start page | rating of books | rating of authors | reviews | copyrights
Appendix D. Quick Reference
This appendix contains a quick-reference guide to the classes that we
have discussed in this book. The primary focus is on classes that are
in the java.security package and its
sub-packages, as well as the javax.crypto
extension package. Accordingly, the classes listed in this appendix
are organized by their primary package. Of course, there are a number
of security-related classes--such as the various permission
classes--that do not belong to one of these packages; these are
listed in Section D.8, "Miscellaneous Packages" at the end
of this appendix. Information in this appendix is based only on Java
1.2.[1]
D.1. Package java.security
| Class java.security.AccessControlContext | |
|
|
| |
An access control context allows the access controller to substitute
a different context (that is, a different set of protection domains)
than the context provided by the stack of the current thread. This
class might be used by a server thread to determine if a particular
calling thread should be allowed to perform particular operations.
Class Definition
public final class java.security.AccessControlContext
extends java.lang.Object {
// Constructors
public AccessControlContext(ProtectionDomain[]);
// Instance Methods
public void checkPermission(Permission);
public boolean equals(Object);
public int hashCode();
}
See also: AccessController
| Class java.security.AccessController | |
|
|
| |
The access controller is responsible for determining whether or not
the current thread can execute a given operation. This decision
occurs in the checkPermission() method and is
based upon all the protection domains that are on the stack of the
calling thread and the set of permissions that have been granted to
those protection domains. The access controller is heavily used by
the security manager to enforce a specific security policy, and it
may be used by arbitrary code to enforce an application-specific
security policy as well.
Class Definition
public final class java.security.AccessController
extends java.lang.Object {
// Class Methods
public static native Object doPrivileged(PrivilegedAction);
public static native Object doPrivileged(PrivilegedAction,
AccessControlContext);
public static native Object
doPrivileged(PrivilegedExceptionAction);
public static native Object doPrivileged(PrivilegedExceptionAction,
AccessControlContext);
public static void checkPermission(Permission);
public static AccessControlContext getContext();
}
See Also:Permission, ProtectionDomain, Policy
| Class java.security.AlgorithmParameterGenerator | |
|
|
| |
This engine class is used to generate algorithm-specific parameters,
which may then be turned into algorithm parameters specifications to
be used to initialize other engine classes. In normal usage, those
engines can be initialized directly via the same
init() methods that exist in this class; hence,
this class is little used.
Class Definition
public class java.security.AlgorithmParameterGenerator {
// Constructors
protected AlgorithmParameterGenerator(
AlgorithmParameterGeneratorSpi, Provider, String);
// Class Methods
public static final AlgorithmParameterGenerator
getInstance(String);
public static final AlgorithmParameterGenerator
getInstance(String, String);
// Instance Methods
public final String getAlgorithm();
public final Provider getProvider();
public final void init(int);
public final void init(int, SecureRandom);
public final void init(AlgorithmParameterSpec);
public final void init(AlgorithmParameterSpec, SecureRandom);
public final AlgorithmParameters generateParameters();
}
See also: AlgorithmParameters
| Class java.security.AlgorithmParameterGeneratorSpi | |
|
|
| |
This class is the Security Provider Interface for the algorithm
parameter generator. If you want to implement your own algorithm
parameter generator, you subclass this class and register your
implementation with an appropriate security provider.
Class Definition
public abstract class java.security.AlgorithmParameterGeneratorSpi {
// Instance Methods
protected abstract void engineInit(int, SecureRandom);
protected abstract void engineInit(
AlgorithmParameterSpec, SecureRandom);
protected abstract AlgorithmParameters engineGenerateParameters();
}
See also: AlgorithmParameterGenerator
| Class java.security.AlgorithmParameters | |
|
|
| |
This engine class is used to generate algorithm-specific parameter
specifications, which may then be used to initialize other engine
classes. In normal usage, those engines can be initialized directly
via the same init() methods that exist in this
class; hence, this class is little used.
Class Definition
public class java.security.AlgorithmParameters {
// Class Methods
public static final AlgorithmParameters getInstance(String);
public static final AlgorithmParameters getInstance(
String, String);
// Constructors
protected AlgorithmParameters(AlgorithmParametersSpi,
Provider, String);
// Instance Methods
public final String getAlgorithm();
public final Provider getProvider();
public final void init(AlgorithmParameterSpec);
public final void init(byte[]);
public final void init(byte[], String);
public final AlgorithmParameterSpec getParameterSpec(Class);
public final byte[] getEncoded();
public final byte[] getEncoded(String);
public final String toString();
}
See also: KeyPairGenerator
| Class java.security.AlgorithmParametersSpi | |
|
|
| |
This is the Security Provider Interface for algorithm parameters. If
you want to implement your own algorithm parameters, you do so by
subclassing this class and registering your implementation with an
appropriate security provider.
Class Definition
public abstract class java.security.AlgorithmParametersSpi
extends java.lang.Object {
// Constructors
public AlgorithmParametersSpi();
// Protected Instance Methods
protected abstract byte[] engineGetEncoded();
protected abstract byte[] engineGetEncoded(String);
protected abstract AlgorithmParameterSpec
engineGetParameterSpec(Class);
protected abstract void engineInit(AlgorithmParameterSpec);
protected abstract void engineInit(byte[]);
protected abstract void engineInit(byte[], String);
protected abstract String engineToString();
}
See also: AlgorithmParameters
| Class java.security.AllPermission | |
|
|
| |
This class represents permissions to perform any operation. This
permission is typically granted to extension classes, which (like the
core API) need to be able to perform any operation. Although it is a
permission class, instances of this class have no name and no
actions. The implies() method of this class
always returns true.
Class Definition
public final class java.security.AllPermission
extends java.security.Permission {
// Constructors
public AllPermission();
public AllPermission(String, String);
// Instance Methods
public boolean equals(Object);
public String getActions();
public int hashCode();
public boolean implies(Permission);
public PermissionCollection newPermissionCollection();
}
See also: Permission
| Class java.security.BasicPermission | |
|
|
| |
A basic permission represents a binary permission--that is, a
permission that you either have or do not have. Hence, the action
string in a basic permission is unused. A basic permission follows
the same naming convention as java properties: a series of
period-separated words, like "exitVM" or
"xyz.payrollPermission". The
BasicPermission class is capable of wildcard
matching if the last word in the permission is an asterisk. This
class serves as the superclass for a number of default permission
classes.
Class Definition
public abstract class java.security.BasicPermission
extends java.security.Permission
implements java.io.Serializable {
// Constructors
public BasicPermission(String);
public BasicPermission(String, String);
// Instance Methods
public boolean equals(Object);
public String getActions();
public int hashCode();
public boolean implies(Permission);
public PermissionCollection newPermissionCollection();
}
See also: Permission, PermissionCollection
| Class java.security.CodeSource | |
|
|
| |
A code source encapsulates the location from which a particular class
was loaded and the public keys (if any) that were used to sign the
class. This information is used by a secure class loader to define a
protection domain associated with the class; typically, the class
loader is the only object that uses a code source.
Class Definition
public class java.security.CodeSource
extends java.lang.Object
implements java.io.Serializable {
// Constructors
public CodeSource(URL, Certificate[]);
// Instance Methods
public boolean equals(Object);
public final Certificate[] getCertificates();
public boolean implies();
public final URL getLocation();
public int hashCode();
public String toString();
}
See also: SecureClassLoader, ProtectionDomain
| Class java.security.DigestInputStream |
|
|
|
| |
A digest input stream is an input filter stream that is associated
with a message digest object. As data is read from the input stream,
it is automatically passed to its associated message digest object;
once all the data has been read, the message digest object will
return the hash of the input data. You must have an existing input
stream and an initialized message digest object to construct this
class; once the data has passed through the stream, call the methods
of the message digest object explicitly to obtain the hash.
Class Definition
public class java.security.DigestInputStream
extends java.io.FilterInputStream {
// Variables
protected MessageDigest digest;
// Constructors
public DigestInputStream(InputStream, MessageDigest);
// Instance Methods
public MessageDigest getMessageDigest();
public void on(boolean);
public int read();
public int read(byte[], int, int);
public void setMessageDigest(MessageDigest);
public String toString();
}
See also: DigestOutputStream, MessageDigest
a>
| Class java.security.DigestOutputStream | |
|
|
| |
A digest output stream is a filter output stream that is associated
with a message digest object. When data is written to the output
stream, it is also passed to the message digest object so that when
the data has all been written to the output stream, the hash of that
data may be obtained from the digest object. You must have an
existing output stream and an initialized message digest object to
use this class.
Class Definition
public classs java.security.DigestOutputStream
extends java.io.FilterOutputStream {
// Variables
protected MessageDigest digest;
// Constructors
public DigestOutputStream(OutputStream, MessageDigest);
// Instance Methods
public MessageDigest getMessageDigest();
public void on(boolean);
public void setMessageDigest(MessageDigest);
public String toString();
public void write(int);
public void write(byte[], int, int);
}
See also: DigestInputStream, MessageDigest
| Interface java.security.Guard | |
|
|
| |
An object of a class that implements the Guard
interface may be used to protect access to a resource. In typical
usage, a guard is an object of the Permission
class, so that access to the guarded resource is granted if and only
if the current thread has been granted the given permission. This
interface is used by the GuardedObject class to
guard access to another object.
Interface Definition
public abstract interface java.security.Guard {
// Instance Methods
public abstract void checkGuard(Object);
}
See also: GuardedObject, Permission
| Class java.security.GuardedObject | |
|
|
| |
A guarded object is a container for another object. The contained
object is guarded using an object that implements the
Guard interface; in typical usage, that would be
an instance of a Permission object. The guarded
object stores a serialized version of the object it contains; the
contained object will be deserialized and returned by the
getObject() method only if the guard object
allows access.
Class Definition
public class java.security.GuardedObject
extends java.lang.Object
implements java.io.Serializable {
// Constructors
public GuardedObject(Serializable, Guard);
// Instance Methods
public Object getObject();
}
See also: Guard
| Class java.security.Identity | |
|
|
| |
An identity encapsulates public knowledge about an entity (that is, a
person or a corporation--or anything that could hold a public
key). Identities have names and may hold a public key, along with a
certificate chain to validate the public key. An identity may belong
to an identity scope, but this feature is optional and is not
typically used. This class is deprecated in 1.2.
Class Definition
public abstract class java.security.Identity
extends java.lang.Object
implements java.security.Principal, java.io.Serializable {
// Constructors
protected Identity();
public Identity(String);
public Identity(String, IdentityScope);
// Instance Methods
public void addCertificate(Certificate);
public final boolean equals(Object);
public Certificate[] certificates();
public String getInfo();
public final String getName();
public PublicKey getPublicKey();
public final IdentityScope getScope();
public int hashCode();
public void removeCertificate(Certificate);
public void setInfo(String);
public void setPublicKey(PublicKey);
public String toString();
public String toString(boolean);
// Protected Instance Methods
protected boolean identityEquals(Identity);
}
See also: Certificate, IdentityScope, Principal, PublicKey
| Class java.security.IdentityScope | |
|
|
| |
An identity scope is a collection of identities; an identity may
belong to a single identity scope. The notion is that scope is
recursive: an identity scope may itself belong to another identity
scope (or it may be unscoped). This class is deprecated in Java 1.2.
Class Definition
public abstract class java.security.IdentityScope
extends java.security.Identity {
// Constructors
protected IdentityScope();
public IdentityScope(String);
public IdentityScope(String, IdentityScope);
// Class Methods
public static IdentityScope getSystemScope();
protected static void setSystemScope(IdentityScope);
// Instance Methods
public abstract void addIdentity(Identity);
public abstract Identity getIdentity(String);
public Identity getIdentity(Principal);
public abstract Identity getIdentity(PublicKey);
public abstract Enumeration identities();
public abstract void removeIdentity(Identity);
public abstract int size();
public String toString();
}
See also: Identity
| Interface java.security.Key | |
|
|
| |
A key is essentially a series of bytes that are used by a
cryptographic algorithm. Depending on the type of the key, the key
may be used only for particular operations and only for particular
algorithms, and it may have certain mathematical properties
(including a mathematical relationship to other keys). The series of
bytes that comprise a key is the encoded format of the key.
Interface Definition
public abstract interface java.security.Key
implements java.io.Serializable {
// Instance Methods
public abstract String getAlgorithm();
public abstract byte[] getEncoded();
public abstract String getFormat();
}
See also: PrivateKey, PublicKey, SecretKey
| Class java.security.KeyFactory | |
|
|
| |
A key factory is an engine class that is capable of translating
between public or private key objects and their external format (and
vice versa). Hence, key factories may be used to import or export
keys, as well as to translate keys of one class (e.g.,
com.acme.DSAPublicKey) to another class (e.g.,
com.xyz.DSAPublicKeyImpl) as long as those
classes share the same base class. Key factories operate in terms of
key specifications; these specifications are the various external
formats in which a key may be transmitted. Keys are imported via the
generatePublic() and
generatePrivate() methods, they are exported via
the getKeySpec() method, and they are translated
via the translateKey() method.
Class Definition
public class java.security.KeyFactory
extends java.lang.Object {
// Constructors
protected KeyFactory(KeyFactorySpi, Provider, String);
// Class Methods
public static final KeyFactory getInstance(String);
public static final KeyFactory getInstance(String, String);
// Instance Methods
public final PrivateKey generatePrivate(KeySpec);
public final PublicKey generatePublic(KeySpec);
public final String getAlgorithm();
public final KeySpec getKeySpec(Key, Class);
public final Provider getProvider();
public final Key translateKey(Key);
}
See also: KeyFactorySpi, KeySpec
| Class java.security.KeyFactorySpi | |
|
|
| |
This is the Service Provider Interface for a key factory; if you want
to implement your own key factory, you do so by extending this class
and registering your implementation with an appropriate security
provider. Instances of this class are expected to know how to create
key objects from external key specifications and vice versa.
Class Definition
public abstract class java.security.KeyFactorySpi
extends java.lang.Object {
// Constructors
public KeyFactorySpi();
// Protected Instance Methods
protected abstract PrivateKey engineGeneratePrivate(KeySpec);
protected abstract PublicKey engineGeneratePublic(KeySpec);
protected abstract KeySpec engineGetKeySpec(Key, Class);
protected abstract Key engineTranslateKey(Key);
}
See also: KeyFactory, KeySpec
| Class java.security.KeyPair | |
|
|
| |
Public and private keys are mathematically related to each other and
hence are generated together; this class provides an encapsulation of
both the keys as a convenience to key generation.
Class Definition
public final class java.security.KeyPair
extends java.lang.Object {
// Constructors
public KeyPair(PublicKey, PrivateKey);
// Instance Methods
public PrivateKey getPrivate();
public PublicKey getPublic();
}
See also: KeyPairGenerator, PrivateKey, PublicKey
This is an engine class that is capable of generating a public key
and its related private key. Instances of this class will generate
key pairs that are appropriate for a particular algorithm (DSA, RSA,
etc.). A key pair generator may be initialized to return keys of a
particular strength (which is usually the number of bits in the key),
or it may be initialized in an algorithmic-specific way; the former
case is the one implemented by most key generators. An instance of
this class may be used to generate any number of key pairs.
Class Definition
public abstract class java.security.KeyPairGenerator
extends java.security.KeyPairGeneratorSpi {
// Constructors
protected KeyPairGenerator(String);
// Class Methods
public static KeyPairGenerator getInstance(String);
public static KeyPairGenerator getInstance(String, String);
// Instance Methods
public final KeyPair genKeyPair();
public String getAlgorithm();
public final Provider getProvider();
public void initialize(int);
public void initialize(int, SecureRandom)
public void initialize(AlgorithmParameterSpec, SecureRandom);
public void initialize(AlgorithmParameterSpec);
}
See also: AlgorithmParameterSpec, KeyPair
| Class KeyPairGeneratorSpi
| |
|
|
| |
This is the Service Provider Interface class for the key pair
generation engine; if you want to implement your own key pair
generator, you must extend this class and register your
implementation with an appropriate security provider. Instances of
this class must be prepared to generate key pairs of a particular
strength (or length); they may optionally accept an
algorithmic-specific set of initialization values.
Class Definition
public abstract class java.security.KeyPairGeneratorSpi
extends java.lang.Object {
// Constructors
public KeyPairGeneratorSpi();
// Instance Methods
public abstract KeyPair generateKeyPair();
public abstract void initialize(int, SecureRandom);
public void initialize(AlgorithmParameterSpec, SecureRandom);
}
See also: AlgorithmParameterSpec, KeyPairGenerator, SecureRandom
| Class java.security.KeyStore | |
|
|
| |
This class is responsible for maintaining a set of keys and their
related owners. In the default implementation, this class maintains
the .keystore file held in the user's home
directory, but you may provide an alternate implementation of this
class that holds keys anywhere: in a database, on a remote
filesystem, on a Java smart card, or any and all of the above. The
class that is used to provide the default keystore implementation is
specified by the keystore property in the
$JDKHOME/lib/java.security file. The keystore
may optionally require a passphrase for access to the entire keystore
(via the load() method); this passphrase is
often used only for sanity checking and is often not specified at
all. On the other hand, private keys in the keystore should be
protected (e.g., encrypted) by using a different passphrase for each
private key.
Note that although the keystore associates entities with keys, it
does not rely upon the Identity class itself.
Class Definition
public abstract class java.security.KeyStore
extends java.lang.Object {
// Constructors
protected KeyStore(KeyStoreSpi, Provider, String);
// Class Methods
public static final String getDefaultType();
public static KeyStore getInstance(String);
public static KeyStore getInstance(String, String);
// Instance Methods
public final Enumeration aliases();
public final boolean containsAlias(String);
public final void deleteEntry(String);
public final Certificate getCertificate(String);
public final String getCertificateAlias(Certificate);
public final Certificate[] getCertificateChain(String);
public final Date getCreationDate(String);
public final Key getKey(String, char[]);
public final Provider getProvider();
public final String getType();
public final boolean isCertificateEntry(String);
public final boolean isKeyEntry(String);
public final void load(InputStream, char[]);
public final void setCertificateEntry(String, Certificate);
public final void setKeyEntry(String, Key, char[], Certificate[]);
public final void setKeyEntry(String, byte[], Certificate[]);
public final int size();
public final void store(OutputStream, char[]);
}
See also: Certificate, PublicKey
| Class java.security.MessageDigest | |
|
|
| |
The message digest class is an engine class that can produce a
one-way hash value for any arbitrary input. Message digests have two
properties: they produce a unique hash for each set of input data
(subject to the number of bits that are output), and the original
input data is indiscernible from the hash output. The hash value is
variously called a digital fingerprint or a digest. Message digests
are components of digital signatures, but they are useful in their
own right to verify that a set of data has not been corrupted. Once a
digest object is created, data may be fed to it via the
update() methods; the hash itself is returned
via the digest() method.
Class Definition
public abstract class java.security.MessageDigest
extends java.security.MessageDigestSpi {
// Constructors
protected MessageDigest(String);
// Class Methods
public static MessageDigest getInstance(String);
public static MessageDigest getInstance(String, String);
public static boolean isEqual(byte[], byte[]);
// Instance Methods
public Object clone();
public byte[] digest();
public byte[] digest(byte[]);
public int digest(byte[], int, int);
public final String getAlgorithm();
public final int getDigestLength();
public final Provider getProvider();
public void reset();
public String toString();
public void update(byte);
public void update(byte[]);
public void update(byte[], int, int);
}
| Class java.security.MessageDigestSpi | |
|
|
| |
This is the Service Provider Interface for the message digest engine;
if you want to implement your own message digest class, you do so by
extending this class and registering your implementation with an
appropriate security provider. Since the
MessageDigest class itself extends this class,
you may also extend the MessageDigest class
directly. Implementations of this class are expected to accumulate a
hash value over data that is fed to it as a series of arbitrary
bytes.
Class Definition
public abstract class java.security.MessageDigestSpi
extends java.lang.Object {
// Constructors
public MessageDigestSpi();
// Instance Methods
public Object clone();
// Protected Instance Methods
protected abstract byte[] engineDigest();
protected int engineDigest(byte[], int, int);
protected int engineGetDigestLength();
protected abstract void engineReset();
protected abstract void engineUpdate(byte);
protected abstract void engineUpdate(byte[], int, int);
}
See also: MessageDigest
| Class java.security.Permission | |
|
|
| |
This class forms the base class for all types of permissions that are
used by the access controller. A permission object encapsulates a
particular operation (e.g., reading the file
/tmp/foo). It does not, however, grant
permission for that operation; rather, the permission object is
constructed and passed to the access controller to see if that
operation is one which the current security policy has defined as a
permissible operation.
Permissions have names (e.g., the name of the file, or the name of
the operation) and may optionally have actions (the semantics of
which are dependent upon the type of permission). It is up to the
implies() method to determine if one permission
grants another; this allows you to specify wildcard-type permissions
that imply specific permissions (e.g., the permission named
"*" may imply the permission named "myfile").
Class Definition
public abstract class java.security.Permission
extends java.lang.Object
implements java.security.Guard, java.io.Serializable {
// Constructors
public Permission(String);
// Instance Methods
public void checkGuard(Object);
public abstract boolean equals(Object);
public abstract String getActions();
public final String getName();
public abstract int hashCode();
public abstract boolean isReadOnly();
public void setReadOnly();
public PermissionCollection newPermissionCollection();
public String toString();
}
See also: AccessController, BasicPermission, PermissionCollection, Policy
| Class java.security.PermissionCollection
| |
|
|
| |
As you might infer, a permission collection is a collection of
permission objects. In theory, a permission collection can be a set
of arbitrary, unrelated permission objects; however, that usage is
best avoided and left to the Permissions class.
Hence, a permission collection should be thought of as a collection
of one type of permission: a set of file permissions, a set of socket
permissions, etc. A permission collection is responsible for
determining if an individual permission (passed as a parameter to the
implies() method) is contained in the set of
permissions in the object; presumably, it will do that more
efficiently than by calling the implies() method
on each permission in the collection. If you implement a new
permission class that has wildcard semantics for its names, then you
must implement a corresponding permission collection to aggregate
instances of that class (if you don't need wildcard matching,
the default implementation of the Permission
class will provide an appropriate collection).
Class Definition
public abstract class java.security.PermissionCollection
extends java.lang.Object
implements java.io.Serializable {
// Constructors
public PermissionCollection();
// Instance Methods
public abstract void add(Permission);
public abstract Enumeration elements();
public abstract boolean implies(Permission);
public boolean isReadOnly();
public void setReadOnly();
public String toString();
}
See also: Permission, Permissions
| Class java.security.Permissions
| |
|
|
| |
This class is an aggregate of permission collections. Hence, it is an
appropriate collection object for a group of unrelated permission,
which is its typical use: the Policy class uses
instances of this class to represent all the permissions associated
with a particular protection domain.
Class Definition
public final class java.security.Permissions
extends java.security.PermissionCollection
implements java.io.Serializable {
// Constructors
public Permissions();
// Instance Methods
public void add(Permission);
public Enumeration elements();
public boolean implies(Permission);
}
See also: Permission, PermissionCollection, Policy
| Class java.security.Policy
| |
|
|
| |
The Policy class encapsulates all the specific
permissions that the virtual machine knows about. This set of
permissions is by default read from a series of URLs specified by
policy.url properties in the
$JDKHOME/lib/security/java.security file,
although applications may specify their own policy objects by using
the setPolicy() method of this class.
Alternately, a different default implementation of the policy class
may be specified by changing the policy.provider
property in the java.security file.
Class Definition
public abstract class java.security.Policy
extends java.lang.Object {
// Constructors
public Policy();
// Class Methods
public static Policy getPolicy();
public static void setPolicy(Policy);
// Instance Methods
public abstract PermissionCollection getPermissions(CodeSource);
public abstract void refresh();
}
See also: Permission, Permissions
| Interface java.security.Principal | |
|
|
| |
A principal is anything that has a name, such as an identity. The
name in this case is often an X.500 distinguished name, but that is
not a requirement.
Interface Definition
public abstract interface java.security.Principal {
// Instance Methods
public abstract boolean equals(Object);
public abstract String getName();
public abstract int hashCode();
public abstract String toString();
}
See also: Identity
| Interface java.security.PrivateKey | |
|
|
| |
A private key is a key with certain mathematical properties that
allows it to perform inverse cryptographic operations with its
matching public key. Classes implement this interface only for type
identification.
Interface Definition
public abstract interface java.security.PrivateKey
implements java.security.Key {
}
See also: Key, PublicKey
| Class java.security.ProtectionDomain | |
|
|
| |
A protection domain encapsulates the location from which a class was
loaded and the keys used to sign the class (that is, a
CodeSource object) and the set of permissions
that should be granted to that class. These protection domains are
consulted by the access controller to determine if a particular
operation should succeed; if the operation is in the set of
permissions in each protection domain on the stack, then the
operation will succeed. This class is typically only used within a
class loader.
Class Definition
public class java.security.ProtectionDomain
extends java.lang.Object {
// Constructors
public ProtectionDomain(CodeSource, PermissionCollection);
// Instance Methods
public final CodeSource getCodeSource();
public final PermissionCollection getPermissions();
public boolean implies(Permission);
public String toString();
}
See also: AccessController, CodeSource, Permissions
| Class java.security.Provider | |
|
|
| |
An instance of the Provider class is responsible
for mapping particular implementations to desired algorithm/engine
pairs; instances of this class are consulted (indirectly) by the
getInstance() methods of the engine classes to
find a class that implements the desired operation. Instances of this
class must be registered either with the
Security class or by listing them in the
$JDKHOME/lib/security/java.security file as a
security.provider property.
Class Definition
public abstract class java.security.Provider
extends java.util.Properties {
// Constructors
protected Provider(String, double, String);
// Instance Methods
public synchronized void clear();
public Set entrySet();
public String getInfo();
public String getName();
public double getVersion();
public Set keySet();
public synchronized void load(InputStream);
public synchronized Object put(Object, Object);
public synchronized void putAll(Map);
public synchronized Object remove(Object);
public String toString();
public Collection values();
}
See also: Security
| Interface java.security.PublicKey | |
|
|
| |
A public key is a key with certain mathematical properties that
allows it to perform inverse cryptographic operations with its
matching private key. Classes implement this interface only for type
identification.
Interface Definition
public abstract interface java.security.PublicKey
implements java.security.Key {
}
See also: Key, PrivateKey
| Class java.security.SecureClassLoader | |
|
|
| |
A secure class loader is a class loader that is able to associate
code sources (and hence protection domains) with the classes that it
loads (classes loaded by a traditional class loader have a default,
null protection domain). All new class loaders are expected to extend
this class.
Class Definition
public class java.security.SecureClassLoader
extends java.lang.ClassLoader {
// Constructors
protected SecureClassLoader();
protected SecureClassLoader(ClassLoader);
// Protected Instance Methods
protected final Class defineClass(String, byte[], int, int,
CodeSource);
protected PermissionCollection getPermissions(CodeSource);
}
See also: ClassLoader, CodeSource, ProtectionDomain
| Class java.security.SecureRandom | |
|
|
| |
This class generates random numbers. Unlike the standard
random-number generator, numbers generated by this class are
cryptographically secure--that is, they are less subject to
pattern guessing and other attacks that can be made upon a
traditional random-number generator.
Class Definition
public class java.security.SecureRandom
extends java.util.Random {
// Constructors
public SecureRandom();
public SecureRandom(byte[]);
// Class Methods
public static byte[] getSeed(int);
// Instance Methods
public synchronized void nextBytes(byte[]);
public void setSeed(long);
public synchronized void setSeed(byte[]);
// Protected Instance Methods
protected final int next(int);
}
| Class java.security.Security | |
|
|
| |
This class manages the list of providers that have been installed
into the virtual machine; this list of providers is consulted to find
an appropriate class to provide the implementation of a particular
operation when the getInstance() method of an
engine class is called. The list of providers initially comes from
the $JDKHOME/lib/security/java.security file,
and applications may use methods of this class to add and remove
providers from that list.
Class Definition
public final class java.security.Security
extends java.lang.Object {
// Class Methods
public static int addProvider(Provider);
public static String getAlgorithmProperty(String, String);
public static String getProperty(String);
public static Provider getProvider(String);
public static Provider[] getProviders();
public static int insertProviderAt(Provider, int);
public static void removeProvider(String);
public static void setProperty(String, String);
}
See also: Provider
| Class java.security.SecurityPermission | |
|
|
| |
This class represents permissions to interact with the methods of
the java.security package. This permission is a
basic permission; it does not support actions. Security permissions
are checked by the Identity,
Signer, and Provider
classes.
Class Definition
public final class java.security.SecurityPermission
extends java.security.BasicPermission {
// Constructors
public SecurityPermission(String);
public SecurityPermission(String, String);
}
See also: BasicPermission
| Class java.security.Signature | |
|
|
| |
This engine class provides the ability to create or verify digital
signatures by employing different algorithms that have been
registered with the Security class. As with all
engine classes, instances of this class are obtained via the
getInstance() method. The signature object must
be initialized with the appropriate private key (to sign) or public
key (to verify), then data must be fed to the object via the
update() methods, and then the signature can be
obtained (via the sign() method) or verified
(via the verify() method). Signature objects may
support algorithm-specific parameters, though this is not a common
implementation.
Class Definition
public abstract class java.security.Signature
extends java.security.SignatureSpi {
// Constants
protected static final int SIGN;
protected static final int UNINITIALIZED;
protected static final int VERIFY;
// Variables
protected int state;
// Constructors
protected Signature(String);
// Class Methods
public static Signature getInstance(String);
public static Signature getInstance(String, String);
// Instance Methods
public Object clone();
public final String getAlgorithm();
public final Object getParameter(String);
public final Provider getProvider();
public final void initSign(PrivateKey);
public final void initSign(PrivateKey, SecureRandom);
public final void initVerify(PublicKey);
public final void setParameter(String, Object);
public final void setParameter(AlgorithmParameterSpec);
public final byte[] sign();
public final int sign(byte[], int, int);
public String toString();
public final void update(byte);
public final void update(byte[]);
public final void update(byte[], int, int);
public final boolean verify(byte[]);
}
See also: Provider
| Class java.security.SignatureSpi | |
|
|
| |
This is the Security Provider Interface for the signature engine. If
you want to implement your own signature engine, you must extend this
class and register your implementation with an appropriate security
provider. Since the Signature class already
extends this class, your implementation may extend the
Signature class directly. Implementations of
this class must be prepared both to sign and to verify data that is
passed to the engineUpdate() method.
Initialization of the engine may optionally support a set of
algorithm-specific parameters.
Class Definition
public abstract class java.security.SignatureSpi
extends java.lang.Object {
// Variables
protected SecureRandom appRandom;
// Constructors
public SignatureSpi();
// Instance Methods
public Object clone();
// Protected Instance Methods
protected abstract Object engineGetParameter(String);
protected abstract void engineInitSign(PrivateKey);
protected void engineInitSign(PrivateKey, SecureRandom);
protected abstract void engineInitVerify(PublicKey);
protected abstract void engineSetParameter(String, Object);
protected void engineSetParameter(AlgorithmParameterSpec);
protected abstract byte[] engineSign();
protected final int engineSign(byte[], int, int);
protected abstract void engineUpdate(byte);
protected abstract void engineUpdate(byte[], int, int);
protected abstract boolean engineVerify(byte[]);
}
See also: Provider, Signature
| Class java.security.SignedObject | |
|
|
| |
A signed object is a container class for another (target) object; the
signed object contains a serialized version of the target along with
a digital signature of the data contained in the target object. You
must provide a serializable object and a private key to create a
signed object, after which you can remove the embedded object and
verify the signature of the signed object by providing the
appropriate public key.
Class Definition
public final class java.security.SignedObject
extends java.lang.Object
implements java.io.Serializable {
// Constructors
public SignedObject(Serializable, PrivateKey, Signature);
// Instance Methods
public String getAlgorithm();
public Object getObject();
public byte[] getSignature();
public boolean verify(PublicKey, Signature);
}
See also: Signature
| Class java.security.Signer | |
|
|
| |
A signer abstracts the notion of a principal (that is, an individual
or a corporation) that has a private key and a corresponding public
key. Signers may optionally belong to an identity scope. This class
is deprecated in1.2.
Class Definition
public abstract class java.security.Signer
extends java.security.Identity {
// Constructors
protected Signer();
public Signer(String);
public Signer(String, IdentityScope);
// Instance Methods
public PrivateKey getPrivateKey();
public final void setKeyPair(KeyPair);
public String toString();
}
See also: Identity, Principal
`
| Class java.security.UnresolvedPermission | |
|
|
| |
An unresolved permission is one for which the implementing class has
not been loaded. If you define a custom permission, the
Policy class will represent that custom
permission as an unresolved permission until it is time for the
Policy class to actually load the class; if the
class cannot be found, then it will remain an unresolved permission.
By default, the implies() method of this class
always returns false.
Class Definition
public final class UnresolvedPermission extends Permission
implements java.io.Serializable {
// Constructors
public UnresolvedPermission(String, String, String, Certificate[]);
// Instance methods
public boolean equals(Object);
public int hashCode();
public boolean implies(Permission);
}
See also: Permission
 |  |  |
| C.3. Security References |  | D.2. Package java.security.cert |
Copyright © 2001 O'Reilly & Associates. All rights reserved.
