To implement a cryptographic service, you need to create a subclass of the appropriate Service Provider Interface (SPI) class. SPI defines methods that cryptographic service providers must implement. This includes SignatureSpi, MessageDigestSpi, KeyPairGeneratorSpi, SecureRandomSpi, AlgorithmParameterGeneratorSpi, AlgorithmParametersSpi, KeyFactorySpi, CertificateFactorySpi, and KeyStoreSpi. Class X509RAACFactory extends X509Factory, which extends CertificateFactorySPI.
The IMPCS provider is added dynamically:
Security.addProvider (new jace1.IMPCS());
while the RAAC type of certificate generation from file attributeCertificate1 has these calls:
CertificateFactory cf = CertificateFactory.getInstance ("RAAC", "IMPCS"); Certificate cert = (X509RoleAssignmentCertificate) cf.generateCertificate(new File ("attributeCertificate1"));
The method Security.addProvider() in class Security.java invokes method Provider.loadProvider(name). Class java.security.Provider extends class java.util.Properties. Properties are used to find where a particular service is implemented. For example, service CertificateFactory.RAAC is implemented in jace1.X509RAACFactory.
Conclusion
In this article and the accompanying code, we present the implementation of attribute certificate functionality, which has been defined in the fourth edition of the ITU-T X509 Standard. Attribute certificates cannot be stored in default Sun's keystore because they are parsed according to PKC format before they are stored. Therefore, they should be placed in an LDAP server. Attribute Certificates could be pulled and pushed to an LDAP server using JNDI API.
DDJ