Java Reference
In-Depth Information
■
Note
When obfuscating packages that use the Bouncy Castle API, the
-defaultpackage ''
directive
is especially important, because Bouncy Castle provides some classes in the
java
package, such as
java.math.BigInteger
. The class loader for the CLDC doesn't load classes defined in system packages,
because doing so is a security threat (it would enable a rogue application to replace a system class with one
of its own). By using the
-defaultpackage ''
directive, the obfuscator renames any classes in that pack-
age, so this isn't a problem.
Let's see how using the Bouncy Castle API compares with using the SATSA APIs to
create message digests and encrypt a message.
Creating Message Digests Using the Bouncy Castle API
Message digest functions are provided by the
org.bouncycastle.crypto.digests
package,
which implements various message-digest algorithms in a manner consistent with the
JCA. Digest algorithms must implement the interface defined by
org.bouncycastle.
crypto.Digest
; this resembles the JCA's
MessageDigest
interface also found in the SATSA-
CRYPTO API. You might write the code in Listing 15-5 to compute an MD5 digest for a
web request.
Listing 15-5.
Computing an MD5 Digest for a Web Request
String webRequest = "…";
byte[] message = webRequest.getBytes();
byte[] digest;
org.bouncycastle.crypto.Digest md =
new org.bouncycastle.crypto.digests.MD5Digest();
md.update(message, 0, message.length);
digest = new byte[md.getDigestSize()];
md.doFinal(digest, 0);
The logic of this code is very similar to the code you'd write using the JCA or SATSA-
CRYPTO API. At a high level, the approach is the same: create an instance of the digest
algorithm, use the
update
method to pass it the bytes from which to compute the digest, and
then compute the digest using the
doFinal
method. However, there are a few differences:
• There's no generic factory for digest algorithms; instead, you explicitly create
an instance of the digest algorithm you need (this helps limit the number of
classes included in your application when you link against the Bouncy Castle
implementation).
