Summary

  

While the providers in the keytool and jarsigner utility can be rewritten at the SPI layer, great care must be taken to understand exactly which engine classes need to be overridden. The keytool utility obviously implements the KeyStore engine class with the algorithm that is set as the default type, or a different storetype is specified in the command line.

If the default is not used, a different provider's implementation should be fully tested . However, since it has to support all the functionality of the KeyStoreSpi , it will most likely work. Algorithms are also very specific to the keytool utility; it supports the DSA and RSA keying mechanisms. Because the keytool only supports these algorithms, there could be checks to ensure that the only the RSA or DSA is specified, and creating a different algorithm through a provider and passing in different algorithm types could cause problems in the keytool operation.

Re-implementing the keytool and jarsigner does not become a difficult task with the JDK 1.4 because most of the inner workings are just a combination of engine classes. To re-implement the keytool , obviously one uses the KeyStore in the implementation of the JavaKeyStore. Also, one would implement the Signature and MessageDigest engine classes, which would be implemented using their respective algorithms, such as DSA and MD5.

When you know that most of the engine classes are decoupled and the keytool is simply a matter of combining a set of engine classes, it becomes a matter of connecting interfaces to build a key store or jarsigner . These tools require nothing beyond the basic building blocks that are used to manage keys in code. These building blocks, the engine classes, make it easy for an organization to develop its own keytool or provider interface without breaking anything that is built using the standard JDK 1.4 security classes.

  


Java Security Solutions
Java Security Solutions
ISBN: 0764549286
EAN: 2147483647
Year: 2001
Pages: 222

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net