Platinum Edition Using HTML 4, XML, and Java 1.2
(Publisher: Macmillan Computer Publishing)
Author(s): Eric Ladd
ISBN: 078971759x
Publication Date: 11/01/98

When a Java class is loaded, the JVM examines the security policy currently in effect. If the code is signed, then permissions may be granted on the basis of the identity of the signer. Permissions may also be granted based on the location of the class file. (For example, a file loaded from the local host might be given more access than one loaded from the Internet.)

Certificate Interfaces and X.509v3 Implementation Not so long ago, the only way for a server to identify a client was to ask the user for a username and password. If the username and password matched those stored in the password file, the server granted the user access.

Several problems exist with password-based authentication. First, the password often has to travel over a non-secure network. If an adversary is able to “sniff” the username and password from the net, he or she will be able to masquerade as a valid user.

Another problem is that most users access more than one system and have more than one username and password. Users find it difficult to keep these names and passwords straight, so they either write the names and passwords down or use the same name and password on every system. Either solution is subject to abuse.

A better solution is for the user to generate a special kind of cryptographic key, called a public/private key pair. These keys work together—if you encrypt something with my public key, only a person with my private key can decrypt it. If I keep my private key secret, you can be sure that I am the only one who can read your message.

In an ideal world, we could all post our public keys on servers somewhere and begin to communicate securely with each other. That practice is subject to abuse, too—an opponent could put a public key on the server with my name on it. If my opponent can trick you into using the bogus key, he or she will be able to read messages intended for me. (This strategy is a variation of the “man in the middle” attack described later in Chapter 41, in the section entitled “How Java Provides Security Over the Internet.”)

The solution is simple—I generate my public/private key pair, making sure I keep my private key secret. I send my public key to a “public key certifying authority” who requires that I prove my identity. After I’ve satisfied the certifying authority that I am who I say I am, they sign my key with their private key. Now anyone who wants to be sure that a public key with my name on it really belongs to me can check the signature of the certifying authority. If you find that the signature is valid, and you’re satisfied with their policy for checking my identity, then you can trust my public key.

The combination of a public key, identifying information, and a certification authority’s signature is called a certificate. The current generation of the standard for certificates is X.509v3.

Version 1.2 of the JDK includes new APIs for parsing certificates and maintaining local databases of X.509v3 certificates.

New Security Tools Version 1.2 of the JDK also includes tools to help you manage X.509v3 certificates. Within your company, for example, you may decide to issue certificates to any employee. The Java keytool, new in version 1.2, enables each user to generate a public/private keypair. The user can also use keytool to generate his or her own certificate (though the certificate is to a slightly older standard—X.509v1).

	If you plan to issue your own certificates, you’ll need a Certificate Server. Visit the Netscape site (http://home.netscape.com/comprod/server_central/product/certificate/index.html) and learn about Netscape’s Certificate Server, part of the SuiteSpot family of servers.

You use jarsigner in combination with your certificate to digitally sign Java Archives (JARs).

	If you’ve been using javakey from JDK 1.1 or earlier, replace it with keytool and jarsigner. The older tool, javakey, is now obsolete.

You can write an external security configuration file that specifies your machine’s security policy. The easiest way to write such a file is to use Sun’s policytool, also new in JDK 1.2.

JAR Enhancements

The JAR format is becoming increasingly important, especially with the new Extensions Framework described earlier in this section. Sun has introduced policies and mechanisms, for example, for handling dependencies on extensions and other classes distributed as JAR files.

With JDK 1.2 Sun has enhanced the command-line tool used for managing JARs. It has also enhanced the API that enables Java programs to read and write JAR files.

Java Foundation Classes

Like C and C++, most of the features of Java are not in the language itself, but in the libraries (which are called packages in Java). The first releases of Java came with some simple libraries (such as the Abstract Windowing Toolkit) that served to whet developers’ appetites. JDK 1.2 comes bundled with a new set of packages—the Java Foundation Classes, or JFC—that include an improved user interface called the Swing components.

Swing Package The first versions of the JDK supported a graphical user interface through a package called the Abstract Windowing Toolkit (AWT). In newer versions Sun has introduced the Swing package, which includes and expands upon the AWT. Swing contains many more components than those in the AWT, so you can build more sophisticated interfaces. More importantly, Swing implements the Lightweight User Interface Framework, which includes “pluggable look and feel.” This new feature means that an end user who prefers the look of Sun’s Motif interface can have that look, even though you, the developer, may prefer the basic Java interface. Over time, expect other “look and feel” combinations, such as Mac OS, Windows, and Solaris, to be built for Swing. (We’ll introduce Swing in Chapter 38, “User Input and Interactivity with Java.”)

Java 2D Sun has extended the AWT package to include a set of tools for dealing with two-dimensional drawings and images. These extensions include provision for colorspaces (java.awt.color), text (java.awt.font), line art (java.awt.geom), and printing (java.awt.print). In addition, about three dozen new objects are in the packages java.awt.* and java.awt.image.*.