Overview

SECURITY - java.security (some classes in KERNEL), java.security.acl, java.security.cert, java.security.interfaces, java.security.spec, javax.security.cert.

Status

Check the component_development_status page for the status of other ClassLibrary modules.

J2SE 1.4.2

The current codes cover J2SE 1.4.2 API

Java 5.0

Current code is mostly compliant with J2SE 1.5 specification. It should be updated to reflect new Java 5.0 enhancements (e.g. generics, enums) when harmony has a 1.5 compatible VM

Below are some details about what's available, missing and in progress

Public API

This component contains implementation of public API, internal code and unit tests. All public 1.5 classes are implemented and tested..

The code contains a number of TODO's such as:

  • switch to generics and/or enums
  • use more efficient API introduced in 1.5
  • implement optional features

Security Providers

Implementation of Certificate Factory based on internal ASN.1 functionality is included.

Provider name is "DRLCertFactory" (to be renamed)

Certificate Factory implementation is able to generate X.509 Certificates, CRLs, and CertPath objects on the base of their encoded forms. Supported certificate type is "X.509". This type should be used when generating an instance of CertificateFactory.

The supported encoded forms of certificates are

  • ASN.1 DER encoded form (as specified by RFC 3280)
  • PEM Encoded form, i.e. Base64 encoded form of ASN.1 encoding

The supported encoded forms of CRLs are

  • ASN.1 DER encoded form (as specified by RFC 3280)
  • PEM Encoded form, i.e. Base64 encoded form of ASN.1 encoding

The supported encoded forms of CertPath objects are:

PkiPath encoded form, i.e. sequence of ASN.1 DER encoded certificates (ASN.1 definition is PkiPath ::= SEQUENCE OF Certificate) CertPath can be generated from PKCS7 SignedData object provided in the form of ASN.1 DER encoded ContentInfo structure. Factory retrieves SignedData structure from ContentInfo structure and generated CertPath object represents the information presented in ‘certificates’ field of the SignedData object.

No other providers are currently implemented.

When crypto functionality is necessary one may use open source BouncyCastle provider

Known issues:

Signed jar file verification requires some crypto algorithms. But BouncyCastle provider is located in a signed jar file. So, at least Message Digest SHA-1 and Signature SHA1withDSA should be implemented and placed into unsigned jar to verify signature in BouncyCastle jar. The code contains simplified implementation of secure random algorithm. SHA1PRNG algorithm should be implemented

Tools

No security related tools (e.g. keytool, jarsigner) are currently implemented.

  • No labels