Establishing a Provider
The first step in building a provider is to create a Provider subclass that includes the algorithms. Providers are represented by a name that is a subclass of java.security.Provider. Each provider class has a name, version number, and string description. You can query these using:
public String getName() public double getVersion() public String getInfo()
To establish the provider subclass, import the java.security library, extend java.security.Provider, and make a call to super with the specifics:
import java.security.*; public class Provider extends java.security.Provider { public Provider() { super ("ECP", 1.1, "Earthweb's Cryptography Provider"); put("","") put("",""); } }
The call to super specifies a providers short name (used in the getInstance()
methods that accept a provider name), version number, and a long name or description.
Provider is a subclass of java.util.Hashtable. It keeps mappings between algorithm names and implementations as a list of string mappings. You can add mappings by using the put()
method. The put()
method takes two arguments: one is in the form of engine.algorithm; the second is the name of the class that implements the algorithm for the specified provider.
{ super ("ECP", 1.1, "Earthweb's Cryptography Provider"); put("engineAlgorithm","nameofclass") put("Signature", "DSA.ECP.crypto.etc"); }
A request to use this example provider would look like:
Sig = Signature.getInstance("Signature", "ECP");
Part four of this series will continue with the provider implementation and discuss the new export requirements in JCE 1.2.1.
Writing the Service Implementation Code
The longest and most difficult part of setting up a provider is actually writing the algorithm-specific code implementations of the services you want to provide. For each service provided, a subclass of the appropriate SPI class needs to be created (i.e., SignatureSpi). In your subclass, you need to supply implementations for the abstract methods (usually an engine) and ensure there is a public constructor without any arguments.
When one of your services is requested, the JDK security looks up the subclass implementing that service, specified by the property in your “Master Class”. JDK security then creates the class object associated with your subclass and creates an instance of your subclass by calling the newInstance
method on that class object. The method newInstance
requires your subclass to have a public constructor.
When instantiating a class from a JCE 1.2.1 service, the JCE framework will determine the provider’s codebase (JAR file) and verify its signature. This is a process that was added by the JCE 1.2.1.
Writing the Master Class
As mentioned earlier in the series, the master class — a subclass of provider — should be a ‘final class’. The master class’s constructor should call super, specifying the provider name, version number, and a string of info about the provider and the algorithms it supports.
Algorithmname, certificatetypename, and storetypename are listed here as the standard names of the algorithm, certificate type, or keystore. The fully qualified name of the class, certificate, or keystore type has the package name followed by class name, with the two separated by period. For example: earthweb.security.provider.DSA.
Here are the various types of properties that must be defined for the various types of services. The actual standard names in these examples should be substituted for your provider’s algorithm name, certificate type, or store type.
- Signature.algorithmname
- MessageDigest.algorithmname
- KeyPairGenerator.algorithmname
- SecureRandom.algorithmname
- KeyFactory.algorithmname
- CertificateFactory.certificatetypename
- KeyStore.storetypename
- AlgorithmParameterGenerator.algorithmname
- AlgorithmParameters.algorithmname
- Mac.algorithmname
In part four, we delve a little deeper and take a look at permissions, documentation, and providers outside of the United States.
References and Resources
- JCE Overview
- How to Implement a Provider for the JCE
- Inside Java 2 Platform Security, Li Gong, Addison Wesley, 1999
- Java Cryptology, Jonathon Knudsen, O’Reilly and Associates, 1998
- Java Security Handbook, Jamie Jaworski and Paul Perrone, SAMS Publishing, 2000
About the Author
Thomas Gutschmidt is a freelance writer, in Bellevue, Wash., who also works for Widevine Technologies.