The SignedObject Class The Signature Class
12.2 Signed Classes
One of the primary applications of digital signatures in Java is to create and verify signed classes. Signed classes allow the expansion of Javas sandbox in two ways: The policy file can insist that classes coming from a particular site be signed by a particular entity before the access controller will grant that particular set of permissions. In the policy file, such an entry contains a signedBy directive: grant signedBy sdo, codeBase http:piccolo.East.Sun.COM { java.io.FilePermission −, read,write; } This entry allows classes that are loaded from piccolo.East.Sun.COM to read and write any local files under the current directory only if the classes have been signed by sdo . • The security manager can cooperate with the class loader in order to determine whether or not a particular class is signed; the security manager is then free to grant permissions to that class based on its own internal policy. However, while this was an important technique in Java 1.1, it is rarely used in Java 2. • We talked about these operations throughout this book; in this section, well fill in the last details about how the digital signatures are created and verified. There are three necessary ingredients to expand the Java sandbox with signed classes: A method to create the signed class. The jarsigner utility is used for this. • A class loader that knows how to understand the digital signature associated with the class. The URLClassLoader class knows how to do this, but well show an example of how to do that for a custom class loader as well. • A security manager or access controller that grants the desired permissions based on the digital signature. The access controller will do this for us; well show how the security manager might do this directly in Appendix D. •12.2.1 The jarsigner Tool
Signed jar files are managed with jarsigner . jarsigner uses the information in a keystore to look up information about a particular entity and uses that information either to sign or to verify a jar file. As we discussed in Chapter 10, the keystore that jarsigner uses is subject to the KeyStore class that has been installed into the virtual machine; if you have your own keystore implementation, jarsigner will be able to use it. Similarly, if you use the standard keystore implementation but hold the keys in a file other than the default .keystore file, jarsigner will allow you to use that other file as well. A signed jar file is identical to a standard jar file except that a signed jar file contains two additional entries: SIGNER.SF A file containing an SHA message digest for each class file in the archive. The digest is calculated from the three lines in the manifest for the class file. The base of this name SIGNER varies; it is typically based upon the alias of the keystore entry used to sign the archive. 230 SIGNER.DSA A file containing the digital signature of the .SF file. The base of this name matches the first part of the .SF file; the extension is the algorithm used to generate the signature. This file also contains the certificate of the entity that signed the archive. The algorithm used to generate the signature depends upon the type of the key found in the keystore: if the key is an X509 DSA key, a DSA signature will be generated. If the key is an RSA key, an RSA signature will be generated. These entries are held in the META−INF directory of the jar file.12.2.1.1 Creating a signed jar file
The simplest command to sign a jar file is: piccolo jarsigner xyz.jar sdo This command takes the existing jar file xyz.jar and signs it using the private key of the given alias sdo . The private key is obtained by searching for the given alias from the default keystore HOME.keystore. The signature files in this example will be named SDO.SF and SDO.DSA and will be added to the existing jar file. A jar file can be signed by any number of entities simply by executing this command multiple times with different aliases. Each act of signing the jar file creates a new set of .SF and .DSA or .RSA files in the archive. A number of options can be used in conjunction with this command: −keystore keystore Specify the file that should be used as the keystore. −storepass storepass Specify the global password that should be used to open the keystore. If this value is not provided, you will be prompted for it which, as always, is the more secure way to enter a password. −storetype storetype The algorithm type of the keystore e.g., JCEKS. −keypass password Specify the password for the key entry of the given alias. If this value is not provided, you will be prompted for it. −sigfile file Specify the base name to be used for the .SF and .DSA.RSA files. The default for this value is the alias specified on the command line translated to all uppercase letters e.g., SDO for the example above. If the alias name has more than eight letters, only the first eight letters are used. The file argument in this option can only contain uppercase letters, the digits 0−9, and an underscore; it must contain eight or fewer letters.Parts
» OReilly.Java.Security 2nd Edition
» What Is Security? Java Application Security
» The Java 2 Platform Software Used in This Book
» The Java Cryptography Extension
» The Java Secure Sockets Extension The Java Authentication and Authorization Service
» Applets, Applications, and Programs Anatomy of a Java Program
» Security Debugging Java Application Security
» Summary Java Application Security
» Elements of the Java Sandbox
» Permissions The Default Sandbox
» Keystores The Default Sandbox
» Code Sources The Default Sandbox
» Managing policy codebases The policytool
» Managing permissions The policytool
» Permissions Outside of Policy Files
» Comparison with Previous Releases
» Object Serialization and Memory Integrity
» Compiler Enforcement Enforcement of the Java Language Rules
» Inside the bytecode verifier
» Delayed bytecode verification The Bytecode Verifier
» Runtime Enforcement Enforcement of the Java Language Rules
» Controlling Bytecode Verification Comparisons with Previous Releases
» Summary Java Language Security
» Security Managers and the Java API
» Operating on the Security Manager
» Methods Relating to File Access
» Methods Relating to Network Access
» Methods Protecting the Java Virtual Machine
» Methods Protecting Program Threads
» Methods Protecting System Resources
» Methods Protecting Security Aspects
» System access Differences in the Security Manager Class
» Thread access Differences in the Security Manager Class
» Security access Differences in the Security Manager Class
» Summary The Security Manager
» The CodeSource Class The Access Controller
» The Permission Class Permissions
» The BasicPermission Class Permissions
» The Permissions Class Permissions
» Protection Domains The Access Controller
» Access Control Contexts The AccessController Class
» Guarded Objects The Access Controller
» Summary The Access Controller
» The Class Loader and Namespaces
» Class Loading Architecture Java Class Loaders
» Class Loader Classes Implementing a Class Loader
» The loadClass method Key Methods of the Class Loader
» The findClass method Key Methods of the Class Loader
» The defineClass methods Key Methods of the Class Loader
» Responsibilities of the Class Loader
» Step 1: Optionally call the checkPackageAccess method
» Step 2: Use the previously−defined class, if available
» Step 3: Defer class loading to the parent
» Step 4: Optionally call the checkPackageDefinition method
» Step 5: Read in the class bytes
» Step 6: Create the appropriate protection domain
» Steps 7−8: Define the class, verify it, and resolve it
» Using the SecureClassLoader Class
» Other Class Loaders Implementing a Class Loader
» Delegation Miscellaneous Class Loading Topics
» Loading Resources Miscellaneous Class Loading Topics
» Loading Libraries Miscellaneous Class Loading Topics
» Author Authentication The Need for Authentication
» Data Authentication The Need for Authentication
» Javas Role in Authentication
» Cryptographic Keys Cryptographic Engines
» Message Digests Cryptographic Engines
» Digital Signatures Cryptographic Engines
» Encryption Engines Cryptographic Engines
» Summary Introduction to Cryptography
» Components of the Architecture
» Choosing a Security Provider
» Implementing the Provider Class
» The Security Class and the Security Manager
» The Architecture of Engine Classes
» Diffie−Hellman keys Asymmetric Keys
» The KeyPair class Asymmetric Keys
» Using the KeyPairGenerator class
» Generating DSA keys The KeyPairGenerator Class
» Implementing a Key Pair Generator
» Using the KeyGenerator class
» Implementing a KeyGenerator class
» The SecretKeyFactory Class Key Factories
» Existing key specification classes
» The Certificate Class Certificates
» The CertificateFactory Class Certificates
» Advanced X509Certificate Methods
» Keys, Certificates, and Object Serialization
» Comparison with Previous Releases Summary
» Key Management Terms Key Management
» Generating a Certificate Request
» Importing a Certificate The keytool
» Creating a Certificate Entry
» Modifying Keystore Entries The keytool
» Deleting Keystore Entries The keytool
» Examining Keystore Data The keytool
» Miscellaneous Commands The keytool
» Using Certificates from Netscape
» Principals The KeyStore Class
» Secret Key Distribution Secret Key Management
» Secret Key Agreement Secret Key Management
» Using the Message Digest Class
» The Mac Class Secure Message Digests
» The DigestOutputStream Class Message Digest Streams
» The DigestInputStream Class Message Digest Streams
» The SignedObject Class The Signature Class
» Signing and Certificates The Signature Class
» Implementing a Signature Class
» Using the Cipher Class for EncryptionDecryption
» Initialization of a PBEWithMD5AndDES Cipher
» Using the Cipher Class for Key Wrapping
» Implementing the Cipher Class
» The CipherOutputStream Class Cipher Streams
» The CipherInputStream Class Cipher Streams
» Sealed Objects Cipher−Based Encryption
» Keystores and Truststores An Overview of SSL and JSSE
» JSSE Certificates An Overview of SSL and JSSE
» JSSE Socket Factories An Overview of SSL and JSSE
» SSL Server Sockets SSL Client and Server Sockets
» SSL Sockets SSL Client and Server Sockets
» Choosing an SSL Cipher Suite
» SSL Handshaking Miscellaneous SSL Issues
» JSSE Permissions Miscellaneous SSL Issues
» Verifying HTTPS Hosts The HTTPS Protocol Handler
» HTTPS Properties The HTTPS Protocol Handler
» Debugging JSSE SSL and HTTPS
» JAAS Overview Authentication and Authorization
» The LoginContext class The JAAS Setup Code
» The Subject class The JAAS Setup Code
» Login control flags Configuring Login Modules
» Sample login modules Configuring Login Modules
» Running the Example Simple JAAS Administration
» The name callback JAAS Callbacks
» The password callback JAAS Callbacks
» The choice callback JAAS Callbacks
» The confirmation callback JAAS Callbacks
» The language callback JAAS Callbacks
» ClientServer Authentication Advanced JAAS Topics
» Groups and Roles Advanced JAAS Topics
Show more