Package java.security

The java.security package contains the classes and interfaces that implement the Java security architecture. These classes can be divided into two broad categories. First, there are classes that implement access control and prevent untrusted code from performing sensitive operations. Second, there are authentication classes that implement message digests and digital signatures and can authenticate Java classes and other objects.

The central access control class is AccessController ; it uses the currently installed Policy object to decide whether a given class has Permission to access a given system resource. The Permissions and ProtectionDomain classes are also important pieces of the Java access control architecture.

The key classes for authentication are MessageDigest and Signature ; they compute and verify cryptographic message digests and digital signatures. These classes use public-key cryptography techniques and rely on the PublicKey and PrivateKey interfaces. They also rely on an infrastructure of related classes, such as SecureRandom for producing cryptographic-strength pseudorandom numbers , KeyPairGenerator for generating pairs of public and private keys, and KeyStore for managing a collection of keys and certificates. (This package defines a Certificate interface, but it is deprecated; see the java.security.cert package for the preferred Certificate class.)

The CodeSource class unites the authentication classes with the access control classes. It represents the source of a Java class as a URL and a set of java.security.cert.Certificate objects that contain the digital signatures of the code. The AccessController and Policy classes look at the CodeSource of a class when making access control decisions.

All the cryptographic-authentication features of this package are provider-based, which means they are implemented by security provider modules that can be plugged easily into any Java 1.2 (or later) installation. Thus, in addition to defining a security API, this package also defines a service provider interface (SPI). Various classes with names that end in Spi are part of this SPI. Security provider implementations must subclass these Spi classes, but applications never need to use them. Each security provider is represented by a Provider class, and the Security class allows new providers to be dynamically installed.

The java.security package contains several useful utility classes. For example, DigestInputStream and DigestOutputStream make it easy to compute message digests. GuardedObject provides customizable access control for an individual object. SignedObject protects the integrity of an arbitrary Java object by attaching a digital signature, making it easy to detect any tampering with the object. Although the java.security package contains cryptographic classes for authentication, it does not contain classes for encryption or decryption. Instead, this functionality is part of the Java Cryptography Extension or JCE which defines the javax.crypto package and its subpackages. The JCE is part of the core platform in Java 1.4 and later, and is available as a standard extension to Java 1.2 and Java 1.3.

Interfaces

 public interface  Certificate  ; public interface  DomainCombiner  ; public interface  Guard  ; public interface  Key  extends Serializable; public interface  KeyStore.Entry  ; public interface  KeyStore.LoadStoreParameter  ; public interface  KeyStore.ProtectionParameter  ; public interface  Principal  ; public interface  PrivateKey  extends Key; public interface  PrivilegedAction  <T>; public interface  PrivilegedExceptionAction  <T>; public interface  PublicKey  extends Key; 

Enumerated Types

 public enum  KeyRep.Type  ; 

Collections

 public abstract class  Provider  extends java.util.Properties;    public abstract class  AuthProvider  extends Provider; 

Other Classes

 public final class  AccessControlContext  ; public final class  AccessController  ; public class  AlgorithmParameterGenerator  ; public abstract class  AlgorithmParameterGeneratorSpi  ; public class  AlgorithmParameters  ; public abstract class  AlgorithmParametersSpi  ; public final class  CodeSigner  implements Serializable; public class  CodeSource  implements Serializable; public class  DigestInputStream  extends java.io.FilterInputStream; public class  DigestOutputStream  extends java.io.FilterOutputStream; public class  GuardedObject  implements Serializable; public abstract class  Identity  implements Principal, Serializable;    public abstract class  IdentityScope  extends Identity;    public abstract class  Signer  extends Identity; public class  KeyFactory  ; public abstract class  KeyFactorySpi  ; public final class  KeyPair  implements Serializable; public abstract class  KeyPairGeneratorSpi  ;    public abstract class  KeyPairGenerator  extends KeyPairGeneratorSpi; public class  KeyRep  implements Serializable; public class  KeyStore  ; public abstract static class  KeyStore.Builder  ; public static class  KeyStore.CallbackHandlerProtection  implements KeyStore.    ProtectionParameter; public static class  KeyStore.PasswordProtection  implements javax.security.auth.Destroyable, KeyStore.ProtectionParameter; public static final class  KeyStore.PrivateKeyEntry  implements KeyStore.Entry; public static final class  KeyStore.SecretKeyEntry  implements KeyStore.Entry; public static final class  KeyStore.TrustedCertificateEntry  implements KeyStore.    Entry; public abstract class  KeyStoreSpi  ; public abstract class  MessageDigestSpi  ;    public abstract class  MessageDigest  extends MessageDigestSpi; public abstract class  Permission  implements Guard, Serializable;    public final class  AllPermission  extends Permission;    public abstract class  BasicPermission  extends Permission implements        Serializable;       public final class  SecurityPermission  extends BasicPermission;    public final class  UnresolvedPermission  extends Permission implements        Serializable; public abstract class  PermissionCollection  implements Serializable;    public final class  Permissions  extends PermissionCollection implements        Serializable; public abstract class  Policy  ; public class  ProtectionDomain  ; public static class  Provider.Service  ; public class  SecureClassLoader  extends ClassLoader; public class  SecureRandom  extends java.util.Random; public abstract class  SecureRandomSpi  implements Serializable; public final class  Security  ; public abstract class  SignatureSpi  ;    public abstract class  Signature  extends SignatureSpi; public final class  SignedObject  implements Serializable; public final class  Timestamp  implements Serializable; 

Exceptions

 public class  AccessControlException  extends SecurityException; public class  GeneralSecurityException  extends Exception;    public class  DigestException  extends GeneralSecurityException;    public class  InvalidAlgorithmParameterException  extends     GeneralSecurityException;    public class  KeyException  extends GeneralSecurityException;       public class  InvalidKeyException  extends KeyException;       public class  KeyManagementException  extends KeyException;    public class  KeyStoreException  extends GeneralSecurityException;    public class  NoSuchAlgorithmException  extends GeneralSecurityException;    public class  NoSuchProviderException  extends GeneralSecurityException;    public class  SignatureException  extends GeneralSecurityException;    public class  UnrecoverableEntryException  extends GeneralSecurityException;    public class  UnrecoverableKeyException  extends GeneralSecurityException; public class  InvalidParameterException  extends IllegalArgumentException; public class  PrivilegedActionException  extends Exception; public class  ProviderException  extends RuntimeException;