Errata

Changed "Activator" to "Plugin"

Changed the last sentence to "The information in this book is based
on the 1.2 FCS release."

For the most part, we assume that developers using this book will be
using the Java 2 platform, and our primary focus will be on the Java
Development Kit (JDK) from Sun Microsystems. However, for developers
using 1.1, we will provide full details of what's available in 1.1 and
what has changed in Java 2; in some cases, this information has changed
so radically that the information is relegated to an appendix.
Complicating all of this is that while overall there are few
differences between the 1.2 beta releases of the JDK and the Java 2
platform, many of those important differences occur in the security
APIs. Unlike the first printing of this book, which focused on the 1.2
beta 3 release, this printing covers the API as it exists only in the
Java 2 platform.

Changed "(but not often used)" to "(and are deprecated)".

sidebar, last paragraph now reads:

Beginning in 1.2 beta 3, the Launcher class was incorporated into
the virtual machine itself, but the syntax to use it changed in
the last few beta releases. In FCS, the correct syntax is:

piccolo% java -Djava.security.manager Cat /etc/passwd

2nd paragraph now reads:

... and readObject() methods. The writeObject() method is
responsible for writing out all data in the class; it typically uses
the defaultWriteObject() method to write out all non-transient data
and then its writes the transient data out in any format it desires.
Similarly, the readObject() method uses the defaultReadObject()
method to read the data and then must restore the corresponding
transient data. It's your decision how to save and reconstitute the
transient data so that its ...

3rd paragraph now reads:

The last clause of the last sentence should be
--no data can be stored or reconstituted by any default methods.

Changed "zip" to "JAR" (added to the JAR file containing...)

Changed "otherslocated" to "others located"
Change "classes.zip" to "rt.jar"

concluded added:

[Paragraph]
An instance of the URLClassLoader class may also be obtained via one of
these methods:

[ListVariableTerm]
public static URLClassLoader newInstance(URL[] urls) [filled-star dingbat]
public static URLClassLoader newInstance(URL[] urls, ClassLoader parent) [filled-star dingbat]
[ListVariable]
Create and return a URL class loader. The difference between these
methods and constructing a URL class loader directly is that
the class loader returned from these methods will call the security
manager's checkPackageAccess() method before it attempts to define a
class; this is the optional step 2 that we referred to earlier. In
1.2, only class loaders obtained in this way will perform that
optional step (unless, of course, you write your own class loader
that performs that step).

Changed the first two sentences to:

In 1.2, the URLCLassLoader class fails to handle multiple HTTP-based
URLs correctly. It is hoped that this will be fixed someday; if it
is not and ...

URLClassLoader class, the invokeClass()...").

In the last paragraph with a paragraph tag, changed "these two
new methods" to "this new method"

Changed both ListVariableTerm paragraphs by replacing them with this new
paragraph (still a ListVariableTerm format) and changed the corresponding
ListVariable paragraph to:

protected final Class defineClass(String name, byte[] buf, int offset,
int length, CodeSource cs) [filled-star dingbat]
Define a class that is associated with the given code source. If
the code source is null, this method is the equivalent of the
defineClass() method in the base ClassLoader class. We'll defer
showing an example of this method to Chapter 5, when we discuss
code source objects.

protected CodeSource getCodeSource(URL url, Object signers[])

as well as the ListVariable paragraph immediately following it. Hence, the
top of page 48 now has the continuation of the paragraph that was
changed on page 47 and then the next regular paragraph:

showing an example of this method to Chapter 5, when we discuss
code source objects.

As our first example of a class loader, ...

Changed "findLocalClass()" to "findClass()"

Changed the middle of that paragraph so that it reads:

... even in 1.2. In 1.2 if you want to make the check for package
access, you can do that by calling the checkPackageAccess() method
of the security manager in the same way that we called the
checkPackageDefinition() method, but that will only prevent you
from access classes that aren't found by the system class loader.
Alternately in 1.2, you can use the newInstance() method of the
URLClassLoader class which makes such a check, or you can override
the loadClass() method itself to provide such a check as we showed
earlier. In 1.1, of course, you ...

Changed "findLocalClass()" to "findClass()"

Changed the last sentence to begin
Note that classes loaders that are created by calling the
constructor of the URLClassLoader class do not make such a call;

... approach we've outlined above. In addition, the present
implementation of the URLClassLoader will not work with multiple
HTTP-based URLs, so for the present, you must write your own class
loader to handle that case.

Changed "findLocalClass()" to "findClass()"

public final ClassLoader getParent() [filled-star dingbat]

Immediately preceeding the HeadB header (Loading resources), added the
following

[Paragraph]
This URL class loader is known as the system class loader, and it
may be retrieved via the following method:

[ListVariableTerm]
public static ClassLoader getSystemClassLoader() [filled-star dingbat]
[ListVariable]
Return the system class loader -- that is, the class loader that
was used to load the base application classes. If a security
manager is in place, you must have the getClassLoader runtime
permission to use this method (see Chapter 5).

[Paragraph]
Hence, to set up a delegation class loader, you can use this call:

[CodeIndent]
jrl = new JavaRunnerLoader(ClassLoader.getSystemClassLoader())

[Paragraph]
instead of the methods we showed earlier.

Changed all occurences of "getLocalResource" to "findResource" [in the
ListVariableTerm and the middle of the final paragraph].

checkPermission(Permission p) Thread.stop() Stopping a thread could
corrupt state of the
virtual machine.

In 1.2, the Thread class also calls the checkPermission() method of
the security manager whenever the stop() method is called, since
stopping a thread is an inherently dangerous operation (which has
led the stop() to method become deprecated). For backward
compatibility, this permission is normally granted even to untrusted
classes, but an end-user may change her environment so that the
security manager throws an exception whenever the stop() method is
called.

Changed the last clause of the first sentence to read:

"and r2 represents permission to access classes in the java package."

"topLevelWindow" to "showWindowWithoutWarningBanner"; changed
"systemClipboard" to "accessClipboard", and change "eventQueue"
to "accessEventQueue".

In the first code line, changed "topLevelWindow" to
"showWindowWithoutWarningBanner".

In the first sentence of the paragraph, changed "three different classes"
to "two different classes". In that paragraph, changed
"Authenticator.setDefault" to "setDefaultAuthenticator" and changed
"Authenticator.requestPasswordAuthentication" to
"requestPasswordAuthentication".

Deleted the second paragraph (the one beginning "In addition, the ability
to create multicast...") altogether.

Rewrote the third paragraph (the one that begins "Finally, the ability to
create a listener...") as follows:

In addition, this class encapsulates various URL-related permissions.
Permission to specify a stream handler in the URL class is named
specifyStreamHander.

Deleted the first code line:

NetPermission n1 = new NetPermission("multicast");

Changed the second code line to

NetPermission n1 = new NetPermission("requestPasswordAuthentication");

Changed the third sentence from

has one valid name: enableSubstitution. If granted, this permission

to

has two valid names: enableSubstitution and
enableSubclassImplementation. The first of these permissions

Then added the following sentence at the end of the paragraph:

The latter permission allows the ObjectInputStream and
ObjectOutputStream classes to be subclassed, which would
potentially override the readObject() and writeObject() methods.

Changed

single name (access)

to

single name (supressAccessChecks)

public abstract String getName()

It now reads:

public final String getName()

[Paragraph]
If you implement your own PermissionCollection class, you must also
keep track of whether it has been marked as read-only. There are two
methods involved in this:

[ListVariableTerm]
public boolean isReadOnly() [filled-star dingbat]
[ListTerm]
Return an indication of whether the collection has been marked as
read-only.

[ListVariableTerm]
public void setReadOnly() [filled-star dingbat]
[ListTerm]
Set the collection to be read-only. Once the read-only flag has
been set, it cannot be unset: the collection will remain read-only
forever.

[Paragraph]
A permission collection is expected to throw a security exception from
its add() method if it has been marked as read-only. Note that the
read-only instance variable is private to the PermissionCollection
class, so subclasses will have to rely on the isReadOnly() method to
test its value.

are inherited...") to the "The Policy Class" header.

change "Policy.getPolicy" to "getPolicy" and change "Policy.setPolicy"
to "setPolicy".

"getPermissions"

public abstract Permissions getPermissions(CodeSource cs) [dingbat]

package".

"-Djava.security.policy, which must be used in conjunction with the
-Djava.security.manager option."

Changed the first command line to:

piccolo% java -Djava.security.manager
-Djava.security.policy=/globalfiles/java.policy Cat /etc/passwd

Changed the next two "-usepolicy" to "-Djava.security.manager" [both in
the ListText... paragraph between the first and second command line
examples.]

Changed the second command line to:

piccolo% java -Djava.security.manager
-Djava.security.policy==/globalfiles/java.policy Cat /etc/
passwd

Changed the paragraph beginning "Note that you may also specify..." to
"Note that you may also simply specify the -Djava.security.manager
flag with no additional arguments, in which case..."

Changed the third command line to:

piccolo% java -Djava.security.manager Cat /etc/passwd

"-Djava.security.policy"

brace, added the line:

permission java.lang.RuntimePermission "stopThread";

At the end of the 1st paragraph, added the sentence:

All other classes will also be able to call the stop() method on a
thread.

First bullet:
o The defineClass() method accepts a protection domain as a
parameter. In this case, the given protection domain is assigned
to the class. This case is typically unused, since that method
exists only in the ClassLoader class and not in the
SecureClassLoader class.

Second bullet:
o The defineClass() method accepts a code source as a parameter.
In this case, the getPermissions() method of the
SecureClassLoader is used to determine the protection domain for
the code source. By default, this just uses the getPermissions()
class of the Policy class to find the permissions that are
defined for the given code base. However, a secure class loader
(including, of course, a URL class loader)
has the option of overriding the getPermissions() method to
enhance the set of permissions that a particular class might
have. We'll see an example of this in Chapter 6, when we discuss
network permissions in the class loader.

Third bullet: changed "evaluate()" to "getPermissions()".

Changed the code example to the following:

public class PayrollApp {
NetworkMonitor nm;

public void init() {
class doInit implements PrivilegedAction {
public void run() {
nm = new NetworkMonitor();
}
}
doInit di = new doInit();
AccessContoller.doPrivileged(di);
}
}

[both occurances in the paragraph.]

should be in Courier font.

2nd paragraph now reads:

In 1.2, this variable and method are deprecated. The correct
operation to perform in a 1.2-based security manager is to place
the calls to the InetAddress class in a class that can be used by
the doPrivileged() method. In addition, the InetAddress class in
1.2 no longer calls the getInCheck() method.

support machine are trusted and other classes are not. Note that
if you are going to use this technique in 1.2 that it is quite
possible that the class loader will not be your multi loader -- it
might be one of the internal class loaders that is use to load
extension or API classes. In that case, instead of throwing a
security exception when the class cast fails, you should simply
call the super.checkWrite() method, which will do the correct
thing in 1.2.

2nd paragraph, the 2nd sentence now reads:

For a 1.1-based security manager, you would set the inCheck
variable to true, execute the calls that are in the run() method of
the testHost class, and then set inCheck to false. You would also
need to make this method and the getInCheck() methods
synchronized.

1st paragraph: changed the last sentence to read:

In Java 1.2, you can use the doPrivileged() method of the access
controller from within the class loader to attempt to open the
URL.

Changed the sentence

In 1.2, the default behavior of the security manager is to implement
the model we'll describe in this section.

To

In 1.2, the default behavior of the security manager is to allow the
checkAccess() method to succeed in all cases unless the target
thread is a member of the system thread group or the target thread
group is the system thread group. In those cases,
the program must have been granted a runtime
permission of modifyThread or modifyThreadGroup (depending on which
checkAccess() method is involved) for the operation to succeed.
Hence, any thread can modify any thread or thread group except for
those that belong to the system thread group.

In the 3rd paragraph, deleted the phrase "this is a model implemented by
the SecurityManager class in 1.2.". So the paragraph reads

We'll show an example that implements a hierarchical notion of
thread permissions which fits well within the notion of the virtual
machine's thread hierarchy (see Figure 6-1). In ths model, a ...

In the last paragraph, changed the last sentence to read

The 1.2 default security manager checks for the modifyThread and
modifyThreadGroup permissions as we described above.

Immediately preceeding the "Implementing Package Access" header, added
this paragraph:

Finally, remeber that in 1.2, the stop() method of the Thread class
first calls the checkPermission() class of the security manager to
see if the current stack has a runtime permission of "stopThread".
For backward compatibility, all protection domains have that
permission by default, but a particular user may be changed that
in the policy file.

page 149) to read

A final area for which the default security manager is sometime
inadequate is the manner in which it checks for package access and
definition. In 1.1, the default security manager rejects all package
access and definition attempts.

In 1.2, the situation is somewhat complex. For package access, the
security manager looks for a property defined in the java.security
file named package.access. This property is a list of comma
separated package names for which access should be checked. If the
class loader uses the checkPackageAccess() method (and remember that
many do not) and attempts to access a package that is in the list
specified in the java.security file, then the program must have a
runtime permission with a name of
accessClassInPackage.<package name>. For defining a class, the
operation is similar; the property name in the java.security file is
package.definition and the appropriate runtime permission has a name
of defineClassInPackage.<package name>. This model works well, but
it requires that the java.security file and all the java.policy
files be co-ordinated in their attempts to protect package access
and definition.

For that reason, and also to provide a better migration between
releases (and because it's the only way to do it in 1.1), you may
want to include the logic to process some policies within your new
security manager. In that way, users will not need to make any
changes on their system; in this case, the user will not have to put
the appropriate RuntimePermission entries into the java.policy files
by hand.

o The checkAccess() methods only check for the given permission if
the target thread (group) is in the system thread group.

o Thread permissions may follow the thread hierarchy rather than the
default all-or-nothing policy.

"-Djava.security.policy" [three instances.]

and the rest of the section through the next header ("The Secure Java
Launcher").

At the end of the 1st paragraph, change "checkExit() method" to
"checkExit(), checkPackageAccess(), and checkPackageDefinition()
methods".

[First we must prove that the author ...]

KeyStore JKS
CertificateFactory X509
SecureRandom SHA1PRNG

"method" to "methods". [contain a number of useful methods we'll
review here;]

added the following sentence:

In 1.2, however, the argument string is clearProviderProperties,
putProviderProperty, and removeProviderProperty, respectively.

hollow-star dingbat.

Deleted the footnote.

now reads "Fortunately, the next class allows us to import
certificates." [delete "both" and "to export".]

inserted the following new section:

[HeadB]
The CertificateFactory class

[Paragraph]
If you need to import a certificate into a program, you do so by using
the CertificateFactory class (java.security.cert.CertificateFactory).
That class is an engine class, and it has the following interface:

[ListVariableTerm]
public static CertificateFactory getInstance(String type) [filled-star
dingbat]
[ListVariableTerm]
public static CertificateFactory getInstance(String type, String provider)
[filled-star dingbat]
[ListVariable]
Return a certificate factory that may be used to import
certificates of the specified type (optionally implemented by the
given provider). A CertificateException will be thrown if the
given factory cannot be found or created; if the given provider is
not found, a NoSuchProviderException will be thrown. The default
Sun security provider has one certificate factory that works with
certificates to type X509.

[ListVariableTerm]
public String getProvider() [filled-star dingbat]
[ListTerm]
Return the provider that implemented this factory.

[ListVariableTerm]
public String getType() [filled-star dingbat]
[ListTerm]
Return the type of certificates that this factory can import.

[ListVariableTerm]
public final Certificate generateCertificate(InputStream is) [filled-star
dingbat]
[ListTerm]
Return a certificate that has been read in from the specified
input steram. For the default Sun security provider, the input
stream must be an X509 certificate in RFC 1421 format (that is, a
DER-encoded certificate that has been translated into 7-bit ASCII
characters); this is the most common format for transmission of
X509 certificates.

[ListVariableTerm]
public final Collection generateCertificates(InputStream is) [filled-star
dingbat]
[ListTerm]
Return a collection of certificates that have been defined in the
given input stream. For the default Sun provider, the input stream
in this case may have a single RFC 1421 formatted certificate, or
it may contain a certificate chain in PKCS#7 format.

[ListVariableTerm]
public final CRL generateCRL(InputStream is) [filled-star dingbat]
[ListTerm]
Define a certificate revocation list from the data in the input
stream.

[ListVariableTerm]
public final Collection generateCRLs(InputStream is) [filled-star dingbat]
[ListTerm]
Define a collection of CRLs from the data in the input stream.

[Paragraph]
Note that the CertificateFactory class cannot generate a new
certificate -- it may only import a certificate found in a file. This
is one reason why its hard to provide a certificate authority based
solely on the standard Java API. In the next section, we'll see an
example of reading a certificate through this interface.

[Paragraph]
The CertificateFactory is an engine class, so it has a companion SPI
class -- the CertificateFactorySpi class -- that can be used if you
want to implement your own certificate factory. Implementing such a
class follows the familiar rules of engine classes: you must define a
constructor that takes the type name as a parameter and then for each
of the public methods listed above, you must implement a corresponding
engine method with the same parameters. Certificates are complicated
things, and parsing their encoding is a complicated procedure, so we
won't bother showing an example of the engine class.

an engine class..."] and all the text until the last paragraph on the
page that introduces the three bullets. Hence, the text reads

public abstract class X509Certificate extends Certificate implements
X509Extension
Provide an infrastructure to support X509 version 3 formatted
certificates.

An X509 certificate has a number of properties...

Certificates".

X509CRL class...") and the code at the bottom of the page.

definition. Changed the beginning of the next paragraph so that it
reads

Instances of the X509CRLEntry class are obtained by the getInstance()
method of the CertificateFactory. Once the class has been
instantiated, ...

Hence, the text from 237 to 238 reads:

public abstract class X509CRL implements X509Extension [dingbat]
Provide the support for an X509-based certificate revocation list.

Instances of the X509CRLEntry class are obtained by the getInstance()
method ...

that reads

public abstract boolean isRevoked(BigInteger serialNumber) [dingbat]
Indicated whether or not ...

"X509CRLEntry":

public abstract X509CRLEntry getRevokedCertificate(BigInteger bn)
[dingbat]

done,..."), inserted the following:

[Paragraph]
There is one more method of the X509CRL class, which it inherits from
its superclass, the CRL class (java.security.cert.CRL):

[ListVariableTerm]
public abstract boolean isRevoked(Certificate c) [filled-star dingbat]
[ListVariable]
Indicate whether or not the given certificate has been revoked by
this CRL.

When all is said and done,...

Last paragraph, changed the final sentence to:

The IdentityScope class has been deprecated in 1.2.

4th paragraph: Changed the final sentence to read:

First, however, let's take a brief look at the notion of the identity
to whom a key belongs.

Then added this paragraph.

In Java's key management model, the association between a key and
its owner is application specific. There is an Identity class in
Java that was used for this purpose in 1.2, but it has been deprecated
(because, among other things, it used the wrong Certificate class).
However, there is still one interface that can be useful in your
own applications that use keys: the Principal interface.

Then deleted the Identities header and the next two paragraphs. Most of
the "Identities" section must be moved into Appendix B; changes in that
section will be listed later. For now, after the paragraph that was just
added, keep the "Principals" subsection (make sure that the sidebar is
attached to something in that section). Deleted the entire subsection
"The Identity Class", and also the subsection "signers". Note that we're
deleting an entire HeadA section, so the cross-reference at the
beginning of the chapter must have that entry removed as well.

Hence, the text flows as follows:

This framework is the ultimate goal of this chapter. First, however,
let's take a brief look at the notion of the identity to whom a key
belongs.

In Java's key management model, the association bewteen ... that use
keys: the Principal interface.

[Still a HeadB]
Principals

Classes that are concerned with identities...

... discussion of principals, ending with the 7th paragraph on
page 246 ...

There are other methods listed in the Principal interface -- namely
... implemented correctly for all your classes, not just those that
implement the Principal interface.

[HeadA -- from page 253]
The KeyStore Class

"the deprecated Identity class" [This paragraph is in the middle of the
flow that we just discussed].

public class KeyStore [dingbat]

interface...") paragraph through the ListVariableTerm for the
getInstance() method (plus the corresponding ListVariable paragraph).
Replaced them with the following:

[paragraph]
The KeyStore class is an engine class; there is a corresponding
KeyStoreSpi class that you can use to write your own keystore (more
about that a little later). By default, the Sun security provider
implements a keystore called JKS (for Java KeyStore). Hence,
instances of the KeyStore class are predictable obtained via this
method:

[ListVariableTerm]
public static final KeyStore getInstance(String type) [filled-star
dingbat]
[ListVariableTerm]
public static final KeyStore getInstance(String type, String provider)
[filled-star dingbat]
[ListVariable]
Return an instance of the KeyStore class that implements the
given algorithm, supplied by the given provider, if applicable.
In the Sun security provider, the default algorithm name is
"JKS".

[paragraph]
If you do not want to hard-wire the name of the keystore algorithm
into your application, you may use this method to return the string
that should be passed to the getInstance() method:

[ListVariableTerm]
public static final String getDefaultType() [filled-star dingbat]
[ListVariable]
Return the default keystore algorithm for the enviroment. This
value is obtained by looking for a property called keystore.type
in the java.security file.

Then continued with the paragraph "When the keystore object is
created..."

public abstract void load(InputStream is, String password) [dingbat]

to

public final void load(InputStream is, char[] password) [dingbat]

public abstract void store(OutputStream os, String password) [dingbat]

to

public final void store(OututStream os, char[] password) [dingbat]

these 2 entries (so that there will be 7 ListVariableTerm entries all
together):

public final String getType() [filled-star dingbat]
Return the name of the algorithm that this keystore implements.
public final String getProvider() [filled-star dingbat]
Return the name of the provider that supplied this keystore
implementation.

In the remaining ListVariableTerm entries on this page (5 at the top and
2 at the bottom), changed the word "abstract" to "final".

of entries...") delete the 2nd sentence. The paragraph now reads

The keystore holds two types of entries: certificate entries and key
entries. A certificate entry is an entry that contains...

public abstract PrivateKey getPrivateKey(String alias, String password
[dingbat]

to

public final Key getKey(String alias, char[] password) [dingbat]

Changed the final ListVariableTerm paragraphs from

public abstract void setKeyEntry(String alias, byte privateKey[],
Certificate chain[]) [dingbat]
public abstract void setKeyEntry(String alias, PrivateKey pk, String
password, Certificate chain[]) [dingbat]

to

public final void setKeyEntry(String alias, byte key[], Certificate
chain[]) [dingbat]
public final void setKeyEntry(String alias, Key k, char[] password,
Certificate chain[]) [dingbat]

In all other ListVariableTerm paragraphs on this page, changed "abstract"
to "final". This applies as well to the 1st ListVariableTerm paragraph
on page 259.

Implementing a keystore requires that we write a KeyStoreSpi class,
just as any other engine class. For most methods in the KeyStore
class, there is a corresponding abstract engine method in the
KeyStoreSpi class that you must provide an implementation for. A
complete list of these methods is given in Table 11-?.[simple table,
2 columns]

[Table Title]
Table 11-?. Engine methods in the KeyStoreSpi class

[Cell Heading]
KeyStore Class KeyStoreSpi class

[Cell Body]
aliases engineAliases
containsAlias engineContainsAlias
deleteEntry engineDeleteEntry
getCertificate engineGetCertificate
getCertificateAlias engineGetCertificateAlias
getCertificateChain engineGetCertificateChain
getCreationDate engineGetCreationDate
getKey engineGetKey
isCertificateEntry engineIsCertificateEntry
isKeyEntry engineIsKeyEntry
load engineLoad
setCertificateEntry engineSetCertificateEntry
setKeyEntry engineSetKeyEntry
size engineSize
store engineStore

combined the next paragraph into the 1st paragraph. In sum, the start of
this section ("Installing a KeyStore class") reads like this:

In order to use an alternate keystore implementation, you must install
your new class into a security provider. If necessary, you'll need to
establish a convention...

to the final entry on the page:

public final byte[] sign()
public final int sign(byte[] outbuf, int offset, int len) [filled-star
dingbat]
Create the digital signature...

In the first of these methods, the signature is returned from
the the method. Otherwise, the signature is stored into the
outbuf array at the given offset, and the length of the
signature is returned. If the output buffer is too small to hold
the data, an IllegalArgumentException will be thrown.

the entry looks like this:

protected abstract byte[] engineSign()
protected int engineSign(byte[] outbuf, int offset, int len) [filled-sta r dingbat]
Create the signature based on the ...

2 release for JDK 1.2 of"

Changed 1st sentence of the 3rd paragraph to read:

There are five new engine classes in the JCE: the Cipher, KeyAgreement,
KeyGenerator, Mac, and SecretKeyFactory engines.

In that paragraph, changed the 3rd sentence to read

In addition to implementations of the new engines, the SunJCE
security provider gives us a key factory and a key pair generator
for Diffie-Hellman (DH) keys as well as a new engine for working
with keystores.

In Table 13-1, added the following entries

Mac HmacSHA1
Mac HmacMD5
KeyStore JCEKS

public interface RSAPrivateKey extends PrivateKey
public interface RSAPrivateKeyCrt extends PrivateKey
public interface RSAPublicKey extends PublicKey
This set of interfaces ...

Note that the footnote has been deleted as well.

public final void init(int strength)
public final void init(int strength, SecureRandom sr)

public final void engineInit(int strength, SecureRandom sr)

public class DESParamaterSpec implements AlgorithmParameterSpec

but kept the DESKeySpec and the associated text. In the ListVariable
paragraph, changed "These classes" to "This class".

In the next ListVariable paragraph, deleted the sentence "Note that
there is no corresponding parameter specification for this algorithm."

public class RSAPrivaeKeySpec implements KeySpec
public class RSAPrivateKeyCrtSpec implements KeySpec
public class RSAPublicKeySpec implements KeySpec
These classes implement ...

with the following set of entries

public class IvParameterSpec implements AlgorithmParameterSpec
This class implements an initialization vector. Initialization
vectors are used in many algorithms; notable in DES.

public class RC2ParameterSpec implements AlgorithmParameterSpec
public class RC5ParameterSpec implements AlgorithmParameterSpec
These classes implement the algorithm parameter specifications
for RC2 and RC5 encryption.

public class SecretKeySpec implements KeySpec
This class implements a key specification for the new class of
secret keys.

In the 2nd entry, changed "DESParameterSpec" to "IvParameterSpec" in
columns 1 and 3.

Replaced the final 3 entries (about RSA keys) with the following:

RC2ParameterSpec byte[] getIV() RC2ParameterSpec(int effective)
int getEffectiveKeyBits() RC2ParameterSpec(int effective,
byte[] iv)
RC2ParameterSpec(int effective,
byte[] iv, int offset)

RC5ParameterSpec byte[] getIV() RC5ParameterSpec(int version,
int rounds, int wordSize)
int getRounds() RC5ParameterSpec(int version,
int rounds, int wordSize,
byte[] iv)
int getVersion() RC5ParameterSpec(int version,
int rounds, int wordSize,
byte[] iv, int offset)
int getWordSize()

SecretKeySpec byte[] getEncoded() SecretKeySpec(byte[] key,
String Algorithm)
SecretKeySpec(byte[] key,
int offset, String Algorithm)

public final void init(int op, Key k, AlgorithmParameters ap)
public final void init(int op, Key k, AlgorithmParameters ap,
SecureRandom sr)

parameter specification" to "algorithm parameter specification or
algorithm parameters". Changed "DESParameterSpec" to "IvParameterSpec".
The whole last sentence reads

In these cases, the intialization vector must be passed to the
init() method within the algorithm parameter specification or
algorithm parameters; the IvParameterSpec class is typically used
to do this for DES encryption.

alternate choice to using an initialization vector...).

to "it":

The rationale behind this system is that it allows the ...

header", the first word is now "As".

public void engineInit(int op, Key key, AlgorithmParameters ap,
SecureRandom sr)

this example, we've sent 8 arbitrary...")

changed the other three entries, and add a sentence to the end of the
ListVariable entry so that they appear as follows:

public final void init(Key k)
public final void init(Key k, SecureRandom sr)
public final void init(Key k, AlgorithmParameterSpec aps)
public final void init(Key k, AlgorithmParameterSpec aps, SecureRandom
sr)
Initialize the key agreement engine. The parameter specifications
(if present) will vary depending upon the underlying algorithm; if
the parameters are invalid, of the incorrect class, or not
supported, an InvalidAlgorithmParameterException is generated. This
method will also perform the first phase of the key agreement
protocol.

to:

public final Key doPhase(Key key, boolean final)
Execute the next phase of the key agreement protocol. Key
agreement protocols usually require a set of operations to be
performed in a particular order. Each operation is represented
in this class by a particular phase, which usually require a
key to succeed. If the provided key is not supported by the key
agreement protocol, is incorrect for the current phase, or is
otherwise invalid an InvalidKeyException will be thrown.

The number of phases, along with the types of keys they
require, vary drastically from key exchange algorithm to
algorithm. Your security provider must document the types of
keys required for each phase. In addition, you must specify
which is the final phase of the protocol.

In the next set of entries, in the 2nd ListVariable paragraph, changed
"starting with a new set of calls to the doPhase() method" to
"starting with a new call to the init() method".

for testing."

entries

-storetype type
Specify the type of keystore that the keytool should operate
on. This defaults to the keystore type in the java.security
file, which defaults to JKS, the keystore type provided by the
Sun security provider.

-storepass entry:

-storetype storetype

-trustcacerts
Use the cacerts file to obtain trusted certificates from
certificate authorities that have signed the
certificate that is being imported.

-storepass entry:

-storetype storetype

[This happens twice on the page: once at the very top and once at the
very bottom.]

-certreq
Generate a certificate signing request...

piccolo% keytool -certreq -alias sdo -file sdoCSR.cer

added the following:

We've mentioned in this section that in order to import a
certificate like this that the self-signed certificate of the
certificate authority must already be in the keystore. However,
there's a bootstrapping issue involved in this: how do you get the
initial certificates for the certificate authorities into a
keystore?

The JDK comes with a set of five pre-installed certificates: four
from VeriSign, which issues certificates at different levels, and 1
from RSA Data, Inc. These certificates are in the cacerts file in
the ${JAVAHOME}/lib/security directory. While those certificates
are not present in your .keystore file, you can still import
certificates into your .keystore file by using the -trustcacerts
option: in that case, as long as the certificate you're importing
has been signed by one of the authorities in the cacerts file,
the import operation will succeed.

Hence, if we'd sent our CSR request in the above example to
VeriSign and the returned certificate from VeriSign was stored in
the sdo.cer file, we could import it with this command:

piccolo% keytool -import -file sdo.cer -alias sdo -trustcacerts

If you want to use the certificates of the certificate authorities
programatically, you may do so by creating a keystore of type JKS,
and loading that keystore from the cacerts file.

-storepass entry:

-storetype storetype

[This happens twice on this page]

-storepass entry:

-storetype storetype

[This happens three times on this page]

-storepass entry:

-storetype storetype

[This happens twice on this page]

subsection:

[HeadB]
Importing a 1.1-based Identity database

[Paragraph]
The keystore in 1.2 is incompatible with the identity database in
1.1, but the keytool is capable of converting between the two. To
convert a 1.1 identity database to a 1.2 keystore, use this
command:

[ListVariableTerm, in Italics]
-identitydb
[ListVariable]
Convert a 1.1 identity database. This command has the following
options

[>ListVariableTerm, in Italics]
-v
-keystore keystore
-keypass keypass
-storepass storepass
-storetype storetype
-file db_file
[>ListVariable]
The file name of the 1.1 identity database. The default for
this is identitydb.obj in the user's home directory.

[paragraph]
With this command, each trusted entry in the identity database will
be created as a key entry in the keystore. All other entries in the
identity database will be ignored.

[ListVariableEntry in italics]
A KeyStore type
[ListVariable]
You must have an entry in this file that lists the default type
of keystore that an application should use. By default, that
type is listed as

[CodeIndent]
keystore.type=jks

[ListVariable]
If you change the type listed in this entry, the new type will
be used whenever anyone requests the default keystore
implementation.

Changed "-usepolicy" to "-Djava.security.policy"
[two occurences].

changed "-usepolicy" to "-Djava.security.policy" [two occurences].

associated paragraphs. The last item before the next subsection "The
java.policy File" now reads "Whether or not the -Djava.security.policy
argument can be used."

begins "As a result, it is not possible to upgrade...").

Changed the last sentence of the 2nd paragraph (the one that begins
"In particular, although the Identity class...") to read:

In addition, the Identity and IdentityScope classes have been
deprecated in 1.2, so you should really move to the keystore
implementation as soon as possible.

The section on Identities from Chapter 11, pages 245-253, was moved
into this appendix. It now starts before the section on "Identity
Scopes", so that after the first two introductory paragraphs, there is
the "Identity" header, the text from chapter 11, and then the "Identity
Scopes" header.

In addition, the text that was moved into this appendix now has some
changes as well. These are listed here with reference to their original
page number:

(245) Deleted the 2nd paragraph of the section (the one beginning
"The classes we'll examine in this section were originally
designed..."). The next subsection -- the one on Principals --
remained as part of chapter 11 (including the sidebar on page 247).
Hence, after the 1 introductory paragraph of this section, the
next thing is the subsection entitled "The Identity Class".

(246) Last ListVariableTerm ("public class Identity...") -- append
a hollow-star dingbat to the end of the line.

(247) Deleted the last paragraph (the one that begins "In 1.1, the
Identity class is an abstract class...").

(248) 4th bullet: Deleted the sentence that begins "This features is
primarily used to support the javakey...".

(248) 5th bullet: Deleted the extra punctuation at the end of the
sentence.

(248) Deleted the sidebar "Identities and Identity Scopes"

(248) Last paragraph: deleted the last clause of the last sentence,
so that the last sentence reads "You're free to add that feature
to your own identity class."

(249) At the end of all ListVariableTerm entries, appended a
hollow-star dingbat.

(249) 7th ListVariableTerm entry: deleted the ListVariableTerm paragraph

public void addCertificate(java.security.cert.Certificate
certificate)

The other ListVariableTerm (that uses java.security.Certificate)
remains, as does the ListVariable paragraph.

(249) 8th ListVariableTerm entry: deleted the ListVariableTerm paragraph

public void removeCertificate(java.security.cert.Certificate
certificate)

The other ListVariableTerm (that uses java.security.Certificate)
remains, as does the ListVariable paragraph.

(250) 1st ListVariableTerm entry: deleted the ListVariableTerm paragraph

public java.security.cert.Certificate[] getCertificates()

The other ListVariableTerm (that uses java.security.Certificate)
remains, as does the ListVariable paragraph.

(250) Changed the first paragraph (that begins "If you have an identity
object") to be this single sentence:

There are two ways to obtain an identity object -- via the
getIdentity() method of the IdentityScope class or by
implementing and constructing an instance of your own subclass
of the Identity class.

(251) Deleted the first ListVariableTerm entry and its associated
ListVariable paragraph.

(251) In the first paragraph of the subsection "The Identity class
and the security manager", deleted the first clause of the 2nd
sentence ("This mechanism has changed somewhat between 1.1. and
1.2"):

... performed by untrusted classes. Table B-1 lists the
methods...

In the table (now Table B-1), removed the 2nd column entirely so
that there is only a column for Method and one for Argument in 1.1.
But change the column heading to say simply "Argument".

In the next paragraph, deleted the first two words "In 1.1" and
delete the final sentence (the one that begins "For example, in 1.1
a call to the...").

(252) 1st full paragraph (the one that begins "In common
implementations..."): changed this paragraph to the single sentence:

In common implementations of the security manager, this string
is ignored and trusted classes are typically able to work with
identities while untrusted classes are not.

(253) Table (now Table B-2): Remove the 2nd column entirely, and
changed the heading of the last column to "Parameter".

In the next paragraph, deleted the words "in 1.1".

After this section, continued to the section "Identity Scopes".

appended a hollow-star dingbat

begins "Changes in the definition of the Identity class between...")

section, delete the phrase 'in 1.1 and an argument of
"IdentityScopre.setSystemScope" in 1.2'.

In the next paragraph, deleted the two words "in 1.1".

phrase "we touched upon in Chapter 11".

one that begins "In the realm of Java 1.2...").

an additional bug reported in July 1998 regarding the class loader, but
this applied only to Netscape's implementation, not to the standard
JDK."

Replaced the lines
public static native void beginPrivileged();
public static native void beginPrivileged(AccessControlContext);

with
public static native Object doPrivileged(PrivilegedAction);
public static native Object doPrivileged(PrivilegedAction,
AccessControlContext);
public static native Object doPrivileged(PrivilegedExceptionAction);
public static native Object doPrivileged(PrivilegedExceptionAction,
AccessControlContext);

Deleted the line

public static native void endPrivileged();

Changed the lines

// Instance Methods
protected AlgorithmParameters(AlgorithmParametersSpi, Provider, String)
;

to the lines

// Constructors
protected AlgorithmParameters(AlgorithmParametersSpi, Provider, String)
;

// Instance Methods

Changed the line

public CodeSource(URL, PublicKey[]);

to
public CodeSource(URL, Certificate[]);

Changed the line

public final PublicKey[] getKeys();

to
public final Certificate[] getCertificates();
public boolean implies();

Deleted the line

public Identity(String, String, Certificate[], PublicKey);

Changed the line

public Certificate[] getCertificates();

to
public Certificate[] certificates();

After the line

public void initialize(int);

Added the lines

public void initialize(int, SecureRandom);
public void initialize(AlgorithmParameterSpec, SecureRandom);

Changed the line

public KeyStore();

to
protected KeyStore(KeyStoreSpi, Provider, String);

Changed the line

public static final KeyStore getInstance();

to
public static final String getDefaultType();
public static KeyStore getInstance(String);
public static KeyStore getInstance(String, String);

Changed the line

public abstract PrivateKey getPrivateKey(String, String);

to
public final Key getKey(String, char[]);
public final Provider getProvider();
public final String getType();

Changed the line

public abstract void load(InputStream, String);

to
public final void load(InputStream, char[]);

Changed the lines

public abstract void setKeyEntry(String, PrivateKey, String,
Certificate[]);

to
public final void setKeyEntry(String, Key, char[], Certificate[]);

Changed the line

public abstract void store(OutputStream, char[])

to
public final void store(OutputStream, char[])

Also, in every other line of this entry that has the word "abstract",
changed "abstract" to "final"

After the line

public abstract boolean implies(Permission);

added the lines

public boolean isReadOnly();
public void setReadOnly();

Deleted the lines

public boolean isReadOnly();
public void setReadOnly();

Changed the line

public abstract Permissions evaluate(CodeSource);

to
public abstract PermissionCollection getPermissions(CodeSource);

Changed the line

public ProtectionDomain(CodeSource, Permissions);

to
public ProtectionDomain(CodeSource, PermissionCollection);

Changed the line

public final Permissions getPermissions();

to
public final PermissionCollection getPermissions();

Changed all the lines after

// Instance Methods

to
public synchronized void clear();
public Set entrySet();
public String getInfo();
public String getName();
public double getVersion();
public Set keySet();
public synchronized void load(InputStream);
public synchronized Object put(Object, Object);
public synchronized void putAll(Map);
public synchronized Object remove(Object);
public String toString();
public Collection values();
}

Changed all the lines after

// Protected Instance Methods

to
protected final Class defineClass(String, byte[], int, int,
CodeSource);
protected PermissionCollection getPermissions(CodeSource);
}

After the line

public final byte[] sign();

added the line

public final int sign(byte[], int, int);

After the line

public final byte[] engineSign();

added the line

public final int engineSign(byte[], int, int);

Changed the line

public UnresolvedPermission(String, String, String, PublicKey);

to
public UnresolvedPermission(String, String, String, Certificate[]);

entry:

Class java.security.cert.CertificateFactory

A certificate factory is used to import certificates or certificate
revocation lists from a file or other input stream.

Class Definition

public java.security.cert.CertificateFactory
extends java.lang.Object {

// Constructors
protected CertificateFactory(CertificateFactorySpi, Provider,
String);

// Class Methods
public static final CertificateFactory getInstance(String);
public static final CertificateFactory getInstance(String,
String);

// Instance Methods
public final CRL generateCRL(InputStream);
public final Collection generateCRLs(InputStream);
public final Certificate generateCertificate(InputStream);
public final Collection generateCertificates(InputStream);
public final Provider getProvider();
public final String getType();
}

See also: X509Certificate, X509CRLEntry

First, the name of this entry has been changed to
java.security.cert.X509CRLEntry (and it moved to its correct place in
alphabetical order, which is after X509CRL).

Then, after the line

public abstract boolean hasExtensions();

added the line

public abstract boolean hasUnsupportedCriticalExtension();

Removed the lines

// Class Methods
public static final X509Certificate getInstance(InputStream);
public static final X509Certificate getInstance(byte[]);

Removed the line

public abstract boolean hasUnsupportedCriticalExtension();

Removed the lines

// Class Methods
public static final X509CRL getInstance(InputStream);
public static final X509CRL getInstance(byte[]);

Changed the lines

public abstract RevokedCertificate
getRevokedCertificate(BigInteger);

to
public abtract X509CRLEntry getRevokedCertificate(BigInteger);

After the line

public abstract int getVersion();

added the line

public abstract boolean hasUnsupportedCriticalExtension();

In the See Also section, changed "RevokedCertificate" to "X509CRLEntry".

After the line

public abstract Set getNonCriticalExtensionOIDs();

added the line

public abstract boolean hasUnsupportedCriticalExtension();

In the See Also section, changed "RevokedCertificate" to "X509CRLEntry".

After the line

public final int getOutputSize(int);

added the line

public final AlgorithmParameters getParameters();

After the lines
public final void init(int, Key, AlgorithmParameterSpec,
SecureRandom);

added the lines

public final void init(int, Key, AlgorithmParameters);
public final void init(int, Key, AlgorithmParameters, SecureRandom);

After the line

protected abstract byte[] engineGetIV();

added the line

protected abstract int engineGetOutputSize(int);

After the lines

protected abstract void engineInit(int, Key,
AlgorithmParameterSpec, SecureRandom);

added the line

protected abstract void engineInit(int, Key, AlgorithmParameters,
SecureRandom);

Changed the line

public final Key doPhase(int, Key);

to
public final Key doPhase(Key, boolean);

Changed the lines

public final void init(SecureRandom);
public final void init(AlgorithmParameterSpec);
public final void init(AlgorithmParameterSpec, SecureRandom);

to
public final void init(Key);
public final void init(Key, SecureRandom);
public final void init(Key, AlgorithmParameterSpec);
public final void init(Key, AlgorithmParameterSpec, SecureRandom);

Changed the line

protected abstract Key engineDoPhase(int, Key);

to
protected abstract Key engineDoPhase(Key, boolean);

Changed the lines

protected abstract void engineInit(SecureRandom);
protected abstract void engineInit(AlgorithmParameterSpec,
SecureRandom);

to
protected abstract void engineInit(Key, SecureRandom);
protected abstract void engineInit(Key, AlgorithmParameterSpec,
SecureRandom);

After the line

public final Provider getProvider();

added the lines

public final void init(int);
public final void init(int, SecureRandom);

After the line

protected abstract SecretKey engineGenerateKey();

added the line

protected abstract void engineInit(int, SecureRandom);

After the line

public final Object getObject(Cipher);

added the lines

public final Object getObject(Key);
public final Object getObject(Key, String);

This section was renamed to java.security.interfaces.RSAPrivateKey,
and the first line of its interface definition now reads

public abstract interface java.security.interfaces.RSAPrivateKey

It has been moved to the appropriate section on
java.security.interfaces, immediately following DSAPublicKey.

Deleted this entry entirely.

This section was renamed to java.security.interfaces.RSAPublicKey,
and the first line of its interface definition now reads

public abstract interface java.security.interfaces.RSAPublicKey

It was moved to the appropriate section on
java.security.interfaces, immediately following RSAPrivateKey.

Before the line (left a blank line before this)

// Constructors

added the lines

// Constants
public static final int DES_KEY_LEN;

After the line

public static boolean isParityAdjusted(byte[], int);

added the line

public static boolean isWeak(byte[], int);

This entry was renamed to javax.crypto.spec.IvParameterSpec and
its first line now reads

public javax.crypto.spec.IvParameterSpec

Changed the lines

public DESParameterSpec(byte[]);
public DESParameterSpec(byte[], int, int);

to
public IvParameterSpec(byte[]);
public IvParameterSpec(byte[], int, int);

Re-alphabetized this entry so that it follows DHPublicKeySpec

Before the line (left a blank line before this)

// Constructors

added the lines

// Constants
public static final int DES_EDE_KEY_LEN;

Deleted this entry entirely.

This entry was renamed to java.security.spec.RSAPrivateKeySpec and
its first line was changed to

public java.security.spec.RSAPrivateKeySpec

In the See also list, removed RSAPrivateKeyCrtSpec

It was moved into the section on java.security.spec, immediately
following the PKCS8EncodedKeySpec entry.

This entry was renamed to java.security.spec.RSAPublicKeySpec and
its first line was changed to

public java.security.spec.RSAPublicKeySpec

It was moved into the section on java.security.spec, immediately
following the RSAPrivateKeySpec entry.

After the line

// Class Methods

added

public static ClassLoader getSystemClassLoader();

Deleted the lines

public URL getLocalResource(String);
public Enumeration getLocalResources(String);

Deleted the line

public void checkPackageAccess(String);

After the line

protected final Class defineClass(byte[], int int);

added the line

protected final Class defineClass(String, byte[], int, int,
ProtectionDomain);

After the line

protected Package definePackage(String, String, String, String, String
String, String, URL);

added the lines

protected Class findClass(String);
protected String findLibrary(String);

After the line

public URLClassLoader(URL[], ClassLoader);

added the lines

public URLClassLoader(URL[]);
public URLClassLoader(URL[], ClassLoader, URLStreamHandlerFactory);

Changed the lines

public static URL fileToURL(File);
public static URL[] pathToURLs(String);

to

public static URLClassLoader newInstance(URL[]);
public static URLClassLoader newInstance(URL[], ClassLoader);

Changed the lines

public URL getLocalResource(String);
public Enumeration getLocalResources(String);
public void invokeClass(String, String[]);
public void setListener(URLClassLoader$Listener);

to

public URL findResource(String);
public Enumeration findResources(String);
public URL[] getURLs();

Changed the lines

protected void checkPackageDefinition(String);
protected Class defineClass(String, Resource);
protected Package definePackage(String, Attributes, URL);
protected Class findLocalClass(String);

to

protected void addURL(URL);
protected Package definePackage(String, Manifest, URL);
protected Class findClass(String);
protected PermissionCollection getPermissions(CodeSource);

Deleted all the lines after

// Instance Methods

except for the closing brace

After the line

public static Class loadClass(String);

added the line

public static Class loadClass(String, String);