java中安全服务都是从java.security.Provider类中的类似MessageDigestSpi 的子类提供的.
XXXSpi是抽象父类:
比如如下代码:
| MessageDigest md = MessageDigest.getInstance("MD5"); // JCA的算法名是大小写不敏感的。 |
java运行的时候会按照如下图的模型去找ProviderA,中的MD5实现,
provierA 找不到再去找providerB中的实现。
而ProviderA 还是ProviderC 是Java\jre1.5.0_16\lib\security文件中定义的:(可以到JDK目录下面去搜索出来,JAVA按照此文件中定义的provider顺序进行查找)
security.provider.1=sun.security.provider.Sun
security.provider.2=sun.security.rsa.SunRsaSign
security.provider.3=com.sun.net.ssl.internal.ssl.Provider
security.provider.4=com.sun.crypto.provider.SunJCE
security.provider.5=sun.security.jgss.SunProvider
security.provider.6=com.sun.security.sasl.Provider
当然我们也可以实现自己的Provider。或者用不是SUN提供的第三方的Provider。
| MessageDigest md = MessageDigest.getInstance("MD5", "ProviderC"); |
类图如下:
SUN提供的每个provider里面的已经实现了的算法实现 见:
http://java.sun.com/javase/6/docs/technotes/guides/security/SunProviders.html#SUNProvider
============================== 大致类描述表 ===============================
Table 1 Key Java security packages and classes
| Package | Class/Interface Name | Usage |
| com.sun.security.auth.module | JndiLoginModule | Performs username/password authentication using LDAP or NIS database |
| KeyStoreLoginModule | Performs authentication based on key store login | |
| Krb5LoginModule | Performs authentication using Kerberos protocols | |
| java.lang | SecurityException | Indicates a security violation |
| SecurityManager | Mediates all access control decisions | |
| System | Installs the SecurityManager | |
| java.security | AccessController | Called by default implementation of SecurityManager to make access control decisions |
| Key | Represents a cryptographic key | |
| KeyStore | Represents a repository of keys and trusted certificates | |
| MessageDigest | Represents a message digest | |
| Permission | Represents access to a particular resource | |
| Policy | Encapsulates the security policy | |
| Provider | Encapsulates security service implementations | |
| Security | Manages security providers and security properties | |
| Signature | Creates and verifies digital signatures | |
| java.security.cert | Certificate | Represents a public key certificate |
| CertStore | Represents a repository of unrelated and typically untrusted certificates | |
| javax.crypto | Cipher | Performs encryption and decryption |
| KeyAgreement | Performs a key exchange | |
| javax.net.ssl | KeyManager | Manages keys used to perform SSL/TLS authentication |
| SSLEngine | Produces/consumes SSL/TLS packets, allowing the application freedom to choose a transport mechanism | |
| SSLSocket | Represents a network socket that encapsulates SSL/TLS support on top of a normal stream socket | |
| TrustManager | Makes decisions about who to trust in SSL/TLS interactions (for example, based on trusted certificates in key stores) | |
| javax.security.auth | Subject | Represents a user |
| javax.security.auth.kerberos
| KerberosPrincipal | Represents a Kerberos principal |
| KerberosTicket | Represents a Kerberos ticket | |
| javax.security.auth.login | LoginContext | Supports pluggable authentication |
| javax.security.auth.spi | LoginModule | Implements a specific authentication mechanism |
| javax.security.sasl | Sasl | Creates SaslClient and SaslServer objects |
| SaslClient | Performs SASL authentication as a client | |
| SaslServer | Performs SASL authentication as a server | |
| org.ietf.jgss | GSSContext | Encapsulates a GSS-API security context and provides the security services available via the context |
2847
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
