JAVA 机密机制初探（JCA）—— 概览

 

 

java中安全服务都是从java.security.Provider类中的类似MessageDigestSpi 的子类提供的.

XXXSpi是抽象父类：

 

 

比如如下代码：

 

MessageDigest md = MessageDigest.getInstance("MD5"); // JCA的算法名是大小写不敏感的。

 

 

java运行的时候会按照如下图的模型去找ProviderA,中的MD5实现，

provierA 找不到再去找providerB中的实现。

 

 

 

 

 

而ProviderA 还是ProviderC 是Java\jre1.5.0_16\lib\security文件中定义的：（可以到JDK目录下面去搜索出来,JAVA按照此文件中定义的provider顺序进行查找）

security.provider.1=sun.security.provider.Sun
security.provider.2=sun.security.rsa.SunRsaSign
security.provider.3=com.sun.net.ssl.internal.ssl.Provider
security.provider.4=com.sun.crypto.provider.SunJCE
security.provider.5=sun.security.jgss.SunProvider
security.provider.6=com.sun.security.sasl.Provider
 
 当然我们也可以实现自己的Provider。或者用不是SUN提供的第三方的Provider。

MessageDigest md = MessageDigest.getInstance("MD5", "ProviderC");

  

 

类图如下：

SUN提供的每个provider里面的已经实现了的算法实现 见：

http://java.sun.com/javase/6/docs/technotes/guides/security/SunProviders.html#SUNProvider

 

============================== 大致类描述表 ===============================

Table 1 Key Java security packages and classes

 

Package	Class/Interface Name	Usage
com.sun.security.auth.module	JndiLoginModule	Performs username/password authentication using LDAP or NIS database
KeyStoreLoginModule	Performs authentication based on key store login
Krb5LoginModule	Performs authentication using Kerberos protocols
java.lang	SecurityException	Indicates a security violation
SecurityManager	Mediates all access control decisions
System	Installs the SecurityManager
java.security	AccessController	Called by default implementation of SecurityManager to make access control decisions
Key	Represents a cryptographic key
KeyStore	Represents a repository of keys and trusted certificates
MessageDigest	Represents a message digest
Permission	Represents access to a particular resource
Policy	Encapsulates the security policy
Provider	Encapsulates security service implementations
Security	Manages security providers and security properties
Signature	Creates and verifies digital signatures
java.security.cert	Certificate	Represents a public key certificate
CertStore	Represents a repository of unrelated and typically untrusted certificates
javax.crypto	Cipher	Performs encryption and decryption
KeyAgreement	Performs a key exchange
javax.net.ssl	KeyManager	Manages keys used to perform SSL/TLS authentication
SSLEngine	Produces/consumes SSL/TLS packets, allowing the application freedom to choose a transport mechanism
SSLSocket	Represents a network socket that encapsulates SSL/TLS support on top of a normal stream socket
TrustManager	Makes decisions about who to trust in SSL/TLS interactions (for example, based on trusted certificates in key stores)
javax.security.auth	Subject	Represents a user
javax.security.auth.kerberos	KerberosPrincipal	Represents a Kerberos principal
KerberosTicket	Represents a Kerberos ticket
javax.security.auth.login	LoginContext	Supports pluggable authentication
javax.security.auth.spi	LoginModule	Implements a specific authentication mechanism
javax.security.sasl	Sasl	Creates SaslClient and SaslServer objects
SaslClient	Performs SASL authentication as a client
SaslServer	Performs SASL authentication as a server
org.ietf.jgss	GSSContext	Encapsulates a GSS-API security context and provides the security services available via the context