Instance Methods
	public synchronized void clear();
	public Set entrySet();
	public String getInfo();
	public String getName();
	public double getVersion();
	public Set keySet();
	public synchronized void load(InputStream);
	public synchronized Object put(Object, Object);
	public synchronized void putAll(Map);
	public synchronized Object remove(Object);
	public String toString();
	public Collection values();
}

See also: Security

Interface java.security.PublicKey

A public key is a key with certain mathematical properties that allows it to perform inverse cryptographic operations with its matching private key. Classes implement this interface only for type identification.

Interface Definition

public abstract interface java.security.PublicKey
	implements java.security.Key {
}

See also: Key, PrivateKey

Class java.security.SecureClassLoader

A secure class loader is a class loader that is able to associate code sources (and hence protection domains) with the classes that it loads (classes loaded by a traditional class loader have a default, null protection domain). All new class loaders are expected to extend this class.

Class Definition

public class java.security.SecureClassLoader
	extends java.lang.ClassLoader {

	// Constructors
	protected SecureClassLoader();
	protected SecureClassLoader(ClassLoader);

	// Protected Instance Methods
	protected final Class defineClass(String, byte[], int, int,
							CodeSource);
	protected PermissionCollection getPermissions(CodeSource);
}

See also: ClassLoader, CodeSource, ProtectionDomain

Class java.security.SecureRandom

This class generates random numbers. Unlike the standard random-number generator, numbers generated by this class are cryptographically secure--that is, they are less subject to pattern guessing and other attacks that can be made upon a traditional random-number generator.

Class Definition

public class java.security.SecureRandom
	extends java.util.Random {

	// Constructors
	public SecureRandom();
	public SecureRandom(byte[]);

	// Class Methods
	public static byte[] getSeed(int);

	// Instance Methods
	public synchronized void nextBytes(byte[]);
	public void setSeed(long);
	public synchronized void setSeed(byte[]);

	// Protected Instance Methods
	protected final int next(int);
}
Class java.security.Security

This class manages the list of providers that have been installed into the virtual machine; this list of providers is consulted to find an appropriate class to provide the implementation of a particular operation when the getInstance() method of an engine class is called. The list of providers initially comes from the $JDKHOME/lib/security/java.security file, and applications may use methods of this class to add and remove providers from that list.

Class Definition

public final class java.security.Security
	extends java.lang.Object {

	// Class Methods
	public static int addProvider(Provider);
	public static String getAlgorithmProperty(String, String);
	public static String getProperty(String);
	public static Provider getProvider(String);
	public static Provider[] getProviders();
	public static int insertProviderAt(Provider, int);
	public static void removeProvider(String);
	public static void setProperty(String, String);
}

See also: Provider

Class java.security.SecurityPermission

This class represents permissions to interact with the methods of the java.security package. This permission is a basic permission; it does not support actions. Security permissions are checked by the Identity, Signer, and Provider classes.

Class Definition

public final class java.security.SecurityPermission
	extends java.security.BasicPermission {

	// Constructors
	public SecurityPermission(String);
	public SecurityPermission(String, String);
}

See also: BasicPermission

Class java.security.Signature

This engine class provides the ability to create or verify digital signatures by employing different algorithms that have been registered with the Security class. As with all engine classes, instances of this class are obtained via the getInstance() method. The signature object must be initialized with the appropriate private key (to sign) or public key (to verify), then data must be fed to the object via the update() methods, and then the signature can be obtained (via the sign() method) or verified (via the verify() method). Signature objects may support algorithm-specific parameters, though this is not a common implementation.

Class Definition

public abstract class java.security.Signature
	extends java.security.SignatureSpi {

	// Constants
	protected static final int SIGN;
	protected static final int UNINITIALIZED;
	protected static final int VERIFY;

	// Variables
	protected int state;

	// Constructors
	protected Signature(String);

	// Class Methods
	public static Signature getInstance(String);
	public static Signature getInstance(String, String);

	// Instance Methods
	public Object clone();
	public final String getAlgorithm();
	public final Object getParameter(String);
	public final Provider getProvider();
	public final void initSign(PrivateKey);
	public final void initSign(PrivateKey, SecureRandom);
	public final void initVerify(PublicKey);
	public final void setParameter(String, Object);
	public final void setParameter(AlgorithmParameterSpec);
	public final byte[] sign();
	public final int sign(byte[], int, int);
	public String toString();
	public final void update(byte);
	public final void update(byte[]);
	public final void update(byte[], int, int);
	public final boolean verify(byte[]);
}

See also: Provider

Class java.security.SignatureSpi

This is the Security Provider Interface for the signature engine. If you want to implement your own signature engine, you must extend this class and register your implementation with an appropriate security provider. Since the Signature class already extends this class, your implementation may extend the Signature class directly. Implementations of this class must be prepared both to sign and to verify data that is passed to the engineUpdate() method. Initialization of the engine may optionally support a set of algorithm-specific parameters.

Class Definition

public abstract class java.security.SignatureSpi
	extends java.lang.Object {

	// Variables
	protected SecureRandom appRandom;

	// Constructors
	public SignatureSpi();

	// Instance Methods
	public Object clone();

	// Protected Instance Methods
	protected abstract Object engineGetParameter(String);
	protected abstract void engineInitSign(PrivateKey);
	protected void engineInitSign(PrivateKey, SecureRandom);
	protected abstract void engineInitVerify(PublicKey);
	protected abstract void engineSetParameter(String, Object);
	protected void engineSetParameter(AlgorithmParameterSpec);
	protected abstract byte[] engineSign();
	protected final int engineSign(byte[], int, int);
	protected abstract void engineUpdate(byte);
	protected abstract void engineUpdate(byte[], int, int);
	protected abstract boolean engineVerify(byte[]);
}

See also: Provider, Signature

Class java.security.SignedObject

A signed object is a container class for another (target) object; the signed object contains a serialized version of the target along with a digital signature of the data contained in the target object. You must provide a serializable object and a private key to create a signed object, after which you can remove the embedded object and verify the signature of the signed object by providing the appropriate public key.

Class Definition

public final class java.security.SignedObject
	extends java.lang.Object
	implements java.io.Serializable {

	// Constructors
	public SignedObject(Serializable, PrivateKey, Signature);

	// Instance Methods
	public String getAlgorithm();
	public Object getObject();
	public byte[] getSignature();
	public boolean verify(PublicKey, Signature);
}

See also: Signature

Class java.security.Signer

A signer abstracts the notion of a principal (that is, an individual or a corporation) that has a private key and a corresponding public key. Signers may optionally belong to an identity scope. This class is deprecated in1.2.

Class Definition

public abstract class java.security.Signer
	extends java.security.Identity {

	// Constructors
	protected Signer();
	public Signer(String);
	public Signer(String, IdentityScope);

	// Instance Methods
	public PrivateKey getPrivateKey();
	public final void setKeyPair(KeyPair);
	public String toString();
}

See also: Identity, Principal

`
Class java.security.UnresolvedPermission

An unresolved permission is one for which the implementing class has not been loaded. If you define a custom permission, the Policy class will represent that custom permission as an unresolved permission until it is time for the Policy class to actually load the class; if the class cannot be found, then it will remain an unresolved permission. By default, the implies() method of this class always returns false.

Class Definition

public final class UnresolvedPermission extends Permission
	implements java.io.Serializable {

	// Constructors
	public UnresolvedPermission(String, String, String, Certificate[]);

	// Instance methods
	public boolean equals(Object);
	public int hashCode();
	public boolean implies(Permission);
}

See also: Permission



Library Navigation Links

Copyright © 2001 O'Reilly & Associates. All rights reserved.