Java Platform, Standard Edition Security Developer’S Guide
Total Page:16
File Type:pdf, Size:1020Kb
Java Platform, Standard Edition Security Developer’s Guide Release 11 E94828-12 July 2021 Java Platform, Standard Edition Security Developer’s Guide, Release 11 E94828-12 Copyright © 1993, 2021, Oracle and/or its affiliates. This software and related documentation are provided under a license agreement containing restrictions on use and disclosure and are protected by intellectual property laws. Except as expressly permitted in your license agreement or allowed by law, you may not use, copy, reproduce, translate, broadcast, modify, license, transmit, distribute, exhibit, perform, publish, or display any part, in any form, or by any means. Reverse engineering, disassembly, or decompilation of this software, unless required by law for interoperability, is prohibited. The information contained herein is subject to change without notice and is not warranted to be error-free. If you find any errors, please report them to us in writing. If this is software or related documentation that is delivered to the U.S. Government or anyone licensing it on behalf of the U.S. Government, then the following notice is applicable: U.S. GOVERNMENT END USERS: Oracle programs (including any operating system, integrated software, any programs embedded, installed or activated on delivered hardware, and modifications of such programs) and Oracle computer documentation or other Oracle data delivered to or accessed by U.S. Government end users are "commercial computer software" or "commercial computer software documentation" pursuant to the applicable Federal Acquisition Regulation and agency-specific supplemental regulations. As such, the use, reproduction, duplication, release, display, disclosure, modification, preparation of derivative works, and/or adaptation of i) Oracle programs (including any operating system, integrated software, any programs embedded, installed or activated on delivered hardware, and modifications of such programs), ii) Oracle computer documentation and/or iii) other Oracle data, is subject to the rights and limitations specified in the license contained in the applicable contract. The terms governing the U.S. Government’s use of Oracle cloud services are defined by the applicable contract for such services. No other rights are granted to the U.S. Government. This software or hardware is developed for general use in a variety of information management applications. It is not developed or intended for use in any inherently dangerous applications, including applications that may create a risk of personal injury. If you use this software or hardware in dangerous applications, then you shall be responsible to take all appropriate fail-safe, backup, redundancy, and other measures to ensure its safe use. Oracle Corporation and its affiliates disclaim any liability for any damages caused by use of this software or hardware in dangerous applications. Oracle and Java are registered trademarks of Oracle and/or its affiliates. Other names may be trademarks of their respective owners. Intel and Intel Inside are trademarks or registered trademarks of Intel Corporation. All SPARC trademarks are used under license and are trademarks or registered trademarks of SPARC International, Inc. AMD, Epyc, and the AMD logo are trademarks or registered trademarks of Advanced Micro Devices. UNIX is a registered trademark of The Open Group. This software or hardware and documentation may provide access to or information about content, products, and services from third parties. Oracle Corporation and its affiliates are not responsible for and expressly disclaim all warranties of any kind with respect to third-party content, products, and services unless otherwise set forth in an applicable agreement between you and Oracle. Oracle Corporation and its affiliates will not be responsible for any loss, costs, or damages incurred due to your access to or use of third-party content, products, or services, except as set forth in an applicable agreement between you and Oracle. Contents Preface Audience xx Documentation Accessibility xx Related Documents xx Conventions xx 1 General Security Terms and Definitions 1-1 Java Security Overview 1-4 Introduction to Java Security 1-4 Java Language Security and Bytecode Verification 1-5 Basic Security Architecture 1-6 Security Providers 1-6 File Locations 1-8 Java Cryptography 1-9 Public Key Infrastructure 1-10 Key and Certificate Storage 1-10 Public Key Infrastructure Tools 1-11 Authentication 1-12 Secure Communication 1-13 TLS and DTLS Protocols 1-13 Simple Authentication and Security Layer (SASL) 1-14 Generic Security Service API and Kerberos 1-14 Access Control 1-15 Permissions 1-15 Security Policy 1-16 Access Control Enforcement 1-16 Java API for XML Processing (JAXP) 1-18 XML Signature 1-19 Additional Information about Java Security 1-19 Java Security Classes Summary 1-20 Deprecated Security APIs Marked for Removal 1-22 iii Security Tools Summary 1-23 Built-In Providers 1-23 Java SE Platform Security Architecture 1-23 Introduction 1-23 The Original Sandbox Model 1-24 Evolving the Sandbox Model 1-25 Protection Mechanisms – Overview of Basic Concepts 1-27 Permissions and Security Policy 1-29 The Permission Classes 1-29 java.security.CodeSource 1-39 java.security.Policy 1-39 java.security.GeneralSecurityException 1-51 Access Control Mechanisms and Algorithms 1-52 java.security.ProtectionDomain 1-52 java.security.AccessController 1-52 Inheritance of Access Control Context 1-57 java.security.AccessControlContext 1-58 Secure Class Loading 1-59 Class Loader Class Hierarchies 1-60 The Primordial Class Loader 1-60 Class Loader Delegation 1-61 Class Resolution Algorithm 1-61 Security Management 1-62 Managing Applets and Applications 1-62 SecurityManager versus AccessController 1-63 Auxiliary Tools 1-63 GuardedObject and SignedObject 1-65 java.security.GuardedObject and java.security.Guard 1-65 java.security.SignedObject 1-66 Discussion and Future Directions 1-67 Resource Consumption Management 1-67 Arbitrary Grouping of Permissions 1-67 Object-Level Protection 1-67 Subdividing Protection Domains 1-68 Running Applets with Signed Content 1-68 Appendix A: API for Privileged Blocks 1-69 Using the doPrivileged API 1-69 What It Means to Have Privileged Code 1-74 Reflection 1-75 Appendix B: Acknowledgments 1-76 Appendix C: References 1-76 iv Standard Algorithm Names 1-77 Permissions in the JDK 1-77 Permission Descriptions and Risks 1-78 Methods and the Permissions They Require 1-79 java.lang.SecurityManager Method Permission Checks 1-105 JDK Supported Permissions 1-110 Default Policy Implementation and Policy File Syntax 1-110 Default Policy Implementation 1-111 Default Policy File Locations 1-111 Modifying the Policy Implementation 1-112 Policy File Syntax 1-113 Policy File Examples 1-118 Property Expansion in Policy Files 1-120 Windows Systems, File Paths, and Property Expansion 1-122 General Expansion in Policy Files 1-123 Appendix A: FilePermission Path Name Canonicalization Disabled By Default 1-125 Troubleshooting Security 1-127 2 Java Cryptography Architecture (JCA) Reference Guide Introduction to Java Cryptography Architecture 2-1 JCA Design Principles 2-2 Provider Architecture 2-3 Cryptographic Service Providers 2-3 How Providers Are Actually Implemented 2-5 Keystores 2-6 Engine Classes and Algorithms 2-7 Core Classes and Interfaces 2-8 The Provider Class 2-9 How Provider Implementations Are Requested and Supplied 2-10 Installing Providers 2-12 Provider Class Methods 2-12 The Security Class 2-12 Managing Providers 2-14 Security Properties 2-15 The SecureRandom Class 2-15 Creating a SecureRandom Object 2-16 Seeding or Re-Seeding the SecureRandom Object 2-16 Using a SecureRandom Object 2-16 Generating Seed Bytes 2-17 The MessageDigest Class 2-17 v Creating a MessageDigest Object 2-17 Updating a Message Digest Object 2-17 Computing the Digest 2-18 The Signature Class 2-18 Signature Object States 2-19 Creating a Signature Object 2-19 Initializing a Signature Object 2-20 Signing with a Signature Object 2-20 Verifying with a Signature Object 2-21 The Cipher Class 2-21 Other Cipher-based Classes 2-30 The Cipher Stream Classes 2-30 The SealedObject Class 2-33 The Mac Class 2-34 Key Interfaces 2-36 The KeyPair Class 2-37 Key Specification Interfaces and Classes 2-37 The KeySpec Interface 2-38 The KeySpec Subinterfaces 2-38 The EncodedKeySpec Class 2-39 Generators and Factories 2-39 The KeyFactory Class 2-40 The SecretKeyFactory Class 2-41 The KeyPairGenerator Class 2-43 The KeyGenerator Class 2-45 The KeyAgreement Class 2-46 Key Management 2-48 The KeyStore Class 2-50 Algorithm Parameters Classes 2-53 The AlgorithmParameterSpec Interface 2-53 The AlgorithmParameters Class 2-54 The AlgorithmParameterGenerator Class 2-56 The CertificateFactory Class 2-57 How the JCA Might Be Used in a SSL/TLS Implementation 2-58 Cryptographic Strength Configuration 2-60 Jurisdiction Policy File Format 2-63 How to Make Applications Exempt from Cryptographic Restrictions 2-65 Standard Names 2-69 Packaging Your Application 2-70 Additional JCA Code Samples 2-70 Computing a MessageDigest Object 2-71 vi Generating a Pair of Keys 2-72 Generating and Verifying a Signature Using Generated Keys 2-73 Generating/Verifying Signatures Using Key Specifications and KeyFactory 2-74 Generating Random Numbers 2-76 Determining If Two Keys Are Equal 2-77 Reading Base64-Encoded Certificates 2-78 Parsing a Certificate Reply 2-78 Using Encryption 2-79 Using Password-Based Encryption 2-80 Sample Programs for Diffie-Hellman Key Exchange, AES/GCM, and HMAC-SHA256 2-81 Diffie-Hellman