java中安全服务都是从java.security.Provider类中的类似MessageDigestSpi 的子类提供的.
XXXSpi是抽象父类:
比如如下代码:
MessageDigest md = MessageDigest.getInstance("MD5"); // JCA的算法名是大小写不敏感的。 |
java运行的时候会按照如下图的模型去找ProviderA,中的MD5实现,
provierA 找不到再去找providerB中的实现。
而ProviderA 还是ProviderC 是Java\jre1.5.0_16\lib\security文件中定义的:(可以到JDK目录下面去搜索出来,JAVA按照此文件中定义的provider顺序进行查找)
security.provider.1=sun.security.provider.Sun
security.provider.2=sun.security.rsa.SunRsaSign
security.provider.3=com.sun.net.ssl.internal.ssl.Provider
security.provider.4=com.sun.crypto.provider.SunJCE
security.provider.5=sun.security.jgss.SunProvider
security.provider.6=com.sun.security.sasl.Provider
当然我们也可以实现自己的Provider。或者用不是SUN提供的第三方的Provider。
MessageDigest md = MessageDigest.getInstance("MD5", "ProviderC"); |
类图如下:
SUN提供的每个provider里面的已经实现了的算法实现 见:
http://java.sun.com/javase/6/docs/technotes/guides/security/SunProviders.html#SUNProvider
============================== 大致类描述表 ===============================
Table 1 Key Java security packages and classes
Package | Class/Interface Name | Usage |
com.sun.security.auth.module | JndiLoginModule | Performs username/password authentication using LDAP or NIS database |
KeyStoreLoginModule | Performs authentication based on key store login | |
Krb5LoginModule | Performs authentication using Kerberos protocols | |
java.lang | SecurityException | Indicates a security violation |
SecurityManager | Mediates all access control decisions | |
System | Installs the SecurityManager | |
java.security | AccessController | Called by default implementation of SecurityManager to make access control decisions |
Key | Represents a cryptographic key | |
KeyStore | Represents a repository of keys and trusted certificates | |
MessageDigest | Represents a message digest | |
Permission | Represents access to a particular resource | |
Policy | Encapsulates the security policy | |
Provider | Encapsulates security service implementations | |
Security | Manages security providers and security properties | |
Signature | Creates and verifies digital signatures | |
java.security.cert | Certificate | Represents a public key certificate |
CertStore | Represents a repository of unrelated and typically untrusted certificates | |
javax.crypto | Cipher | Performs encryption and decryption |
KeyAgreement | Performs a key exchange | |
javax.net.ssl | KeyManager | Manages keys used to perform SSL/TLS authentication |
SSLEngine | Produces/consumes SSL/TLS packets, allowing the application freedom to choose a transport mechanism | |
SSLSocket | Represents a network socket that encapsulates SSL/TLS support on top of a normal stream socket | |
TrustManager | Makes decisions about who to trust in SSL/TLS interactions (for example, based on trusted certificates in key stores) | |
javax.security.auth | Subject | Represents a user |
javax.security.auth.kerberos
| KerberosPrincipal | Represents a Kerberos principal |
KerberosTicket | Represents a Kerberos ticket | |
javax.security.auth.login | LoginContext | Supports pluggable authentication |
javax.security.auth.spi | LoginModule | Implements a specific authentication mechanism |
javax.security.sasl | Sasl | Creates SaslClient and SaslServer objects |
SaslClient | Performs SASL authentication as a client | |
SaslServer | Performs SASL authentication as a server | |
org.ietf.jgss | GSSContext | Encapsulates a GSS-API security context and provides the security services available via the context |