putAlg.Alias.MessageDigest.SHA−1, SHA; } public static final synchronized void verifyForJCE { See Appendix E for more details throw new SecurityExceptionCant verify for JCE; } } The only properties a provider is required to put into its property list are the properties that match the engine name and algorithm pair with the class that implements that operation. In this example, thats handled with the first four calls to the put method but remember too that the provider can implement as few or as many operations as it wants to; it neednt implement more than a single engine with one algorithm, or it can implement dozens of enginealgorithm pairs. Note that the class name is the fully qualified package name of the class. The provider also has the opportunity to set any other properties that it wants to use. If the provider wants to set aliases as weve done with the final call to the put method, its free to do so. The last code line of our example shows the syntax to do this; it means that the string SHA−1 can be used instead of the string SHA when searching for a message digest class. A provider can set any other arbitrary properties that it wants as well. For instance, a provider class could set this property: putNativeImplementation, false; if it wanted the classes that use the provider to be able to determine if this particular XYZ implementation uses native methods. [1] It can also use the convention that certain properties are preceded with the word Alg and contain the algorithm name, like this: [1] RSA algorithms sometimes use native methods because there are existing implementations of them that are written in C and have gone through an extensive quality acceptance test that many commercial sites have a level of confidence in. However, as Java has become more widely used, this is now the exception. putAlg.NativeImplementation.XYZ, false; Theres no advantage to setting any additional properties −− nothing in the core SDK will use them. They can be set to make the classes that accompany your provider class easier to write −− for example, your XYZSignature class might want to inquire which particular providers have a native method implementation of the XYZ algorithm. Whatever information you put into your provider and how your accompanying classes use that information is a design detail that is completely up to you. The Security class will help you manage the information in these properties; this relationship to the Security class is the reason we used a string value for the NativeImplementation property rather than a Boolean value. Theres one more nonpublic method of the Provider class that is used by the security API: static Provider loadProviderString className Instantiate a provider that has as its type the given class. This method is provided mostly for convenience −− it simply loads the given class and instantiates it. However, this method also ensures that the loaded class is an instance of the Provider class. This method creates an instance of a provider. The importance of this method stems from how it performs its task: it creates the instance of the provider object by calling the newInstance method of the Class class. In order for that operation to succeed, the provider class must therefore have a default constructor −− that is, a constructor that requires no arguments. This is why in our example we provided such a constructor and had the constructor hardwire the name, version number, and information string. We could have provided an additional constructor that accepts those values as parameters, but it would never be called since the only way in which the virtual machine uses providers is to load them via this method.

8.2.3 Deploying the Provider Class

If you want to write your own provider, you must consider how that provider will be deployed. Thats because certain engines those defined wholly within JCE are required to be deployed in a special way. Although JCE is exportable, there are restrictions on how new implementations of JCE engines can be introduced. JCE enforces those restrictions by requiring that a JCE−compatible provider be deployed as a signed jar file with other special information. Hence, if you want to deploy a provider with a JCE engine, you must follow the instructions at http:java.sun.comproductsjcedocguideHowToImplAProvider.html. In simple terms, you must apply to Sun or to IBM for a special code−signing certificate. This entails submitting a request to a special certificate authority and providing that authority with hard copy documentation establishing your identity. Once you receive the certificate, you package your provider and its dependent classes as a jar file, which you sign with this certificate. There are some coding requirements for your JCE engine classes as well, which are handled in the verifyForJCE method. A valid implementation of that method requires a lot of the security classes that we havent examined yet, so weve just provided a stub here. Well discuss how to implement that method in Appendix E. There is no such restriction for deploying a security provider that implements non−JCE engines. Chapter 8 flags the engines that have such a restriction with an asterisk. Also note that JCE security providers are allowed to supply implementations for non−JCE engines; Suns JCE provider does just that when it supplies a key pair generator. You can have a mixed security provider and deploy it either as a specially−signed JCE provider or deploy it as a simple jar file or, even more simply, as a set of classes. In the latter case, the non−JCE engines will still function, and an exception will be thrown if you attempt to retrieve a JCE engine.

8.3 The Security Class

In this section, well look into how the Java VM locates the security providers we want to use. The Security class java.security.Security is responsible for managing the set of provider classes that a Java program can use and forms the last link in the architecture of the security provider. This class is final, and all its methods are static except for its constructor, which is private. Like the System and Math classes, then, the Security class can never be created or subclassed; it exists simply to provide a placeholder for methods that deal with the java.security package. Earlier, we explained how to add entries to the java.security file to add new providers to the security architecture. The same feat can be accomplished programmatically via these methods of the Security class: public static int addProviderProvider provider Add a new provider into the list of providers. The provider is added to the end of the internal array of providers. public static int insertProviderAtProvider provider, int position 132