The java.security package contains the classes and interfaces that implement the Java security architecture. These classes can be divided into two broad categories. First, there are classes that implement access control and prevent untrusted code from performing sensitive operations. Second, there are authentication classes that implement message digests and digital signatures and can authenticate Java classes and other objects.
The central access control class is AccessController; it uses the currently installed Policy object to decide whether a given class has Permission to access a given system resource. The Permissions and ProtectionDomain classes are also important pieces of the Java access control architecture. Figure 17-1 shows the access control classes of this package.
The key classes for authentication are MessageDigest and Signature; they compute and verify cryptographic message digests and digital signatures. These classes use public-key cryptography techniques and rely on the PublicKey and PrivateKey classes. They also rely on an infrastructure of related classes, such as SecureRandom for producing cryptographic-strength pseudo-random numbers, KeyPairGenerator for generating pairs of public and private keys, and KeyStore for managing a collection of keys and certificates. (This package defines a Certificate interface, but it is deprecated; see the java.security.cert package for the preferred Certificate class.) Figure 17-2 shows the authentication classes of java.security, while Figure 17-3 shows the exceptions.
The CodeSource class unites the authentication classes with the access control classes. It represents the source of a Java class as a URL and a set of java.security.cert.Certificate objects that contain the digital signatures of the code. The AccessController and Policy classes look at the CodeSource of a class when making access control decisions.
All the cryptographic-authentication features of this package are provider-based, which means they are implemented by security provider modules that can be plugged easily into any Java 1.2 (or later) installation. Thus, in addition to defining a security API, this package also defines a service provider interface (SPI). Various classes with names that end in "Spi" are part of this SPI. Security provider implementations must subclass these Spi classes, but applications never need to use them. Each security provider is represented by a Provider class, and the Security class allows new providers to be dynamically installed.
The java.security package contains several useful utility classes. For example, DigestInputStream and DigestOutputStream make it easy to compute message digests. GuardedObject provides customizable access control for an individual object. SignedObject protects the integrity of an arbitrary Java object by attaching a digital signature, making it easy to detect any tampering with the object. Although the java.security package contains cryptographic classes for authentication, it does not contain classes for encryption or decryption. U.S. export control laws prevent Sun from including encryption and decryption functionality in the core Java platform. Instead, this functionality is part of the Java Cryptography Extension, or JCE. The JCE builds upon the cryptographic infrastructure of java.security; see Chapter 26, "The javax.crypto Package".
| AccessControlContext | Java 1.2 | |
|
||
| java.security | ||
This class encapsulates the state of a call stack. The checkPermission() method can make access-control decisions based on the saved state of the call stack. Access-control checks are usually performed by the AccessController.checkPermission() method, which checks that the current call stack has the required permissions. Sometimes, however, it is necessary to make access-control decisions based on a previous state of the call stack. Call AccessController.getContext() to create an AccessControlContext for a particular call stack. In Java 1.3, this class has constructors that specify a custom context in the form of an array of ProtectionDomain objects and that associate a DomainCombiner object with an existing AccessControlContext. This class is used only by system-level code; typical applications rarely need to use it.
| public final class AccessControlContext { | ||
| // | Public Constructors | |
| public AccessControlContext (ProtectionDomain[ ] context); | ||
| 1.3 | public AccessControlContext (AccessControlContext acc, DomainCombiner combiner); | |
| // | Public Instance Methods | |
| public void checkPermission (java.security.Permission perm) throws AccessControlException; | ||
| 1.3 | public DomainCombiner getDomainCombiner (); | |
| // | Public Methods Overriding Object | |
| public boolean equals (Object obj); | ||
| public int hashCode (); | ||
| } | ||
Passed To: AccessControlContext.AccessControlContext(), AccessController.doPrivileged()
Returned By: AccessController.getContext()
| AccessControlException | Java 1.2 | |
|
||
| java.security | serializable unchecked | |
Thrown by AccessController to signal that an access request has been denied. getPermission() returns the Permission object, if any, that was involved in the denied request.
| public class AccessControlException extends SecurityException { | ||
| // | Public Constructors | |
| public AccessControlException (String s); | ||
| public AccessControlException (String s, java.security.Permission p); | ||
| // | Public Instance Methods | |
| public java.security.Permission getPermission (); | ||
| } | ||
Hierarchy: Object-->Throwable(Serializable)-->Exception-->RuntimeException-->SecurityException-->AccessControlException
Thrown By: AccessControlContext.checkPermission(), AccessController.checkPermission()
| AccessController | Java 1.2 | |
|
||
| java.security | ||
The static methods of this class implement the default access-control mechanism as of Java 1.2. checkPermission() traverses the call stack of the current thread and checks whether all classes in the call stack have the requested permission. If so, checkPermission() returns, and the operation can proceed. If not, checkPermission() throws an AccessControlException. As of Java 1.2, the checkPermission() method of the default java.lang.SecurityManager calls AccessController.checkPermission(). System-level code that needs to perform an access check should invoke the SecurityManager method rather than calling the AccessController method directly. Unless you are writing system-level code that must control access to system resources, you never need to use this class or the SecurityManager.checkPermission() method.
The various doPrivileged() methods run blocks of privileged code encapsulated in a PrivilegedAction or PrivilegedExceptionAction object. When checkPermission() is traversing the call stack of a thread, it stops if it reaches a privileged block that was executed with doPrivileged(). This means that privileged code can run with a full set of privileges, even if it was invoked by untrusted or lower-privileged code. See PrivilegedAction for more details.
The getContext() method returns an AccessControlContext that represents the current security context of the caller. Such a context might be saved and passed to a future call (perhaps a call made from a different thread). Use the two-argument version of doPrivileged() to force permission checks to check the AccessControlContext as well.
| public final class AccessController { | ||
| // | No Constructor | |
| // | Public Class Methods | |
| public static void checkPermission (java.security.Permission perm) throws AccessControlException; | ||
| public static Object doPrivileged (PrivilegedExceptionAction action) throws PrivilegedActionException; | native | |
| public static Object doPrivileged (PrivilegedAction action); | native | |
| public static Object doPrivileged (PrivilegedExceptionAction action, AccessControlContext context) throws PrivilegedActionException; | native | |
| public static Object doPrivileged (PrivilegedAction action, AccessControlContext context); | native | |
| public static AccessControlContext getContext (); | ||
| } | ||
| AlgorithmParameterGenerator | Java 1.2 | |
|
||
| java.security | ||
This class defines a generic API for generating parameters for a cryptographic algorithm, typically a Signature or a javax.crypto.Cipher. Create an AlgorithmParameterGenerator by calling one of the static getInstance() factory methods and specifying the name of the algorithm and, optionally, the name of the desired provider. The default "SUN" provider supports the "DSA" algorithm. The "SunJCE" provider shipped with the JCE supports "DiffieHellman". Once you have obtained a generator, initialize it by calling the init() method and specifying an algorithm-independent parameter size (in bits) or an algorithm-dependent AlgorithmParameterSpec object. You may also specify a SecureRandom source of randomness when you call init(). Once you have created and initialized the AlgorithmParameterGenerator, call generateParameters() to generate an AlgorithmParameters object.
| public class AlgorithmParameterGenerator { | ||
| // | Protected Constructors | |
| protected AlgorithmParameterGenerator (AlgorithmParameterGeneratorSpi paramGenSpi, Provider provider, String algorithm); | ||
| // | Public Class Methods | |
| public static AlgorithmParameterGenerator getInstance (String algorithm) throws NoSuchAlgorithmException; | ||
| public static AlgorithmParameterGenerator getInstance (String algorithm, String provider) throws NoSuchAlgorithmExceptionNoSuchProviderException; | ||
| // | Public Instance Methods | |
| public final AlgorithmParameters generateParameters (); | ||
| public final String getAlgorithm (); | ||
| public final Provider getProvider (); | ||
| public final void init (java.security.spec.AlgorithmParameterSpec genParamSpec) throws InvalidAlgorithmParameterException; | ||
| public final void init (int size); | ||
| public final void init (java.security.spec.AlgorithmParameterSpec genParamSpec, SecureRandom random) throws InvalidAlgorithmParameterException; | ||
| public final void init (int size, SecureRandom random); | ||
| } | ||
Returned By: AlgorithmParameterGenerator.getInstance()
| AlgorithmParameterGeneratorSpi | Java 1.2 | |
|
||
| java.security | ||
This abstract class defines the service-provider interface for algorithm-parameter generation. A security provider must implement a concrete subclass of this class for each algorithm it supports. Applications never need to use or subclass this class.
| public abstract class AlgorithmParameterGeneratorSpi { | ||
| // | Public Constructors | |
| public AlgorithmParameterGeneratorSpi (); | ||
| // | Protected Instance Methods | |
| protected abstract AlgorithmParameters engineGenerateParameters (); | ||
| protected abstract void engineInit (java.security.spec.AlgorithmParameterSpec genParamSpec, SecureRandom random) throws InvalidAlgorithmParameterException; | ||
| protected abstract void engineInit (int size, SecureRandom random); | ||
| } | ||
Passed To: AlgorithmParameterGenerator.AlgorithmParameterGenerator()
| AlgorithmParameters | Java 1.2 | |
|
||
| java.security | ||
This class is a generic, opaque representation of the parameters used by some cryptographic algorithm. You can create an instance of the class with one of the static getInstance() factory methods, specifying the desired algorithm and, optionally, the desired provider. The default "SUN" provider supports the "DSA" algorithm. The "SunJCE" provider shipped with the JCE supports "DES", "DESede", "PBE", "Blowfish", and "DiffieHellman". Once you have obtained an AlgorithmParameters object, initialize it by passing an algorithm-specific java.security.spec.AlgorithmParameterSpec object or the encoded parameter values as a byte array to the init() method. You can also create an AlgorithmParameters object with an AlgorithmParameterGenerator. getEncoded() returns the initialized algorithm parameters as a byte array, using either the algorithm-specific default encoding or the named encoding format you specified.
| public class AlgorithmParameters { | ||
| // | Protected Constructors | |
| protected AlgorithmParameters (AlgorithmParametersSpi paramSpi, Provider provider, String algorithm); | ||
| // | Public Class Methods | |
| public static AlgorithmParameters getInstance (String algorithm) throws NoSuchAlgorithmException; | ||
| public static AlgorithmParameters getInstance (String algorithm, String provider) throws NoSuchAlgorithmExceptionNoSuchProviderException; | ||
| // | Public Instance Methods | |
| public final String getAlgorithm (); | ||
| public final byte[ ] getEncoded () throws java.io.IOException; | ||
| public final byte[ ] getEncoded (String format) throws java.io.IOException; | ||
| public final java.security.spec.AlgorithmParameterSpec getParameterSpec (Class paramSpec) throws java.security.spec.InvalidParameterSpecException; | ||
| public final Provider getProvider (); | ||
| public final void init (java.security.spec.AlgorithmParameterSpec paramSpec) throws java.security.spec.InvalidParameterSpecException; | ||
| public final void init (byte[ ] params) throws java.io.IOException; | ||
| public final void init (byte[ ] params, String format) throws java.io.IOException; | ||
| // | Public Methods Overriding Object | |
| public final String toString (); | ||
| } | ||
Passed To: javax.crypto.Cipher.init(), javax.crypto.CipherSpi.engineInit()
Returned By: AlgorithmParameterGenerator.generateParameters(), AlgorithmParameterGeneratorSpi.engineGenerateParameters(), AlgorithmParameters.getInstance(), javax.crypto.Cipher.getParameters(), javax.crypto.CipherSpi.engineGetParameters()
| AlgorithmParametersSpi | Java 1.2 | |
|
||
| java.security | ||
This abstract class defines the service-provider interface for AlgorithmParameters. A security provider must implement a concrete subclass of this class for each cryptographic algorithm it supports. Applications never need to use or subclass this class.
| public abstract class AlgorithmParametersSpi { | ||
| // | Public Constructors | |
| public AlgorithmParametersSpi (); | ||
| // | Protected Instance Methods | |
| protected abstract byte[ ] engineGetEncoded () throws java.io.IOException; | ||
| protected abstract byte[ ] engineGetEncoded (String format) throws java.io.IOException; | ||
| protected abstract java.security.spec.AlgorithmParameterSpec engineGetParameterSpec (Class paramSpec) throws java.security.spec.InvalidParameterSpecException; | ||
| protected abstract void engineInit (java.security.spec.AlgorithmParameterSpec paramSpec) throws java.security.spec.InvalidParameterSpecException; | ||
| protected abstract void engineInit (byte[ ] params) throws java.io.IOException; | ||
| protected abstract void engineInit (byte[ ] params, String format) throws java.io.IOException; | ||
| protected abstract String engineToString (); | ||
| } | ||
Passed To: AlgorithmParameters.AlgorithmParameters()
| AllPermission | Java 1.2 | |
|
||
| java.security | serializable permission | |
This class is a Permission subclass whose implies() method always returns true. This means that code that has been granted AllPermission is granted all other possible permissions. This class exists to provide a convenient way to grant all permissions to completely trusted code. It should be used with care. Applications typically do not need to work directly with Permission objects.
| public final class AllPermission extends java.security.Permission { | ||
| // | Public Constructors | |
| public AllPermission (); | ||
| public AllPermission (String name, String actions); | ||
| // | Public Methods Overriding Permission | |
| public boolean equals (Object obj); | ||
| public String getActions (); | default:"<all actions>" | |
| public int hashCode (); | constant | |
| public boolean implies (java.security.Permission p); | constant | |
| public PermissionCollection newPermissionCollection (); | ||
| } | ||
Hierarchy: Object-->java.security.Permission(Guard,Serializable)-->AllPermission
| BasicPermission | Java 1.2 | |
|
||
| java.security | serializable permission | |
This Permission class is the abstract superclass for a number of simple permission types. BasicPermission is typically subclassed to implement named permissions that have a name, or target, string, but do not support actions. The implies() method of BasicPermission defines a simple wildcarding capability. The target "*" implies permission for any target. The target "x.*" implies permission for any target that begins with "x.". Applications typically do not need to work directly with Permission objects.
| public abstract class BasicPermission extends java.security.Permission implements Serializable { | ||
| // | Public Constructors | |
| public BasicPermission (String name); | ||
| public BasicPermission (String name, String actions); | ||
| // | Public Methods Overriding Permission | |
| public boolean equals (Object obj); | ||
| public String getActions (); | ||
| public int hashCode (); | ||
| public boolean implies (java.security.Permission p); | ||
| public PermissionCollection newPermissionCollection (); | ||
| } | ||
Hierarchy: Object-->java.security.Permission(Guard,Serializable)-->BasicPermission(Serializable)
Subclasses: java.awt.AWTPermission, java.io.SerializablePermission, RuntimePermission, java.lang.reflect.ReflectPermission, java.net.NetPermission, SecurityPermission, java.sql.SQLPermission, java.util.PropertyPermission
| Certificate | Java 1.1; Deprecated in Java 1.2 | |
|
||
| java.security | PJ1.1(opt) | |
This interface was used in Java 1.1 to represent an identity certificate. It has been deprecated as of Java 1.2 in favor of the java.security.cert package (see Chapter 19, The java.security.cert Package.) See also java.security.cert.Certificate.
| public interface Certificate { | ||
| // | Public Instance Methods | |
| public abstract void decode (java.io.InputStream stream) throws KeyExceptionjava.io.IOException; | ||
| public abstract void encode (java.io.OutputStream stream) throws KeyExceptionjava.io.IOException; | ||
| public abstract String getFormat (); | ||
| public abstract java.security.Principal getGuarantor (); | ||
| public abstract java.security.Principal getPrincipal (); | ||
| public abstract PublicKey getPublicKey (); | ||
| public abstract String toString (boolean detailed); | ||
| } | ||
Passed To: Identity.{addCertificate(), removeCertificate()}
Returned By: Identity.certificates()
| CodeSource | Java 1.2 | |
|
||
| java.security | serializable | |
This class represents the source of a Java class, as defined by the URL from which the class was loaded and the set of digital signatures attached to the class. A CodeSource object is created by specifying a java.net.URL and an array of java.security.cert.Certificate objects. Only applications that create custom ClassLoader objects should ever need to use or subclass this class.
When a CodeSource represents a specific piece of Java code, it includes a fully qualified URL and the actual set of certificates used to sign the code. When a CodeSource object defines a ProtectionDomain, however, the URL may include wildcards, and the array of certificates is a minimum required set of signatures. The implies() method of such a CodeSource tests whether a particular Java class comes from a matching URL and has the required set of signatures.
| public class CodeSource implements Serializable { | ||
| // | Public Constructors | |
| public CodeSource (java.net.URL url, java.security.cert.Certificate[ ] certs); | ||
| // | Public Instance Methods | |
| public final java.security.cert.Certificate[ ] getCertificates (); | ||
| public final java.net.URL getLocation (); | ||
| public boolean implies (CodeSource codesource); | ||
| // | Public Methods Overriding Object | |
| public boolean equals (Object obj); | ||
| public int hashCode (); | ||
| public String toString (); | ||
| } | ||
Hierarchy: Object-->CodeSource(Serializable)
Passed To: java.net.URLClassLoader.getPermissions(), CodeSource.implies(), java.security.Policy.getPermissions(), ProtectionDomain.ProtectionDomain(), SecureClassLoader.{defineClass(), getPermissions()}
Returned By: ProtectionDomain.getCodeSource()
| DigestException | Java 1.1 | |
|
||
| java.security | serializable checked PJ1.1(opt) | |
Signals a problem creating a message digest.
| public class DigestException extends GeneralSecurityException { | ||
| // | Public Constructors | |
| public DigestException (); | ||
| public DigestException (String msg); | ||
| } | ||
Hierarchy: Object-->Throwable(Serializable)-->Exception-->GeneralSecurityException-->DigestException
Thrown By: MessageDigest.digest(), MessageDigestSpi.engineDigest()
| DigestInputStream | Java 1.1 | |
|
||
| java.security | PJ1.1(opt) | |
This class is a byte input stream with an associated MessageDigest object. When bytes are read with any of the read() methods, those bytes are automatically passed to the update() method of the MessageDigest. When you have finished reading bytes, you can call the digest() method of the MessageDigest to obtain a message digest. If you want to compute a digest just for some of the bytes read from the stream, use on() to turn the digesting function on and off. Digesting is on by default; call on(false) to turn it off. See also DigestOutputStream and MessageDigest.
| public class DigestInputStream extends java.io.FilterInputStream { | ||
| // | Public Constructors | |
| public DigestInputStream (java.io.InputStream stream, MessageDigest digest); | ||
| // | Public Instance Methods | |
| public MessageDigest getMessageDigest (); | ||
| public void on (boolean on); | ||
| public void setMessageDigest (MessageDigest digest); | ||
| // | Public Methods Overriding FilterInputStream | |
| public int read () throws java.io.IOException; | ||
| public int read (byte[ ] b, int off, int len) throws java.io.IOException; | ||
| // | Public Methods Overriding Object | |
| public String toString (); | ||
| // | Protected Instance Fields | |
| protected MessageDigest digest ; | ||
| } | ||
Hierarchy: Object-->java.io.InputStream-->java.io.FilterInputStream-->DigestInputStream
| DigestOutputStream | Java 1.1 | |
|
||
| java.security | PJ1.1(opt) | |
This class is a byte output stream with an associated MessageDigest object. When bytes are written to the stream with any of the write() methods, those bytes are automatically passed to the update() method of the MessageDigest. When you have finished writing bytes, you can call the digest() method of the MessageDigest to obtain a message digest. If you want to compute a digest just for some of the bytes written to the stream, use on() to turn the digesting function on and off. Digesting is on by default; call on(false) to turn it off. See also DigestInputStream and MessageDigest.
| public class DigestOutputStream extends java.io.FilterOutputStream { | ||
| // | Public Constructors | |
| public DigestOutputStream (java.io.OutputStream stream, MessageDigest digest); | ||
| // | Public Instance Methods | |
| public MessageDigest getMessageDigest (); | ||
| public void on (boolean on); | ||
| public void setMessageDigest (MessageDigest digest); | ||
| // | Public Methods Overriding FilterOutputStream | |
| public void write (int b) throws java.io.IOException; | ||
| public void write (byte[ ] b, int off, int len) throws java.io.IOException; | ||
| // | Public Methods Overriding Object | |
| public String toString (); | ||
| // | Protected Instance Fields | |
| protected MessageDigest digest ; | ||
| } | ||
Hierarchy: Object-->java.io.OutputStream-->java.io.FilterOutputStream-->DigestOutputStream
| DomainCombiner | Java 1.3 Beta | |
|
||
| java.security | ||
This interface defines a single combine() method that combines two arrays of ProtectionDomain objects into a single equivalent (and perhaps optimized) array. You can associate a DomainCombiner with an existing AccessControlContext by calling the two-argument AccessControlContext() constructor. Then, when the checkPermission() method of the AccessControlContext is called or when the AccessControlContext is passed to a doPrivileged() method of AccessController, the specified DomainCombiner merges the protection domains of the current stack frame with the protection domains encapsulated in the AccessControlContext. This class is used only by system-level code; typical applications rarely need to use it.
| public interface DomainCombiner { | ||
| // | Public Instance Methods | |
| public abstract ProtectionDomain[ ] combine (ProtectionDomain[ ] currentDomains, ProtectionDomain[ ] assignedDomains); | ||
| } | ||
Passed To: AccessControlContext.AccessControlContext()
Returned By: AccessControlContext.getDomainCombiner()
| GeneralSecurityException | Java 1.2 | |
|
||
| java.security | serializable checked | |
This class is the superclass of most of the exceptions defined by the java.security package.
| public class GeneralSecurityException extends Exception { | ||
| // | Public Constructors | |
| public GeneralSecurityException (); | ||
| public GeneralSecurityException (String msg); | ||
| } | ||
Hierarchy: Object-->Throwable(Serializable)-->Exception-->GeneralSecurityException
Subclasses: DigestException, InvalidAlgorithmParameterException, KeyException, KeyStoreException, NoSuchAlgorithmException, NoSuchProviderException, SignatureException, UnrecoverableKeyException, java.security.cert.CertificateException, java.security.cert.CRLException, java.security.spec.InvalidKeySpecException, java.security.spec.InvalidParameterSpecException, javax.crypto.BadPaddingException, javax.crypto.IllegalBlockSizeException, javax.crypto.NoSuchPaddingException, javax.crypto.ShortBufferException
| Guard | Java 1.2 | |
|
||
| java.security | ||
This interface guards access to an object. The checkGuard() method is passed an object to which access has been requested. If access should be granted, checkGuard() should return silently. Otherwise, if access is denied, checkGuard() should throw a java.lang.SecurityException. The Guard object is used primarily by the GuardedObject class. Note that all Permission objects implement the Guard interface.
| public interface Guard { | ||
| // | Public Instance Methods | |
| public abstract void checkGuard (Object object) throws SecurityException; | ||
| } | ||
Implementations: java.security.Permission
Passed To: GuardedObject.GuardedObject()
| GuardedObject | Java 1.2 | |
|
||
| java.security | serializable | |
This class uses a Guard object to guard against unauthorized access to an arbitrary encapsulated object. Create a GuardedObject by specifying an object and a Guard for it. The getObject() method calls the checkGuard() method of the Guard to determine whether access to the object should be allowed. If access is allowed, getObject() returns the encapsulated object. Otherwise, it throws a java.lang.SecurityException.
The Guard object used by a GuardedObject is often a Permission. In this case, access to the guarded object is granted only if the calling code is granted the specified permission by the current security policy.
| public class GuardedObject implements Serializable { | ||
| // | Public Constructors | |
| public GuardedObject (Object object, Guard guard); | ||
| // | Public Instance Methods | |
| public Object getObject () throws SecurityException; | ||
| } | ||
Hierarchy: Object-->GuardedObject(Serializable)
| Identity | Java 1.1; Deprecated in Java 1.2 | |
|
||
| java.security | serializable PJ1.1(opt) | |
This deprecated class was used in Java 1.1 to represent an entity or Principal with an associated PublicKey object. In Java 1.1, the public key for a named entity could be retrieved from the system keystore with a line like the following:
IdentityScope.getSystemScope().getIdentity(name).getPublicKey()
As of Java 1.2, the Identity class and the related IdentityScope and Signer classes have been deprecated in favor of KeyStore and java.security.cert.Certificate.
| public abstract class Identity implements java.security.PrincipalSerializable { | ||
| // | Public Constructors | |
| public Identity (String name); | ||
| public Identity (String name, IdentityScope scope) throws KeyManagementException; | ||
| // | Protected Constructors | |
| protected Identity (); | ||
| // | Property Accessor Methods (by property name) | |
| public String getInfo (); | ||
| public void setInfo (String info); | ||
| public final String getName (); | Implements:Principal | |
| public PublicKey getPublicKey (); | ||
| public void setPublicKey (PublicKey key) throws KeyManagementException; | ||
| public final IdentityScope getScope (); | ||
| // | Public Instance Methods | |
| public void addCertificate (java.security.Certificate certificate) throws KeyManagementException; | ||
| public java.security.Certificate[ ] certificates (); | ||
| public void removeCertificate (java.security.Certificate certificate) throws KeyManagementException; | ||
| public String toString (boolean detailed); | ||
| // | Methods Implementing Principal | |
| public final boolean equals (Object identity); | ||
| public final String getName (); | ||
| public int hashCode (); | ||
| public String toString (); | ||
| // | Protected Instance Methods | |
| protected boolean identityEquals (Identity identity); | ||
| } | ||
Hierarchy: Object-->Identity(java.security.Principal,Serializable)
Subclasses: IdentityScope, Signer
Passed To: Identity.identityEquals(), IdentityScope.{addIdentity(), removeIdentity()}, javax.ejb.EJBContext.isCallerInRole(), javax.ejb.deployment.AccessControlEntry.{AccessControlEntry(), setAllowedIdentities()}, javax.ejb.deployment.ControlDescriptor.setRunAsIdentity()
Returned By: IdentityScope.getIdentity(), javax.ejb.EJBContext.getCallerIdentity(), javax.ejb.deployment.AccessControlEntry.getAllowedIdentities(), javax.ejb.deployment.ControlDescriptor.getRunAsIdentity()
| IdentityScope | Java 1.1; Deprecated in Java 1.2 | |
|
||
| java.security | serializable PJ1.1(opt) | |
This deprecated class was used in Java 1.1 to represent a group of Identity and Signer objects and their associated PublicKey and PrivateKey objects. As of Java 1.2, it has been replaced by the KeyStore class.
| public abstract class IdentityScope extends Identity { | ||
| // | Public Constructors | |
| public IdentityScope (String name); | ||
| public IdentityScope (String name, IdentityScope scope) throws KeyManagementException; | ||
| // | Protected Constructors | |
| protected IdentityScope (); | ||
| // | Public Class Methods | |
| public static IdentityScope getSystemScope (); | ||
| // | Protected Class Methods | |
| protected static void setSystemScope (IdentityScope scope); | ||
| // | Public Instance Methods | |
| public abstract void addIdentity (Identity identity) throws KeyManagementException; | ||
| public abstract Identity getIdentity (String name); | ||
| public Identity getIdentity (java.security.Principal principal); | ||
| public abstract Identity getIdentity (PublicKey key); | ||
| public abstract java.util.Enumeration identities (); | ||
| public abstract void removeIdentity (Identity identity) throws KeyManagementException; | ||
| public abstract int size (); | ||
| // | Public Methods Overriding Identity | |
| public String toString (); | ||
| } | ||
Hierarchy: Object-->Identity(java.security.Principal,Serializable)-->IdentityScope
Passed To: Identity.Identity(), IdentityScope.{IdentityScope(), setSystemScope()}, Signer.Signer()
Returned By: Identity.getScope(), IdentityScope.getSystemScope()
| InvalidAlgorithmParameterException | Java 1.2 | |
|
||
| java.security | serializable checked | |
Signals that one or more algorithm parameters (usually specified by a java.security.spec.AlgorithmParameterSpec object) are not valid.
| public class InvalidAlgorithmParameterException extends GeneralSecurityException { | ||
| // | Public Constructors | |
| public InvalidAlgorithmParameterException (); | ||
| public InvalidAlgorithmParameterException (String msg); | ||
| } | ||
Hierarchy: Object-->Throwable(Serializable)-->Exception-->GeneralSecurityException-->InvalidAlgorithmParameterException
Thrown By: Too many methods to list.
| InvalidKeyException | Java 1.1 | |
|
||
| java.security | serializable checked PJ1.1(opt) | |
Signals that a Key is not valid.
| public class InvalidKeyException extends KeyException { | ||
| // | Public Constructors | |
| public InvalidKeyException (); | ||
| public InvalidKeyException (String msg); | ||
| } | ||
Hierarchy: Object-->Throwable(Serializable)-->Exception-->GeneralSecurityException-->KeyException-->InvalidKeyException
Thrown By: Too many methods to list.
| InvalidParameterException | Java 1.1 | |
|
||
| java.security | serializable unchecked PJ1.1(opt) | |
This subclass of java.lang.IllegalArgumentException signals that a parameter passed to a security method is not valid. This exception type is not widely used.
| public class InvalidParameterException extends IllegalArgumentException { | ||
| // | Public Constructors | |
| public InvalidParameterException (); | ||
| public InvalidParameterException (String msg); | ||
| } | ||
Hierarchy: Object-->Throwable(Serializable)-->Exception-->RuntimeException-->IllegalArgumentException-->InvalidParameterException
Thrown By: Signature.{getParameter(), setParameter()}, SignatureSpi.{engineGetParameter(), engineSetParameter()}, Signer.setKeyPair(), java.security.interfaces.DSAKeyPairGenerator.initialize()
| Key | Java 1.1 | |
|
||
| java.security | serializable PJ1.1(opt) | |
This interface defines the high-level characteristics of all cryptographic keys. getAlgorithm() returns the name of the cryptographic algorithm (such as RSA) used with the key. getFormat() return the name of the external encoding (such as X.509) used with the key. getEncoded() returns the key as an array of bytes, encoded using the format specified by getFormat().
| public interface Key extends Serializable { | ||
| // | Public Constants | |
| 1.2 | public static final long serialVersionUID ; | =6603384152749567654 |
| // | Public Instance Methods | |
| public abstract String getAlgorithm (); | ||
| public abstract byte[ ] getEncoded (); | ||
| public abstract String getFormat (); | ||
| } | ||
Hierarchy: (Key(Serializable))
Implementations: PrivateKey, PublicKey, javax.crypto.SecretKey
Passed To: Too many methods to list.
Returned By: KeyFactory.translateKey(), KeyFactorySpi.engineTranslateKey(), KeyStore.getKey(), KeyStoreSpi.engineGetKey(), javax.crypto.KeyAgreement.doPhase(), javax.crypto.KeyAgreementSpi.engineDoPhase()
| KeyException | Java 1.1 | |
|
||
| java.security | serializable checked PJ1.1(opt) | |
Signals that something is wrong with a key. See also the subclasses InvalidKeyException and KeyManagementException.
| public class KeyException extends GeneralSecurityException { | ||
| // | Public Constructors | |
| public KeyException (); | ||
| public KeyException (String msg); | ||
| } | ||
Hierarchy: Object-->Throwable(Serializable)-->Exception-->GeneralSecurityException-->KeyException
Subclasses: InvalidKeyException, KeyManagementException
Thrown By: java.security.Certificate.{decode(), encode()}, Signer.setKeyPair()
| KeyFactory | Java 1.2 | |
|
||
| java.security | ||
This class translates asymmetric cryptographic keys between the two representations used by the Java Security API. java.security.Key is the opaque, algorithm-independent representation of a key used by most of the Security API. java.security.spec.KeySpec is a marker interface implemented by transparent, algorithm-specific representations of keys. KeyFactory is used with public and private keys; see javax.crypto.SecretKeyFactory if you are working with symmetric or secret keys.
To convert a Key to a KeySpec or vice versa, create a KeyFactory by calling one of the static getInstance() factory methods and specifying the name of the key algorithm (e.g., DSA or RSA). Then, use generatePublic() or generatePrivate() to create a PublicKey or PrivateKey object from a corresponding KeySpec. Or use getKeySpec() to obtain a KeySpec for a given Key. Because there can be more than one KeySpec implementation used by a particular cryptographic algorithm, you must also specify the Class of the KeySpec you desire.
If you do not need to transport keys portably between applications and/or systems, you can use a KeyStore to store and retrieve keys and certificates, avoiding KeySpec and KeyFactory altogether.
| public class KeyFactory { | ||
| // | Protected Constructors | |
| protected KeyFactory (KeyFactorySpi keyFacSpi, Provider provider, String algorithm); | ||
| // | Public Class Methods | |
| public static KeyFactory getInstance (String algorithm) throws NoSuchAlgorithmException; | ||
| public static KeyFactory getInstance (String algorithm, String provider) throws NoSuchAlgorithmExceptionNoSuchProviderException; | ||
| // | Public Instance Methods | |
| public final PrivateKey generatePrivate (java.security.spec.KeySpec keySpec) throws java.security.spec.InvalidKeySpecException; | ||
| public final PublicKey generatePublic (java.security.spec.KeySpec keySpec) throws java.security.spec.InvalidKeySpecException; | ||
| public final String getAlgorithm (); | ||
| public final java.security.spec.KeySpec getKeySpec (Key key, Class keySpec) throws java.security.spec.InvalidKeySpecException; | ||
| public final Provider getProvider (); | ||
| public final Key translateKey (Key key) throws InvalidKeyException; | ||
| } | ||
Returned By: KeyFactory.getInstance()
| KeyFactorySpi | Java 1.2 | |
|
||
| java.security | ||
This abstract class defines the service-provider interface for KeyFactory. A security provider must implement a concrete subclass of this class for each cryptographic algorithm it supports. Applications never need to use or subclass this class.
| public abstract class KeyFactorySpi { | ||
| // | Public Constructors | |
| public KeyFactorySpi (); | ||
| // | Protected Instance Methods | |
| protected abstract PrivateKey engineGeneratePrivate (java.security.spec.KeySpec keySpec) throws java.security.spec.InvalidKeySpecException; | ||
| protected abstract PublicKey engineGeneratePublic (java.security.spec.KeySpec keySpec) throws java.security.spec.InvalidKeySpecException; | ||
| protected abstract java.security.spec.KeySpec engineGetKeySpec (Key key, Class keySpec) throws java.security.spec.InvalidKeySpecException; | ||
| protected abstract Key engineTranslateKey (Key key) throws InvalidKeyException; | ||
| } | ||
Passed To: KeyFactory.KeyFactory()
| KeyManagementException | Java 1.1 | |
|
||
| java.security | serializable checked PJ1.1(opt) | |
Signals an exception in a key management operation. In Java 1.2, this exception is only thrown by deprecated methods.
| public class KeyManagementException extends KeyException { | ||
| // | Public Constructors | |
| public KeyManagementException (); | ||
| public KeyManagementException (String msg); | ||
| } | ||
Hierarchy: Object-->Throwable(Serializable)-->Exception-->GeneralSecurityException-->KeyException-->KeyManagementException
Thrown By: Identity.{addCertificate(), Identity(), removeCertificate(), setPublicKey()}, IdentityScope.{addIdentity(), IdentityScope(), removeIdentity()}, Signer.Signer()
| KeyPair | Java 1.1 | |
|
||
| java.security | serializable PJ1.1(opt) | |
This class is a simple container for a PublicKey and a PrivateKey object. Because a KeyPair contains an unprotected private key, it must be used with as much caution as a PrivateKey object.
| public final class KeyPair implements Serializable { | ||
| // | Public Constructors | |
| public KeyPair (PublicKey publicKey, PrivateKey privateKey); | ||
| // | Public Instance Methods | |
| public PrivateKey getPrivate (); | ||
| public PublicKey getPublic (); | ||
| } | ||
Hierarchy: Object-->KeyPair(Serializable)
Passed To: Signer.setKeyPair()
Returned By: KeyPairGenerator.{generateKeyPair(), genKeyPair()}, KeyPairGeneratorSpi.generateKeyPair()
| KeyPairGenerator | Java 1.1 | |
|
||
| java.security | PJ1.1(opt) | |
This class generates a public/private key pair for a specified cryptographic algorithm. To create a KeyPairGenerator, call one of the static getInstance() methods, specifying the name of the algorithm and, optionally, the name of the security provider to use. The default "SUN" provider shipped with Java 1.2 supports only the "DSA" algorithm. The "SunJCE" provider of the Java Cryptography Extension (JCE) additionally supports the "DiffieHellman" algorithm.
Once you have created a KeyPairGenerator, initialize it by calling initialize(). You can perform an algorithm-independent initialization by simply specifying the desired key size in bits. Alternatively, you can do an algorithm-dependent initialization by providing an appropriate AlgorithmParameterSpec object for the key-generation algorithm. In either case, you may optionally provide your own source of randomness in the guise of a SecureRandom object. Once you have created and initialized a KeyPairGenerator, call genKeyPair() to create a KeyPair object. Remember that the KeyPair contains a PrivateKey that must be kept private.
For historical reasons, KeyPairGenerator extends KeyPairGeneratorSpi. Applications should not use any methods inherited from that class.
| public abstract class KeyPairGenerator extends KeyPairGeneratorSpi { | ||
| // | Protected Constructors | |
| protected KeyPairGenerator (String algorithm); | ||
| // | Public Class Methods | |
| public static KeyPairGenerator getInstance (String algorithm) throws NoSuchAlgorithmException; | ||
| public static KeyPairGenerator getInstance (String algorithm, String provider) throws NoSuchAlgorithmExceptionNoSuchProviderException; | ||
| // | Public Instance Methods | |
| 1.2 | public final KeyPair genKeyPair (); | |
| public String getAlgorithm (); | ||
| 1.2 | public final Provider getProvider (); | |
| 1.2 | public void initialize (java.security.spec.AlgorithmParameterSpec params) throws InvalidAlgorithmParameterException; | |
| public void initialize (int keysize); | ||
| // | Public Methods Overriding KeyPairGeneratorSpi | |
| public KeyPair generateKeyPair (); | constant | |
| 1.2 | public void initialize (java.security.spec.AlgorithmParameterSpec params, SecureRandom random) throws InvalidAlgorithmParameterException; | empty |
| public void initialize (int keysize, SecureRandom random); | empty | |
| } | ||
Hierarchy: Object-->KeyPairGeneratorSpi-->KeyPairGenerator
Returned By: KeyPairGenerator.getInstance()
| KeyPairGeneratorSpi | Java 1.2 | |
|
||
| java.security | ||
This abstract class defines the service-provider interface for KeyPairGenerator. A security provider must implement a concrete subclass of this class for each cryptographic algorithm for which it can generate key pairs. Applications never need to use or subclass this class.
| public abstract class KeyPairGeneratorSpi { | ||
| // | Public Constructors | |
| public KeyPairGeneratorSpi (); | ||
| // | Public Instance Methods | |
| public abstract KeyPair generateKeyPair (); | ||
| public void initialize (java.security.spec.AlgorithmParameterSpec params, SecureRandom random) throws InvalidAlgorithmParameterException; | ||
| public abstract void initialize (int keysize, SecureRandom random); | ||
| } | ||
Subclasses: KeyPairGenerator
| KeyStore | Java 1.2 | |
|
||
| java.security | ||
This class represents a mapping of names, or aliases, to Key and java.security.cert.Certificate objects. Obtain a KeyStore object by calling one of the static getInstance() methods, specifying the desired key store type and, optionally, the desired provider. Use "JKS" to specify the "Java Key Store" type defined by Sun. Because of U.S. export regulations, this default KeyStore supports only weak encryption of private keys. If you have the Java Cryptography Extension installed, use the type "JCEKS" and provider "SunJCE" to obtain a KeyStore implementation that offers much stronger password-based encryption of keys. Once you have created a KeyStore, use load() to read its contents from a stream, supplying an optional password that verifies the integrity of the stream data. Keystores are typically read from a file named .keystore in the user's home directory.
A KeyStore may contain both public and private key entries. A public key entry is represented by a Certificate object. Use getCertificate() to look up a named public key certificate and setCertificateEntry() to add a new public key certificate to the keystore. A private key entry in the keystore contains both a password-protected Key and an array of Certificate objects that represent the certificate chain for the public key that corresponds to the private key. Use getKey() and getCertificateChain() to look up the key and certificate chain. Use setKeyEntry() to create a new private key entry. You must provide a password when reading or writing a private key from the keystore; this password encrypts the key data, and each private key entry should have a different password. If you are using the JCE, you may also store javax.crypto.SecretKey objects in a KeyStore. Secret keys are stored like private keys, except that they do not have a certificate chain associated with them.
To delete an entry from a KeyStore, use deleteEntry(). If you modify the contents of a KeyStore, use store() to save the keystore to a specified stream. You may specify a password that is used to validate the integrity of the data, but it is not used to encrypt the keystore.
| public class KeyStore { | ||
| // | Protected Constructors | |
| protected KeyStore (KeyStoreSpi keyStoreSpi, Provider provider, String type); | ||
| // | Public Class Methods | |
| public static final String getDefaultType (); | ||
| public static KeyStore getInstance (String type) throws KeyStoreException; | ||
| public static KeyStore getInstance (String type, String provider) throws KeyStoreExceptionNoSuchProviderException; | ||
| // | Public Instance Methods | |
| public final java.util.Enumeration aliases () throws KeyStoreException; | ||
| public final boolean containsAlias (String alias) throws KeyStoreException; | ||
| public final void deleteEntry (String alias) throws KeyStoreException; | ||
| public final java.security.cert.Certificate getCertificate (String alias) throws KeyStoreException; | ||
| public final String getCertificateAlias (java.security.cert.Certificate cert) throws KeyStoreException; | ||
| public final java.security.cert.Certificate[ ] getCertificateChain (String alias) throws KeyStoreException; | ||
| public final java.util.Date getCreationDate (String alias) throws KeyStoreException; | ||
| public final Key getKey (String alias, char[ ] password) throws KeyStoreExceptionNoSuchAlgorithmExceptionUnrecoverableKeyException; | ||
| public final Provider getProvider (); | ||
| public final String getType (); | ||
| public final boolean isCertificateEntry (String alias) throws KeyStoreException; | ||
| public final boolean isKeyEntry (String alias) throws KeyStoreException; | ||
| public final void load (java.io.InputStream stream, char[ ] password) throws java.io.IOExceptionNoSuchAlgorithmExceptionjava.security.cert.CertificateException; | ||
| public final void setCertificateEntry (String alias, java.security.cert.Certificate cert) throws KeyStoreException; | ||
| public final void setKeyEntry (String alias, byte[ ] key, java.security.cert.Certificate[ ] chain) throws KeyStoreException; | ||
| public final void setKeyEntry (String alias, Key key, char[ ] password, java.security.cert.Certificate[ ] chain) throws KeyStoreException; | ||
| public final int size () throws KeyStoreException; | ||
| public final void store (java.io.OutputStream stream, char[ ] password) throws KeyStoreExceptionjava.io.IOExceptionNoSuchAlgorithmExceptionjava.security.cert.CertificateException; | ||
| } | ||
Returned By: KeyStore.getInstance()
| KeyStoreException | Java 1.2 | |
|
||
| java.security | serializable checked | |
Signals a problem with a KeyStore.
| public class KeyStoreException extends GeneralSecurityException { | ||
| // | Public Constructors | |
| public KeyStoreException (); | ||
| public KeyStoreException (String msg); | ||
| } | ||
Hierarchy: Object-->Throwable(Serializable)-->Exception-->GeneralSecurityException-->KeyStoreException
Thrown By: Too many methods to list.
| KeyStoreSpi | Java 1.2 | |
|
||
| java.security | ||
This abstract class defines the service-provider interface for KeyStore. A security provider must implement a concrete subclass of this class for each KeyStore type it supports. Applications never need to use or subclass this class.
| public abstract class KeyStoreSpi { | ||
| // | Public Constructors | |
| public KeyStoreSpi (); | ||
| // | Public Instance Methods | |
| public abstract java.util.Enumeration engineAliases (); | ||
| public abstract boolean engineContainsAlias (String alias); | ||
| public abstract void engineDeleteEntry (String alias) throws KeyStoreException; | ||
| public abstract java.security.cert.Certificate engineGetCertificate (String alias); | ||
| public abstract String engineGetCertificateAlias (java.security.cert.Certificate cert); | ||
| public abstract java.security.cert.Certificate[ ] engineGetCertificateChain (String alias); | ||
| public abstract java.util.Date engineGetCreationDate (String alias); | ||
| public abstract Key engineGetKey (String alias, char[ ] password) throws NoSuchAlgorithmExceptionUnrecoverableKeyException; | ||
| public abstract boolean engineIsCertificateEntry (String alias); | ||
| public abstract boolean engineIsKeyEntry (String alias); | ||
| public abstract void engineLoad (java.io.InputStream stream, char[ ] password) throws java.io.IOExceptionNoSuchAlgorithmExceptionjava.security.cert.CertificateException; | ||
| public abstract void engineSetCertificateEntry (String alias, java.security.cert.Certificate cert) throws KeyStoreException; | ||
| public abstract void engineSetKeyEntry (String alias, byte[ ] key, java.security.cert.Certificate[ ] chain) throws KeyStoreException; | ||
| public abstract void engineSetKeyEntry (String alias, Key key, char[ ] < | ||
