Implementing The Provider
The Java Crypto API is a provider-based framework that provides a partial functionality (Certificate Management, Digital Signing) and is independent of algorithms, and there exist providers that implement the algorithm. The term "provider" refers to a package (or a set of packages) that supplies a concrete implementation of a subset of the cryptography aspects. In our implementation, package jace1.* (short for "Java Attribute Certificate Extension") contains classes that extend classes from package sun.security.X509.*:
- IMPCS, the master class for our provider (extends class Provider).
- X509RoleAssignmentCertificate (extends class Certificate).
- X509RAACCertImpl (extends X509RoleAssignmentCertificate).
- X509RAACCertInfo (extends X509CertInfo).
- X509RAACFactory (extends X509Factory).
Package jace1.* also contains Holder, see Listings One(a) and One(b); and AttributeAC, Listings Two(a) and Two(b); which are classes that correspond to fields Holder and Attribute. Class X509RAACCertInfo contains methods for encoding AC fields into an output stream and parsing AC fields from an input stream. In all classes, encoding in an output stream has been achieved using Distinguished Encoding Rules (DER). Bytes that contain encoded fields are preceded by DerTag, which denotes if it is INTEGER, STRING, SEQUENCE, and so on.
(a) package jace1; import sun.security.x509.*; public class HolderAttrCert { private CertificateIssuerName issuer; private SerialNumber serNumber; public HolderAttrCert(X500Name name, SerialNumber num) { issuer = new CertificateIssuerName(name); serNumber = num; } public CertificateIssuerName getIssuer(){ return issuer; } public SerialNumber getSerNumber(){ return serNumber; } } (b) package jace1; import java.io.IOException; import java.io.InputStream; import java.math.BigInteger; import sun.security.util.*; import sun.security.x509.*; public class Holder { private HolderAttrCert holding; // Construct the class from the DerValue private void construct(DerValue derVal) throws IOException { parse(derVal); if (derVal.data.available() != 0) { throw new IOException("Excess Holder data"); } } public Holder(X500Name name, SerialNumber serNumber) { holding = new HolderAttrCert(name, serNumber); } public Holder(DerInputStream in) throws IOException { DerValue derVal = in.getDerValue(); construct(derVal); } public Holder(DerValue val) throws IOException { construct(val); } public Holder(InputStream in) throws IOException { DerValue derVal = new DerValue(in); construct(derVal); } public void encode(DerOutputStream out) throws IOException { DerOutputStream tmp = new DerOutputStream (); holding.getIssuer().encode(tmp); holding.getSerNumber().encode(tmp); out.write (DerValue.tag_Sequence, tmp); } public HolderAttrCert getHolderAttrCert() { return holding; } private void parse (DerValue val) throws IOException { DerValue seq [] = new DerValue [2]; seq [0] = val.data.getDerValue (); seq [1] = val.data.getDerValue (); X500Name issuer = new X500Name(seq [0]); SerialNumber serNumber = new SerialNumber(seq[1]); holding = new HolderAttrCert(issuer, serNumber); } }
(a) package jace1; import sun.security.util.ObjectIdentifier; public class AttributeInAttrCert { private ObjectIdentifier oi; private String value; public AttributeInAttrCert(ObjectIdentifier oId, String aValue) { oi = oId; value = aValue; } public ObjectIdentifier getObjectIdentifier(){ return oi; } public String getValue(){ return value; } } (b) package jace1; import java.io.IOException; import java.io.InputStream; import java.math.BigInteger; import sun.security.util.*; import sun.security.x509.*; public class AttributeAC { private AttributeInAttrCert attribute; // Construct the class from the DerValue private void construct(DerValue derVal) throws IOException { parse(derVal); if (derVal.data.available() != 0) { throw new IOException("Excess Holder data"); } } public AttributeAC(ObjectIdentifier oi, String value) { attribute = new AttributeInAttrCert(oi, value); } public AttributeAC(DerInputStream in) throws IOException { DerValue derVal = in.getDerValue(); construct(derVal); } public AttributeAC(DerValue val) throws IOException { construct(val); } public AttributeAC(InputStream in) throws IOException { DerValue derVal = new DerValue(in); construct(derVal); } public void encode(DerOutputStream out) throws IOException { DerOutputStream tmp = new DerOutputStream (); tmp.putOID(attribute.getObjectIdentifier()); tmp.putPrintableString(attribute.getValue()); out.write(DerValue.tag_Sequence, tmp); } public AttributeInAttrCert getAttributeInAttrCert() { return attribute; } private void parse (DerValue val) throws IOException { DerValue seq [] = new DerValue [2]; seq [0] = val.data.getDerValue (); seq [1] = val.data.getDerValue (); ObjectIdentifier oi = (seq [0]).getOID(); String value = seq[1].getPrintableString(); attribute = new AttributeInAttrCert(oi, value); } }