Java Reference
In-Depth Information
8.5.4.3
TrustManagerFactory
Class
he
javax.net.ssl.TrustManagerFactory
is an engine class for a provider-based service
that acts as a factory for one or more types of
TrustManager
objects. Because it is provider-
based, additional factories can be implemented and conigured that provide additional or alternate
trust managers that provide more sophisticated services or that implement installation-speciic
authentication policies.
8.5.4.4
KeyManager
Interface
We have already indicated in the overview that to authenticate to a remote peer, one needs to
initialize an
SSLContext
object with one or more
KeyManagers
. By using the internal
default context (e.g., a
SSLContext
created by
SSLSocketFactory.getDefault()
or
SSLServerSocketFactory
.
getDefault())
, a default
KeyManager
can be created.
Typically, there is a single key manager that supports authentication based on X.509 public key
certiicates. Some secure socket implementations may also support authentication based on other
mechanisms such as shared secret keys, Kerberos, and so on. he
KeyManager
instances are
created either by using a
KeyManagerFactory
or by providing a concrete implementation of
the
KeyManager
interface.
8.5.4.5
KeyManagerFactory
Class
he
javax.net.ssl.KeyManagerFactory
is an engine class for a provider-based service
that acts as a factory for one or more types of
KeyManager
objects. he
SunJSSE
provider
implements a factory, which can return a basic X.509 key manager. Because it is provider-based,
additional factories can be implemented and conigured to provide additional or alternate key
managers.
8.6 Summary
We began this chapter by introducing cryptography. We discussed the evolution of cryptogra-
phy through the ages, from the Roman Empire and the world wars to the current-day crypto-
graphic implementations with a computing dimension. Some common terms and deinitions to
aid in the understanding of cryptography and its related concepts were explored. Two important
types of cryptographic implementations were discussed, namely, the symmetric and asymmetric
cryptographic methods of cryptography. We contrasted the two cryptographic implementations
and also highlighted their respective merits and demerits. Symmetric encryption consists of two
types of ciphers: block and stream ciphers. Modes of encryption that are present for block cipher
implementations were explained. Subsequently, we discussed several attacks against cryptogra-
phy like known-plaintext, known-ciphertext, and birthday attack and delved into the reasons
for the success of the said cryptographic attacks. We then explored the realm of Web application
cryptography by studying some of the popular encryption algorithms used to protect data in
storage, following which we also discussed some of the lawed implementations of cryptography
in Web applications, provided an insight into some of the best practices of Web application
cryptography, and explored some of the security compliance and regulatory requirements relat-
ing to the encryption of sensitive data stored or transmitted by an organization. From the Java
Search WWH ::
Custom Search