Docjar: A Java Source and Docuemnt Enginecom.*    java.*    javax.*    org.*    all    new    plug-in

Quick Search    Search Deep

java.security.acl.* (8)java.security.cert.* (43)java.security.interfaces.* (10)
java.security.spec.* (17)

java.security: Javadoc index of package java.security.


Package Samples:

java.security.cert
java.security.acl
java.security.interfaces
java.security.spec

Classes:

SecurityPermission: This class provides a mechanism for specified named permissions related to the Java security framework. These permissions have no associated actions list. They are either granted or not granted. The list of valid permission names is: Permission Name Permission Allows Risks createAccessControlContext Allows creation of an AccessControlContext The new control context can have a rogue DomainCombiner, leading to a privacy leak getDomainCombiner Get a DomainCombiner from an AccessControlContext Access to a DomainCombiner can lead to a privacy leak getPolicy Allows retrieval of the system security policy ...
X509Certificate: X509Certificate is the abstract class for X.509 certificates. This provides a stanard class interface for accessing all the attributes of X.509 certificates. In June 1996, the basic X.509 v3 format was finished by ISO/IEC and ANSI X.9. The ASN.1 DER format is below: Certificate ::= SEQUENCE { tbsCertificate TBSCertificate, signatureAlgorithm AlgorithmIdentifier, signatureValue BIT STRING } These certificates are widely used in various Internet protocols to support authentication. It is used in Privacy Enhanced Mail (PEM), Transport Layer Security (TLS), Secure Sockets Layer (SSL), code signing ...
Policy: Policy is an abstract class for managing the system security policy for the Java application environment. It specifies which permissions are available for code from various sources. The security policy is represented through a subclass of Policy . Only one Policy is in effect at any time. A ProtectionDomain initializes itself with information from this class on the set of permssions to grant. The location for the actual Policy could be anywhere in any form because it depends on the Policy implementation. The default system is in a flat ASCII file or it could be in a database. The current installed ...
X509CRL: The X509CRL class is the abstract class used to manage X.509 Certificate Revocation Lists. The CRL is a list of time stamped entries which indicate which lists have been revoked. The list is signed by a Certificate Authority (CA) and made publically available in a repository. Each revoked certificate in the CRL is identified by its certificate serial number. When a piece of code uses a certificate, the certificates validity is checked by validating its signature and determing that it is not only a recently acquired CRL. The recently aquired CRL is depends on the local policy in affect. The CA issues ...
SignedObject: SignedObject is used for storing runtime objects whose integrity cannot be compromised without being detected. SignedObject contains a java.io.Serializable object which is yet to be signed and a digital signature of that object. The signed copy is a "deep copy" (in serialized form) of an original object. Any changes to that original instance are not reflected in the enclosed copy inside this SignedObject . Several things to note are that, first there is no need to initialize the signature engine as this class will handle that automatically. Second, verification will only succeed if the public key ...
PermissionCollection: This class models a group of Java permissions. It has convenient methods for determining whether or not a given permission is implied by any of the permissions in this collection. Some care must be taken in storing permissions. First, a collection of the appropriate type must be created. This is done by calling the newPermissionCollection method on an object of the permission class you wish to add to the collection. If this method returns null , any type of PermissionCollection can be used to store permissions of that type. However, if a PermissionCollection collection object is returned, that ...
Signature: Signature is used to provide an interface to digital signature algorithms. Digital signatures provide authentication and data integrity of digital data. The GNU provider provides the NIST standard DSA which uses DSA and SHA-1. It can be specified by SHA/DSA, SHA-1/DSA or its OID. If the RSA signature algorithm is provided then it could be MD2/RSA. MD5/RSA, or SHA-1/RSA. The algorithm must be specified because there is no default. Signature provides implementation-independent algorithms which are requested by the user through the getInstance() methods. It can be requested by specifying just the ...
PKIXCertPathChecker: A validator for X.509 certificates when approving certificate chains. Concrete subclasses can be passed to the PKIXParameters.setCertPathCheckers(java.util.List) 55 and PKIXParameters.addCertPathChecker(java.security.cert.PKIXCertPathChecker) 55 methods, which are then used to set up PKIX certificate chain builders or validators. These classes then call the check(java.security.cert.Certificate,java.util.Collection) 55 method of this class, performing whatever checks on the certificate, throwing an exception if any check fails. Subclasses of this must be able to perform their checks in the backward ...
X509Extension: Public interface for the X.509 Extension. This is used for X.509 v3 Certificates and CRL v2 (Certificate Revocation Lists) for managing attributes assoicated with Certificates, for managing the hierarchy of certificates, and for managing the distribution of CRL. This extension format is used to define private extensions. Each extensions for a certificate or CRL must be marked either critical or non-critical. If the certificate/CRL system encounters a critical extension not recognized then it must reject the certificate. A non-critical extension may be just ignored if not recognized. The ASN.1 definition ...
Permission: This class is the abstract superclass of all classes that implement the concept of a permission. A permission consists of a permission name and optionally a list of actions that relate to the permission. The actual meaning of the name of the permission is defined only in the context of a subclass. It may name a resource to which access permissions are granted (for example, the name of a file) or it might represent something else entirely. Similarly, the action list only has meaning within the context of a subclass. Some permission names may have no actions associated with them. That is, you either ...
KeyStore: Keystore represents an in-memory collection of keys and certificates. There are two types of entries: Key Entry This type of keystore entry store sensitive crytographic key information in a protected format.Typically this is a secret key or a private key with a certificate chain. Trusted Ceritificate Entry This type of keystore entry contains a single public key certificate belonging to annother entity. It is called trusted because the keystore owner trusts that the certificates belongs to the subject (owner) of the certificate. Entries in a key store are referred to by their "alias": a simple ...
Acl: A Java access control list (ACL) is a group of individual ACL entries. These entries consist of a Principal and a list of permissions this Principal is either granted or denied. A given Principal can have at most one positive ACL entry (i.e., one that grants permissions) and one negative ACL entry (i.e., one that denies permissions). If a given permission is both granted and denied, the ACL treats it as if it were never granted or denied. If both a Principal and a Group to which the Principal belongs have an ACL entry, the permissions for the individual Principal take precedence over the permissions ...
X509CRLEntry: Abstract class for entries in the CRL (Certificate Revocation List). The ASN.1 definition for revokedCertificates is revokedCertificates SEQUENCE OF SEQUENCE { userCertificate CertificateSerialNumber, revocationDate Time, crlEntryExtensions Extensions OPTIONAL -- if present, shall be v2 } OPTIONAL, CertificateSerialNumber ::= INTEGER Time ::= CHOICE { utcTime UTCTime, generalTime GeneralizedTime } Extensions ::= SEQUENCE SIZE (1..MAX) OF Extension Extension ::= SEQUENCE { extnID OBJECT IDENTIFIER, critical BOOLEAN DEFAULT FALSE, extnValue OCTET STRING } For more information consult rfc2459.
X509CertSelector: A concrete implementation of CertSelector for X.509 certificates, which allows a number of criteria to be set when accepting certificates, from validity dates, to issuer and subject distinguished names, to some of the various X.509 extensions. Use of this class requires extensive knowledge of the Internet Engineering Task Force's Public Key Infrastructure (X.509). The primary document describing this standard is RFC 3280: Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile . Note that this class is not thread-safe. If multiple threads will use or modify ...
CertPathValidator: Generic interface to classes that validate certificate paths. Using this class is similar to all the provider-based security classes; the method of interest, validate(java.security.cert.CertPath,java.security.cert.CertPathParameters) 55 , which takes provider-specific implementations of CertPathParameters , and return provider-specific implementations of CertPathValidatorResult .
BasicPermission: This class implements a simple model for named permissions without an associated action list. That is, either the named permission is granted or it is not. It also supports trailing wildcards to allow the easy granting of permissions in a hierarchical fashion. (For example, the name "org.gnu.*" might grant all permissions under the "org.gnu" permissions hierarchy). The only valid wildcard character is a '*' which matches anything. It must be the rightmost element in the permission name and must follow a '.' or else the Permission name must consist of only a '*'. Any other occurrence of a '*' is ...
IdentityScope: IdentityScope represents a scope of an identity. IdentityScope is also an Identity and can have a name and scope along with the other qualitites identities possess. An IdentityScope contains other Identity objects. All Identity objects are manipulated in the scope the same way. The scope is supposed to apply different scope to different type of Identities. No identity within the same scope can have the same public key.
Identity: The Identity class is used to represent people and companies that can be authenticated using public key encryption. The identities can also be abstract objects such as smart cards. Identity objects store a name and public key for each identity. The names cannot be changed and the identities can be scoped. Each identity (name and public key) within a scope are unique to that scope. Each identity has a set of ceritificates which all specify the same public key, but not necessarily the same name. The Identity class can be subclassed to allow additional information to be attached to it.
Certificate: The Certificate class is an abstract class used to manage identity certificates. An identity certificate is a combination of a principal and a public key which is certified by another principal. This is the puprose of Certificate Authorities (CA). This class is used to manage different types of certificates but have important common puposes. Different types of certificates like X.509 and OpenPGP share general certificate functions (like encoding and verifying) and information like public keys. X.509, OpenPGP, and SDSI can be implemented by subclassing this class even though they differ in storage ...
ProtectionDomain: This class represents a group of classes, along with their granted permissions. The classes are identified by a CodeSource . Thus, any class loaded from the specified CodeSource is treated as part of this domain. The set of permissions is represented by an instance of PermissionCollection . Every class in the system will belong to one and only one ProtectionDomain .
VMSecureRandom: VM-specific methods for generating real (or almost real) random seeds. VM implementors should write a version of this class that reads random bytes from some system source. The default implementation of this class runs eight threads that increment counters in a tight loop, and XORs each counter to produce one byte of seed data. This is not very efficient, and is not guaranteed to be random (the thread scheduler is probably deterministic, after all). If possible, VM implementors should reimplement this class so it obtains a random seed from a system facility, such as a system entropy gathering device ...
CertPathValidatorResult: Interface to the result of calling CertPathValidator.validate(java.security.cert.CertPath,java.security.cert.CertPathParameters) 55 . This interface defines no methods other than the required java.lang.Cloneable interface, and is intended to group and provide type safety for validator results. Providers that implement a certificate path validator must also provide an implementation of this interface, possibly defining additional methods.
KeyFactorySpi: KeyFactorySpi is the Service Provider Interface (SPI) for the KeyFactory class. This is the interface for providers to supply to implement a key factory for an algorithm. Key factories are used to convert keys (opaque cryptographic keys of type Key) into key specifications (transparent representations of the underlying key material). Key factories are bi-directional. They allow a key class to be converted into a key specification (key material) and back again. For example DSA public keys can be specified as DSAPublicKeySpec or X509EncodedKeySpec. The key factory translate these key specifications ...
CertPath: This class represents an immutable sequence, or path, of security certificates. The path type must match the type of each certificate in the path, or in other words, for all instances of cert in a certpath object, cert.getType().equals(certpath.getType()) will return true. Since this class is immutable, it is thread-safe. During serialization, the path is consolidated into a CertPath.CertPathRep , which preserves the data regardless of the underlying implementation of the path.
AccessController: Access control context and permission checker. Can check permissions in the access control context of the current thread through the checkPermission() method. Manipulates the access control context for code that needs to be executed the protection domain of the calling class (by explicitly ignoring the context of the calling code) in the doPrivileged() methods. And provides a getContext() method which gives the access control context of the current thread that can be used for checking permissions at a later time and/or in another thread.

Home | Contact Us | Privacy Policy | Terms of Service