Cover image for Java Security, 2nd Edition

Book description

One of Java's most striking claims is that it provides a secure programming environment. Yet despite endless discussion, few people understand precisely what Java's claims mean and how it backs up those claims. If you're a developer, network administrator or anyone else who must understand or work with Java's security mechanisms, Java Security is the in-depth exploration you need. Java Security, 2nd Edition, focuses on the basic platform features of Java that provide security--the class loader, the bytecode verifier, and the security manager--and recent additions to Java that enhance this security model: digital signatures, security providers, and the access controller. The book covers the security model of Java 2, Version 1.3, which is significantly different from that of Java 1.1. It has extensive coverage of the two new important security APIs: JAAS (Java Authentication and Authorization Service) and JSSE (Java Secure Sockets Extension). Java Security, 2nd Edition, will give you a clear understanding of the architecture of Java's security model and how to use that model in both programming and administration. The book is intended primarily for programmers who want to write secure Java applications. However, it is also an excellent resource for system and network administrators who are interested in Java security, particularly those who are interested in assessing the risk of using Java and need to understand how the security model works in order to assess whether or not Java meets their security needs.

Table of Contents

  1. Java Security, 2nd Edition
    1. Preface
      1. Who Should Read This Book?
      2. Versions Used in This Book
      3. Conventions Used in This Book
        1. Command Conventions
        2. Code Conventions
      4. Organization of This Book
      5. What’s New in This Edition
      6. How to Contact Us
      7. Acknowledgments
      8. Feedback for the Author
    2. 1. Java Application Security
      1. What Is Security?
      2. Software Used in This Book
        1. The Java 2 Platform
        2. The Java Cryptography Extension
        3. The Java Secure Sockets Extension
        4. The Java Authentication and Authorization Service
        5. More About Export Controls
        6. Other Software Versions
      3. The Java Sandbox
        1. Applets, Applications, and Programs
        2. Anatomy of a Java Program
      4. Security Debugging
      5. Summary
    3. 2. The Default Sandbox
      1. Elements of the Java Sandbox
      2. Permissions
        1. File Permissions
        2. Socket Permissions
        3. Property Permissions
        4. Runtime Permissions
        5. AWT Permissions
        6. Net Permissions
        7. Security Permissions
        8. Serializable Permissions
        9. Reflection Permissions
        10. All Permissions
      3. Keystores
      4. Code Sources
      5. Policy Files
        1. The policytool
          1. Managing policy codebases
          2. Managing permissions
        2. Permissions Outside of Policy Files
      6. The Default Sandbox
        1. The Default Policy File
      7. The java.security File
      8. Comparison with Previous Releases
      9. Summary
    4. 3. Java Language Security
      1. Java Language Security Constructs
        1. Object Serialization and Memory Integrity
      2. Enforcement of the Java Language Rules
        1. Compiler Enforcement
        2. The Bytecode Verifier
          1. Inside the bytecode verifier
          2. Delayed bytecode verification
        3. Runtime Enforcement
      3. Comparisons with Previous Releases
        1. Controlling Bytecode Verification
      4. Summary
    5. 4. The Security Manager
      1. Overview of the Security Manager
        1. Security Managers and the Java API
      2. Operating on the Security Manager
      3. Methods of the Security Manager
        1. Methods Relating to File Access
        2. Methods Relating to Network Access
        3. Methods Protecting the Java Virtual Machine
        4. Methods Protecting Program Threads
        5. Methods Protecting System Resources
        6. Methods Protecting Security Aspects
      4. Comparison with Previous Releases
        1. Trusted and Untrusted Classes
        2. Differences in the Security Manager Class
          1. File access
          2. Network access
          3. System access
          4. Thread access
          5. Security access
      5. Summary
    6. 5. The Access Controller
      1. The CodeSource Class
      2. Permissions
        1. The Permission Class
        2. Using the Permission Class
        3. The BasicPermission Class
        4. Permission Collections
        5. The Permissions Class
      3. The Policy Class
        1. Installing a Policy Class
      4. Protection Domains
      5. The AccessController Class
        1. Access Control Contexts
      6. Guarded Objects
      7. Comparison with Previous Releases
      8. Summary
    7. 6. Java Class Loaders
      1. The Class Loader and Namespaces
      2. Class Loading Architecture
      3. Implementing a Class Loader
        1. Class Loader Classes
        2. Key Methods of the Class Loader
          1. The loadClass( ) method
          2. The findClass( ) method
          3. The defineClass( ) methods
        3. Responsibilities of the Class Loader
        4. Using the URL Class Loader
          1. Step 1: Optionally call the checkPackageAccess( ) method
          2. Step 2: Use the previously-defined class, if available
          3. Step 3: Defer class loading to the parent
          4. Step 4: Optionally call the checkPackageDefinition( ) method
          5. Step 5: Read in the class bytes
          6. Step 6: Create the appropriate protection domain
          7. Steps 7-8: Define the class, verify it, and resolve it
        5. Using the SecureClassLoader Class
        6. Other Class Loaders
      4. Miscellaneous Class Loading Topics
        1. Delegation
        2. Loading Resources
        3. Loading Libraries
      5. Comparison with Previous Releases
      6. Summary
    8. 7. Introduction to Cryptography
      1. The Need for Authentication
        1. Author Authentication
        2. Data Authentication
        3. Java’s Role in Authentication
      2. The Role of Authentication
      3. Cryptographic Engines
        1. Cryptographic Keys
        2. Message Digests
        3. Digital Signatures
        4. Encryption Engines
      4. Summary
    9. 8. Security Providers
      1. The Architecture of Security Providers
        1. Components of the Architecture
        2. Choosing a Security Provider
      2. The Provider Class
        1. Using the Provider Class
        2. Implementing the Provider Class
        3. Deploying the Provider Class
      3. The Security Class
        1. The Security Class and the Security Manager
      4. The Architecture of Engine Classes
      5. Comparison with Previous Releases
      6. Summary
    10. 9. Keys and Certificates
      1. Keys
        1. The Key Interface
        2. Asymmetric Keys
          1. DSA keys
          2. RSA keys
          3. Diffie-Hellman keys
          4. The KeyPair class
        3. Symmetric Keys
      2. Generating Keys
        1. The KeyPairGenerator Class
          1. Using the KeyPairGenerator class
          2. Generating DSA keys
        2. Implementing a Key Pair Generator
        3. The KeyGenerator Class
          1. Using the KeyGenerator class
          2. Implementing a KeyGenerator class
      3. Key Factories
        1. The KeyFactory Class
          1. Using the KeyFactory class
          2. Implementing a key factory
        2. The SecretKeyFactory Class
        3. Key Specifications
          1. The EncodedKeySpec class
          2. The AlgorithmParameterSpec interface
        4. A Key Factory Example
          1. Existing key specification classes
      4. Certificates
        1. The Certificate Class
        2. The CertificateFactory Class
        3. The X509Certificate Class
        4. Advanced X509Certificate Methods
        5. Revoked Certificates
      5. Keys, Certificates, and Object Serialization
      6. Comparison with Previous Releases
      7. Summary
    11. 10. Key Management
      1. Key Management Terms
      2. The keytool
        1. Global Options to keytool
        2. Creating a Key Entry
        3. Generating a Certificate Request
        4. Importing a Certificate
        5. Creating a Certificate Entry
        6. Modifying Keystore Entries
        7. Deleting Keystore Entries
        8. Examining Keystore Data
        9. Miscellaneous Commands
        10. Using Certificates from Netscape
      3. The Key Management API
        1. Principals
        2. The KeyStore Class
      4. A Key Management Example
        1. Installing a KeyStore Class
      5. Secret Key Management
        1. Secret Key Distribution
        2. Secret Key Agreement
      6. Comparison with Previous Releases
      7. Summary
    12. 11. Message Digests
      1. Using the Message Digest Class
      2. Secure Message Digests
        1. The Mac Class
        2. Calculating Your Own MAC
      3. Message Digest Streams
        1. The DigestOutputStream Class
        2. The DigestInputStream Class
      4. Implementing a MessageDigest Class
        1. The MacSpi Class
      5. Comparison with Previous Releases
      6. Summary
    13. 12. Digital Signatures
      1. The Signature Class
        1. Using the Signature Class
        2. The SignedObject Class
        3. Signing and Certificates
      2. Signed Classes
        1. The jarsigner Tool
          1. Creating a signed jar file
          2. Verifying a jar file
        2. Reading Signed Jar Files
      3. Implementing a Signature Class
      4. Comparison with Previous Releases
      5. Summary
    14. 13. Cipher-Based Encryption
      1. The Cipher Engine
        1. Using the Cipher Class for Encryption/Decryption
        2. Performing Your Own Padding
        3. Initialization of a PBEWithMD5AndDES Cipher
        4. Using the Cipher Class for Key Wrapping
        5. Implementing the Cipher Class
      2. Cipher Streams
        1. The CipherOutputStream Class
        2. The CipherInputStream Class
      3. Sealed Objects
      4. Comparison with Previous Releases
      5. Summary
    15. 14. SSL and HTTPS
      1. An Overview of SSL and JSSE
        1. Keystores and Truststores
        2. JSSE Certificates
        3. JSSE Socket Factories
      2. SSL Client and Server Sockets
        1. SSL Server Sockets
        2. SSL Sockets
      3. SSL Sessions
      4. SSL Contexts and Key Managers
        1. Working with Key Managers
        2. Working with Trust Managers
      5. Miscellaneous SSL Issues
        1. SSL Proxies
        2. Client-Side Authentication
        3. Choosing an SSL Cipher Suite
        4. SSL Handshaking
        5. JSSE Permissions
      6. The HTTPS Protocol Handler
        1. Verifying HTTPS Hosts
        2. HTTPS Properties
      7. Debugging JSSE
      8. Summary
    16. 15. Authentication and Authorization
      1. JAAS Overview
      2. Simple JAAS programming
        1. The JAAS Setup Code
          1. The LoginContext class
          2. The Subject class
        2. The JAAS User-Specific Code
      3. Simple JAAS Administration
        1. Configuring Login Modules
          1. Login control flags
          2. Sample login modules
        2. Writing Policy Files
          1. Writing JAAS policy files
          2. Writing standard policy files
        3. Running the Example
      4. Advanced JAAS Topics
        1. JAAS Callbacks
          1. The name callback
          2. The password callback
          3. The text input callback
          4. The text output callback
          5. The choice callback
          6. The confirmation callback
          7. The language callback
        2. Writing a Login Module
        3. The JAAS Policy Class
        4. Administering a JAAS Policy
        5. Client/Server Authentication
        6. Groups and Roles
      5. Summary
    17. A. The java.security File
    18. B. Security Resources
      1. Security Bugs
        1. Java Security Bugs
        2. Tracking Security Bugs
      2. Third-Party Security Providers
      3. Security References
    19. C. Identity-Based Key Management
      1. Javakey
        1. Creating Identities and Signers
        2. Generating Keys and Certificates
        3. Exporting and Importing Credentials
        4. Signing a jar File
        5. Miscellaneous javakey Commands
      2. Identities
        1. The Identity Class
          1. Using the identity class
          2. Implementing an Identity class
          3. The Identity class and the security manager
        2. Signers
          1. Using the Signer class
          2. Implementing a signer
          3. Signers and the security manager
      3. Identity Scopes
        1. Using the IdentityScope Class
        2. Writing an Identity Scope
        3. IdentityScope and the Security Manager
      4. Key Management in an Identity Scope
        1. Implementing an Identity Class
        2. Implementing a Signer Class
        3. A Shared System Identity Scope
        4. Creating Identities
      5. Summary
    20. D. The Secure Java Container
      1. The 1.1-Based Class Loader
        1. Defining Signed Classes
      2. The 1.1-Based Security Manager
        1. Protected Methods of the Security Manager
          1. The class loader depth
          2. Protected instance variables in the security manager
        2. Implementation Techniques
          1. Implementing network access
          2. Implementing thread security
          3. Implementing the file access methods
      3. Running Secure Applications
      4. Summary
    21. E. Implementing a JCE Security Provider
    22. F. Quick Reference
      1. Package java.security
        1. Class java.security.AccessControlContext
        2. Class java.security.AccessController
        3. Class java.security.AlgorithmParameterGenerator
        4. Class java.security.AlgorithmParameter-GeneratorSpi
        5. Class java.security.AlgorithmParameters
        6. Class java.security.AlgorithmParametersSpi
        7. Class java.security.AllPermission
        8. Class java.security.BasicPermission
        9. Interface java.security.Certificate
        10. Class java.security.CodeSource
        11. Class java.security.DigestInputStream
        12. Class java.security.DigestOutputStream
        13. Interface java.security.DomainCombiner
        14. Interface java.security.Guard
        15. Class java.security.GuardedObject
        16. Class java.security.Identity
        17. Class java.security.IdentityScope
        18. Interface java.security.Key
        19. Class java.security.KeyFactory
        20. Class java.security.KeyFactorySpi
        21. Class java.security.KeyPair
        22. Class KeyPairGenerator
        23. Class KeyPairGeneratorSpi
        24. Class java.security.KeyStore
        25. Class java.security.KeyStoreSpi
        26. Class java.security.MessageDigest
        27. Class java.security.MessageDigestSpi
        28. Class java.security.Permission
        29. Class java.security.PermissionCollection
        30. Class java.security.Permissions
        31. Class java.security.Policy
        32. Interface java.security.Principal
        33. Interface java.security.PrivateKey
        34. Class java.security.ProtectionDomain
        35. Class java.security.Provider
        36. Interface java.security.PublicKey
        37. Class java.security.SecureClassLoader
        38. Class java.security.SecureRandom
        39. Class java.security.SecureRandomSpi
        40. Class java.security.Security
        41. Class java.security.SecurityPermission
        42. Class java.security.Signature
        43. Class java.security.SignatureSpi
        44. Class java.security.SignedObject
        45. Class java.security.Signer
        46. Class java.security.UnresolvedPermission
      2. Package java.security.cert
        1. Class java.security.cert.Certificate
        2. Class java.security.cert.CertificateFactory
        3. Class java.security.cert.CertificateFactorySpi
        4. Class java.security.cert.CRL
        5. Class java.security.cert.X509Certificate
        6. Class java.security.cert.X509CRL
        7. Class java.security.cert.X509CRLEntry
        8. Interface java.security.cert.X509Extension
      3. Package java.security.interfaces
        1. Interface java.security.interfaces.DSAKey
        2. Interface java.security.interfaces.DSAKeyPair-Generator
        3. Interface java.security.interfaces.DSAParams
        4. Interface java.security.interfaces.DSAPrivateKey
        5. Interface java.security.interfaces.DSAPublicKey
        6. Interface java.security.interfaces.RSAKey
        7. Interface java.security.interfaces.RSAPrivateCrtKey
        8. Interface java.security.interfaces.RSAPrivateKey
        9. Interface java.security.interfaces.RSAPublicKey
      4. Package java.security.spec
        1. Interface java.security.spec.Algorithm-ParameterSpec
        2. Class java.security.spec.DSAParameterSpec
        3. Class java.security.spec.DSAPrivateKeySpec
        4. Class java.security.spec.DSAPublicKeySpec
        5. Class java.security.spec.EncodedKeySpec
        6. Interface java.security.spec.KeySpec
        7. Class java.security.spec.PKCS8EncodedKeySpec
        8. Class java.security.spec.RSAKeyGenParameterSpec
        9. Class java.security.spec.RSAPrivateCrtKeySpec
        10. Class java.security.spec.RSAPrivateKeySpec
        11. Class java.security.spec.RSAPublicKeySpec
        12. Class java.security.spec.X509EncodedKeySpec
      5. Package javax.crypto
        1. Class javax.crypto.Cipher
        2. Class javax.crypto.CipherInputStream
        3. Class javax.crypto.CipherOutputStream
        4. Class javax.crypto.CipherSpi
        5. Class javax.crypto.ExemptionMechanism
        6. Class javax.crypto.ExemptionMechanismSpi
        7. Class javax.crypto.KeyAgreement
        8. Class javax.crypto.KeyAgreementSpi
        9. Class javax.crypto.KeyGenerator
        10. Class javax.crypto.KeyGeneratorSpi
        11. Class javax.crypto.Mac
        12. Class javax.crypto.MacSpi
        13. Class javax.crypto.NullCipher
        14. Class javax.crypto.SealedObject
        15. Interface javax.crypto.SecretKey
        16. Class javax.crypto.SecretKeyFactory
        17. Class javax.crypto.SecretKeyFactorySpi
      6. Package javax.crypto.interfaces
        1. Interface javax.crypto.interfaces.DHKey
        2. Interface javax.crypto.interfaces.DHPrivateKey
        3. Interface javax.crypto.interfaces.DHPublicKey
      7. Package javax.crypto.spec
        1. Class javax.crypto.spec.DESKeySpec
        2. Class javax.crypto.spec.DESedeKeySpec
        3. Class javax.crypto.spec.DHGenParameterSpec
        4. Class javax.crypto.spec.DHParameterSpec
        5. Class javax.crypto.spec.DHPrivateKeySpec
        6. Class javax.crypto.spec.DHPublicKeySpec
        7. Class javax.crypto.spec.IvParameterSpec
        8. Class javax.crypto.spec.PBEKeySpec
        9. Class javax.crypto.spec.PBEParameterSpec
        10. Class javax.crypto.spec.RC2ParameterSpec
        11. Class javax.crypto.spec.RC5ParameterSpec
        12. Class javax.crypto.spec.SecretKeySpec
      8. Package javax.net
        1. Class javax.net.ServerSocketFactory
        2. Class javax.net.SocketFactory
      9. Package javax.net.ssl
        1. Class javax.net.ssl.HandshakeCompletedEvent
        2. Interface javax.net.ssl.HandshakeCompleted-Listener
        3. Class javax.net.ssl.SSLServerSocket
        4. Class javax.net.ssl.SSLServerSocketFactory
        5. Interface javax.net.ssl.SSLSession
        6. Class javax.net.ssl.SSLSessionBindingEvent
        7. Interface javax.net.ssl.SSLSessionBindingListener
        8. Interface javax.net.ssl.SSLSessionContext
        9. Class javax.net.ssl.SSLSocket
        10. Class javax.net.ssl.SSLSocketFactory
      10. Package javax.security.auth
        1. Class javax.security.auth.AuthPermission
        2. Interface javax.security.auth.Destroyable
        3. Class javax.security.auth.Policy
        4. Class javax.security.auth.PrivateCredential-Permission
        5. Interface javax.security.auth.Refreshable
        6. Class javax.security.auth.Subject
        7. Class javax.security.auth.SubjectDomainCombiner
      11. Package javax.security.auth.callback
        1. Interface javax.security.auth.callback.Callback
        2. Interface javax.security.auth.callback.Callback-Handler
        3. Class javax.security.auth.callback.ChoiceCallback
        4. Class javax.security.auth.callback.Confirmation-Callback
        5. Class javax.security.auth.callback.LanguageCallback
        6. Class javax.security.auth.callback.NameCallback
        7. Class javax.security.auth.callback.Password-Callback
        8. Class javax.security.auth.callback.TextInputCallback
        9. Class javax.security.auth.callback.TextOutput-Callback
      12. Package javax.security.auth.login
        1. Class javax.security.auth.login.AppConfiguration-Entry
        2. Class javax.security.auth.login.Configuration
        3. Class javax.security.auth.login.LoginContext
      13. Package javax.security.auth.spi
        1. Interface javax.security.auth.spi.LoginModule
      14. Package javax.security.cert
        1. Class javax.security.cert.Certificate
        2. Class javax.security.cert.X509Certificate
      15. Package com.sun.net.ssl
        1. Interface com.sun.net.ssl.HostnameVerifier
        2. Class com.sun.net.ssl.HttpsURLConnection
        3. Interface com.sun.net.ssl.KeyManager
        4. Class com.sun.net.ssl.KeyManagerFactory
        5. Class com.sun.net.ssl.KeyManagerFactorySpi
        6. Class com.sun.net.ssl.SSLContext
        7. Class com.sun.net.ssl.SSLContextSpi
        8. Class com.sun.net.ssl.SSLPermission
        9. Interface com.sun.net.ssl.TrustManager
        10. Class com.sun.net.ssl.TrustManagerFactory
        11. Class com.sun.net.ssl.TrustManagerFactorySpi
        12. Interface com.sun.net.ssl.X509KeyManager
        13. Interface com.sun.net.ssl.X509TrustManager
      16. Package com.sun.security.auth
        1. Class com.sun.security.auth.NTDomainPrincipal
        2. Class com.sun.security.auth.NTNumericCredential
        3. Class com.sun.security.auth.NTSid
        4. Class com.sun.security.auth.NTSid
        5. Class com.sun.security.auth.NTSidDomainPrincipal
        6. Class com.sun.security.auth.NTSidGroupPrincipal
        7. Class com.sun.security.auth.NTSidPrimaryGroup-Principal
        8. Class com.sun.security.auth.NTSidUserPrincipal
        9. Class com.sun.security.auth.NTUserPrincipal
        10. Class com.sun.security.auth.PolicyFile
        11. Interface com.sun.security.auth.PrincipalComparator
        12. Class com.sun.security.auth.SolarisNumericGroup-Principal
        13. Class com.sun.security.auth.SolarisNumericUser-Principal
        14. Class com.sun.security.auth.SolarisPrincipal
        15. Class com.sun.security.auth.X500Principal
      17. Package com.sun.security.auth.login
        1. Class com.sun.security.auth.login.ConfigFile
      18. Package com.sun.security.auth.module
        1. Class com.sun.security.auth.module.JndiLogin-Module
        2. Class com.sun.security.auth.module.NTLoginModule
        3. Class com.sun.security.auth.module.SolarisLogin-Module
      19. Miscellaneous Packages
        1. Class java.awt.AWTPermission
        2. Class java.io.FilePermission
        3. Class java.io.SerializablePermission
        4. Class java.lang.ClassLoader
        5. Class java.lang.RuntimePermission
        6. Class java.lang.SecurityManager
        7. Class java.lang.reflect.ReflectPermission
        8. Class java.net.NetPermission
        9. Class java.net.SocketPermission
        10. Class java.net.URLClassLoader
        11. Class java.rmi.RMISecurityManager
        12. Class java.rmi.server.RMIClassLoader
        13. Class java.util.PropertyPermission
    23. Index
    24. Colophon