Channels ▼
RSS

Security

Java Cryptography & Attribute Certificate Management

Source Code Accompanies This Article. Download It Now.


Implementing The Provider

The Java Crypto API is a provider-based framework that provides a partial functionality (Certificate Management, Digital Signing) and is independent of algorithms, and there exist providers that implement the algorithm. The term "provider" refers to a package (or a set of packages) that supplies a concrete implementation of a subset of the cryptography aspects. In our implementation, package jace1.* (short for "Java Attribute Certificate Extension") contains classes that extend classes from package sun.security.X509.*:

  • IMPCS, the master class for our provider (extends class Provider).
  • X509RoleAssignmentCertificate (extends class Certificate).
  • X509RAACCertImpl (extends X509RoleAssignmentCertificate).
  • X509RAACCertInfo (extends X509CertInfo).
  • X509RAACFactory (extends X509Factory).

Package jace1.* also contains Holder, see Listings One(a) and One(b); and AttributeAC, Listings Two(a) and Two(b); which are classes that correspond to fields Holder and Attribute. Class X509RAACCertInfo contains methods for encoding AC fields into an output stream and parsing AC fields from an input stream. In all classes, encoding in an output stream has been achieved using Distinguished Encoding Rules (DER). Bytes that contain encoded fields are preceded by DerTag, which denotes if it is INTEGER, STRING, SEQUENCE, and so on.

(a)
package jace1;
import sun.security.x509.*;
public class HolderAttrCert {
     private CertificateIssuerName issuer;
     private SerialNumber serNumber;
     public  HolderAttrCert(X500Name name, SerialNumber num) {
        issuer = new CertificateIssuerName(name);
        serNumber = num;
     }
     public CertificateIssuerName getIssuer(){
        return issuer;
     }
     public SerialNumber getSerNumber(){
        return serNumber;
     }
}

(b)
package jace1;
import java.io.IOException;
import java.io.InputStream;
import java.math.BigInteger;
import sun.security.util.*;
import sun.security.x509.*;

public class Holder {
    private HolderAttrCert  holding;
    // Construct the class from the DerValue
    private void construct(DerValue derVal) throws IOException {
        parse(derVal);
        if (derVal.data.available() != 0) {
            throw new IOException("Excess Holder data");
        }
    }
    public Holder(X500Name name, SerialNumber serNumber) {
        holding = new HolderAttrCert(name, serNumber);
    }
    public Holder(DerInputStream in) throws IOException {
        DerValue derVal = in.getDerValue();
        construct(derVal);
    }
    public Holder(DerValue val) throws IOException {
        construct(val);
    }
    public Holder(InputStream in) throws IOException {
        DerValue derVal = new DerValue(in);
        construct(derVal);
    }
    public void encode(DerOutputStream out) throws IOException {
        DerOutputStream tmp = new DerOutputStream ();
        holding.getIssuer().encode(tmp);
        holding.getSerNumber().encode(tmp);

    out.write (DerValue.tag_Sequence, tmp);

    }
    public HolderAttrCert getHolderAttrCert() {
        return holding;
    }
    private void parse (DerValue val) throws IOException
    {
    DerValue seq [] = new DerValue [2];

    seq [0] = val.data.getDerValue ();
    seq [1] = val.data.getDerValue ();

    X500Name issuer = new X500Name(seq [0]);
    SerialNumber serNumber = new SerialNumber(seq[1]);

    holding = new HolderAttrCert(issuer, serNumber);
    }
}
Listing One

(a)
package jace1;
import sun.security.util.ObjectIdentifier;
public class AttributeInAttrCert {
     private ObjectIdentifier oi;
     private String  value;
     public  AttributeInAttrCert(ObjectIdentifier oId, String aValue) {
        oi = oId;
        value = aValue;
     }
     public ObjectIdentifier getObjectIdentifier(){
        return oi;
     }
     public String getValue(){
        return value;
     }
}

(b)
package jace1;

import java.io.IOException;
import java.io.InputStream;
import java.math.BigInteger;

import sun.security.util.*;
import sun.security.x509.*;
public class AttributeAC {
    private AttributeInAttrCert attribute;
    // Construct the class from the DerValue
    private void construct(DerValue derVal) throws IOException {
        parse(derVal);
        if (derVal.data.available() != 0) {
            throw new IOException("Excess Holder data");
        }
    }
    public AttributeAC(ObjectIdentifier oi, String value) {
        attribute = new AttributeInAttrCert(oi, value);
    }
    public AttributeAC(DerInputStream in) throws IOException {
        DerValue derVal = in.getDerValue();
        construct(derVal);
    }
    public AttributeAC(DerValue val) throws IOException {
        construct(val);
    }
    public AttributeAC(InputStream in) throws IOException {
        DerValue derVal = new DerValue(in);
        construct(derVal);
    }
    public void encode(DerOutputStream out) throws IOException {
        DerOutputStream tmp = new DerOutputStream ();
        tmp.putOID(attribute.getObjectIdentifier());
        tmp.putPrintableString(attribute.getValue());
        out.write(DerValue.tag_Sequence, tmp);
    }
    public AttributeInAttrCert getAttributeInAttrCert() {
        return attribute;
    }
    private void parse (DerValue val) throws IOException
    {
    DerValue seq [] = new DerValue [2];

    seq [0] = val.data.getDerValue ();
    seq [1] = val.data.getDerValue ();

    ObjectIdentifier oi = (seq [0]).getOID();
    String value = seq[1].getPrintableString();
        attribute = new AttributeInAttrCert(oi, value);

     }
}
Listing Two


Related Reading


More Insights






Currently we allow the following HTML tags in comments:

Single tags

These tags can be used alone and don't need an ending tag.

<br> Defines a single line break

<hr> Defines a horizontal line

Matching tags

These require an ending tag - e.g. <i>italic text</i>

<a> Defines an anchor

<b> Defines bold text

<big> Defines big text

<blockquote> Defines a long quotation

<caption> Defines a table caption

<cite> Defines a citation

<code> Defines computer code text

<em> Defines emphasized text

<fieldset> Defines a border around elements in a form

<h1> This is heading 1

<h2> This is heading 2

<h3> This is heading 3

<h4> This is heading 4

<h5> This is heading 5

<h6> This is heading 6

<i> Defines italic text

<p> Defines a paragraph

<pre> Defines preformatted text

<q> Defines a short quotation

<samp> Defines sample computer code text

<small> Defines small text

<span> Defines a section in a document

<s> Defines strikethrough text

<strike> Defines strikethrough text

<strong> Defines strong text

<sub> Defines subscripted text

<sup> Defines superscripted text

<u> Defines underlined text

Dr. Dobb's encourages readers to engage in spirited, healthy debate, including taking us to task. However, Dr. Dobb's moderates all comments posted to our site, and reserves the right to modify or remove any content that it determines to be derogatory, offensive, inflammatory, vulgar, irrelevant/off-topic, racist or obvious marketing or spam. Dr. Dobb's further reserves the right to disable the profile of any commenter participating in said activities.

 
Disqus Tips To upload an avatar photo, first complete your Disqus profile. | View the list of supported HTML tags you can use to style comments. | Please read our commenting policy.
 

Video