Java Reference
In-Depth Information
Providers
Service Provider Interface
JCA/JCE Libraries
Application Programming Interface
Application Developers
Figure 8.10
Provider architecture for the JCA.
the key aspects of both JCE and JCA to arrive at the appropriate functionality of the security of
the application in question.
8.3.4 Architecture Details
Recall that we indicated earlier that JCA is a provider-based architecture and, based on this archi-
tecture, implementation independence can be achieved using the cryptography service provider
(CSP)-based model. Let's dive a bit deeper into the CSP and examine the architectural details.
Figure 8.10 illustrates the provider architecture for the JCA.
8.3.4.1 Cryptographic Service Providers (CSP)
CSPs provide a package (or a set of packages) that are concrete implementations of advertised
cryptographic algorithms. he Java development IDE/SDK from the product vendors usually is
packed with one or more CSPs installed and conigured by default. JCA ofers a set of APIs that
allow Java developers to query to determine the providers and the cryptographic services informa-
tion. JCA also makes it easy for application developers to add additional providers. Many third-
party provider implementations are already available that can be suitably used in developing a
strong cryptographic implementation for Web applications. Based on this, the developers of secure
Web applications may appropriately conigure their runtime environment to specify the provider
preference order.
he preference order is the order in which providers are searched for requested services when
no speciic provider is requested. his kind of architecture renders the development of a secure
application simple and convenient. An application developer may easily request a particular type
of object (for example, a
MessageDigest
) and a particular algorithm or service (for example,
MD5 algorithm). In return, the developer has an access to the implementation from one of the
installed providers. Alternatively, the developer can also request the objects from any other CSP.
Most often, the provider uses an appropriate name. For example,
md = MessageDigest.getInstance (“MD5”); or
md = messageDigest.getInstance (“MD5”, “We45MD5”);
Search WWH ::
Custom Search