Download lecture notes

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project

page
1
page
2
page
3
page
4
page
5
page
6
page
7
page
8
page
9
page
10
page
11
page
12
page
13
page
14
page
15
page
16
page
17
page
18
page
19
page
20
page
21
page
22
page
23
page
24
page
25
page
26
page
27
Document related concepts
no text concepts found
Transcript 
Java Security
cont’d
Laboratuar Study
 Study the Java code of the 15th slide which was given in
previous lesson, - 3_May lecture notes-.
 After running the related code, make the following changes:
Explain the important lines (as the color green)
constituting the input-output concepts of that
application, which were define in java.io package.
For example: BufferedOutputStream, FileOutputStream,
writeBytes, flush()…….....
Change your class name as “FirstSecurity”
Change your directory which you will write your
manuscript in it as “mycheck”
Change your note in the frame as two different lines
as follows:
You successfully wrote your manuscript to the - ….- file in your computer \n
You can share it with your fiends
Laboratuar Study cont’d
 Change the method which implements the writing process to the object dos
as follows one by one, then explain the differences.
write ( byte[] b, int off, int len);
http://stein.cshl.org/jade/distrib/docs/java.io.OutputStream. Html
&
writeChars (String s);
&
write(byte[] b);
&
write(int i);
Laboratuar Study
cont’d
//* The following code lines helps to create a sample buffer
* of bytes by first making a String and then using the
*getBytes() method to extract the byte array equivalent
*/
//* FileOptputStream creates an OutputStream that we can use
* to write bytes to a file
*/
………………………………………….
String source = "Ayse went to school";
int length= source.length();
byte buffer[] = source.getBytes();
……………………………………
dos.write(length);
dos.write(buffer);
Laboratuar Study
cont’d
"Now is the time for all good men to come to the aid of their country and
pay their due taxes.”
 Write the statement above as three different lines to the file named dos.
 Compare the following three different code lines results on the file dos and
write the differences for each ones
…………………….................
for (int i = 0; i < buffer. length; i += 2)
dos.write(buffer[i]);
............................................
and
………………….....................
dos.write(buffer);
…………………….....................
and
………………………...................................
dos.write(buffer,buffer.length/4,buffer.length/4);
…………………………………..................
and
-------------------------------------dos.write(buffer, buffer.length-buffer.length/4, buffer.length/4);
-------------------------------------
Java Applet Security
Appletviewer
// Create a file called writeFile.html with the following
//contents
<html>
<title> Java Security Example: Writing Files</title>
<h1> Java Security Example: Writing Files </h1>
<hr>
<APPLET CODE = writeFile.class WIDTH = 500
HEIGHT = 50 >
</APPLET>
<hr>
</html>
Running the applet:
appletviewer writeFile.html
applet viewer -- applets subject to security
manager by default
Running the Applet
 In contrast to what would happen with an
application, the applet generated an exception
since the applet is subject to the security manager by default.
 If it is required, the installation can be governed by
a customizable policy,.
 Running the following command line:

appletviewer -J"-Djava.security.policy=all. policy"
writeFile.html
Would allow modification of the file (tmpfoo)
 since this was permitted in accordance with the policy file.
Example
Creating a window from an applet
import java.awt.*;
import java.applet.*;
public class myWindow extends Applet {
public void init() {
new DialogFrame("Java Security FAQ Example"); }
public class DialogFrame extends Frame {
DialogFrame (String title) {
super (title);
setLayout (new FlowLayout());
add (new Label ("Dismiss?"));
add (new Button ("Yes"));
add (new Button ("No"));
resize(300, 100);
show(); }
public boolean action (Event e, Object arg) {
String label = (String)arg;
if (label.equals ("Yes")) {
dispose(); }
return true;
} } }
Creating a New Policy File
 We use policytool to create or edit an existing policy file.
 The following is an example of a policy file created using
policytool.
 It grants two permissions.
 It grants code signed by Duke permission to read files located in the
user's home directory.
 It also grants code from the location http://someserver/myjar.jar
(regardless of who signed it) to read the file.encoding system property.
> policytool -file .policy
keystore ".keystore";
grant signedBy "Duke" { permission java.io.FilePermission
"${user.dir}/-", "read";
};
grant codeBase "http://someserver/myjar.jar" { permission
java.util.PropertyPermission "file.encoding", "read";
}
Managing Policy Files
 By default, the JDK uses the policy files located in
file: ${java.home}/lib/security /java.policy
file:${ user.home}/.java.policy
 These policy files are specified in the default security file:
${java.home}/ lib/security/ java.security
 The final policy is the union of all granted permissions in all
policy files.
 To specify an additional policy file, you can set the
java.security.policy system property at the command line:
> java -Djava.security.manager –
Djava.security.policy=someURL MyApp
or
>appletviewer -J-Djava.security.policy = someURL HTMLfile
Managing Policy Files
cont’d
 To ignore the policies in the java.security file,
and only use the specified policy,
use `==' instead of `=':
> java – Djava.security.manager Djava.security.policy==someURL MyApp
Specifying an Additional Policy File
at Runtime
 It is also possible to specify an additional or a different
policy file when invoking execution of an application.
 This can be done via the "-Djava.security.policy" command
line argument,
 which sets the value of the java.security.policy property.
For example, if you use
java -Djava.security.manager -Djava.security.policy=someURL
SomeApp
where someURL is a URL specifying the location of a
policy file
 Then the specified policy file will be loaded in addition to all the
policy files that are specified in the security properties file.
Specifying an Additional Policy File
at Runtime
cont’d
 If we want to pass a policy file to the appletviewer, then we
can use a "-J-Djava.security.policy" argument as follows:
appletviewer -J-Djava.security.policy=someURL
myApplet
Please note:
The "-Djava.security.policy" policy file value will be ignored (for
both java and appletviewer commands) if the
"policy.allowSystemProperty" property in the security
properties file is set to false. The default is true.
Policy File Syntax
 The policy configuration file(s) for a SDK installation
specify
what permissions (which types of system resource accesses) are
allowed by code from specified code sources.
 In order for an applet (or an application running under
a security manager) to be allowed to perform
secured actions (such as reading or writing a file),
 the applet (or application) must be granted permission for that
particular action.
 In the default Policy implementation
 that permission must be granted
 by a grant entry in a policy configuration file.
 A policy configuration file essentially contains a list of
entries.
 It may contain a "keystore" entry, and contains zero or more "grant"
entries.
Keystore Entry
 A keystore is a database of private keys and
their associated digital certificates such as X.509
certificate chains
authenticating the corresponding public keys.
 The keytool utility is used to create and
administer keystores.
 The keystore specified in a policy configuration
file is used to look up the public keys of the
signers specified in the grant entries of the file.
 A keystore entry must appear in a policy
configuration file
if any grant entries specify signer aliases
Listing all Aliases in a Key Store
try { // Load the keystore in the user's home directory
File file = new File (System. getProperty ("user.home") +
File.separatorChar +
".keystore");
FileInputStream is = new FileInputStream(file);
KeyStore keystore =
KeyStore.getInstance(KeyStore.getDefaultType());
String password = "my-keystore-password";
keystore.load(is, password.toCharArray());
// List the aliases Enumeration
enum = keystore.aliases();
for (; enum.hasMoreElements(); ) {
String alias = (String)enum.nextElement();
// Does alias refer to a private key?
boolean b = keystore.isKeyEntry(alias);
// Does alias refer to a trusted certificate?
b = keystore.isCertificateEntry(alias); }
is.close();
} catch (java.security.cert.CertificateException e) {
} catch (NoSuchAlgorithmException e) {
} catch (FileNotFoundException e) {
// Keystore does not exist
} catch (KeyStoreException e) {
} catch (IOException e) { }
The aliases can also be listed using keytool:
> keytool -list -storepass my-keystore-password
Retrieving a Certificate from a Key
Store
try {
// Load the keystore in the user's home directory
FileInputStream is = new
FileInputStream(System.getProperty ("user.home")
+ File.separatorChar + ".keystore");
KeyStore keystore =
KeyStore.getInstance(KeyStore.getDefaultType());
keystore.load(is, "my-keystore-password".toCharArray());
// Get certificate
java.security.cert.Certificate cert =
keystore.getCertificate ("myalias"); }
catch (KeyStoreException e) {
} catch (java.security.cert.CertificateException e) {
} catch (NoSuchAlgorithmException e) {
} catch (java.io.IOException e) { }
Adding a Certificate to a Key Store
/** This method adds a certificate with the specified
*/ alias to the specified keystore file.
public static void addToKeyStore(File keystoreFile,char[] keystorePassword,
String alias, java.security.cert.Certificate cert) {
{try { // Create an empty keystore object
KeyStore keystore =
KeyStore.getInstance(KeyStore.getDefaultType());
// Load the keystore contents
FileInputStream in = new FileInputStream(keystoreFile);
keystore.load(in, keystorePassword);
in.close();
// Add the certificate
keystore.setCertificateEntry(alias, cert);
// Save the new keystore contents
FileOutputStream out = new FileOutputStream(keystoreFile);
keystore.store(out, keystorePassword);
out. close();
} catch (java.security.cert.CertificateException e) {
} catch (NoSuchAlgorithmException e) {
} catch (FileNotFoundException e) {
// Keystore does not exist
} catch (KeyStoreException e) {
} catch (IOException e) {
}
}
The interaction of key classes
The KeyPairGenerator class generates keys from scratch.
With no input (or, possibly, input to initialize it to a certain
state), the generator can produce one or more pairs of
keys.
The KeyFactory class translates between key objects and their
external representations which may be either a byte array or a key
specification; this translation goes both ways
Generating a Public/Private Key Pair
try {
// Generate a 1024-bit Digital Signature Algorithm (DSA) key pair
KeyPairGenerator keyGen =
KeyPairGenerator.getInstance ("DSA");
keyGen.initialize(1024);
KeyPair keypair = keyGen.genKeyPair();
PrivateKey privateKey = keypair.getPrivate();
PublicKey publicKey = keypair.getPublic();
// Generate a 576-bit DH key pair
keyGen = KeyPairGenerator.getInstance ("DH");
keyGen.initialize(576);
keypair = keyGen.genKeyPair();
privateKey = keypair.getPrivate();
publicKey = keypair.getPublic();
// Generate a 1024-bit RSA key pair
keyGen = KeyPairGenerator.getInstance ("RSA");
keyGen.initialize(1024);
keypair = keyGen.genKeyPair();
privateKey = keypair.getPrivate();
publicKey = keypair.getPublic();
} catch (java.security.NoSuchAlgorithmException e) {
}
Related documents
CS112 - INTRODUCTION TO PROGRAMMING Programming Project #2 - Due Purpose:
CS112 - INTRODUCTION TO PROGRAMMING Programming Project #2 - Due Purpose:
Chapter 1 questions
Chapter 1 questions
A Java Environment for High-Performance Computing
A Java Environment for High-Performance Computing
Applets and Conclusion
Applets and Conclusion
Name of the Teacher: Mr. Pankaj Sambyal
Name of the Teacher: Mr. Pankaj Sambyal
Programming
Programming
Name - ReachIvy
Name - ReachIvy
Academic Vocabulary Chap 1-3
Academic Vocabulary Chap 1-3
Our direct client has an urgent need for Java Developer for
Our direct client has an urgent need for Java Developer for
Java Basic Syntax
Java Basic Syntax
Steps to run a Java application with JDK
Steps to run a Java application with JDK
Java – Course Syllabus Standard Edition
Java – Course Syllabus Standard Edition
Read JDJ Article
Read JDJ Article
cryptography 456 android secure file transfer w/ ssl
cryptography 456 android secure file transfer w/ ssl
RMFT Java Command Line Reference Guide
RMFT Java Command Line Reference Guide