Java Certification Path API
by; Benoy Jose
Introduction:
Public key cryptography or Certificate based security, which
forms the basis for SSL (Secure socket layer) transactions, has
established itself as a reliable protocol for secure online
transactions. Every year billions of transactions involving
trillions of dollars are done safely using the SSL protocol. The
premise of all this trust is that the website offering to do the
transaction is who it claims it to be. How does the website do
that? What if the user does not trust the website and its public
key or what if the user has a outdated copy of the public key?
What if the user does not have an authentic copy of the CA's
public key? This can be done by a Certification authority or CA,
who signs the public key with its own private key. Now the
public key of the website can be verified by the user if he has
an authentic copy of the public key of the CA. Now another
public key from another CA or an entity trusted by the user
needs to sign and vouch for the authenticity of the CA's public
key. This can go on recursively till the user satisfies himself
by verifying the website's public key through an entity that the
user trusts. This chain of certificates is called a
certification path. So a certification path is an ordered list
of certificates which contains the public key certificate of the
target entity (in this case the website) and a zero or more
additional certificates.
The Java certification path API provides a mechanism to
implement certification path functionality. It can be called as
an extension of the Java security package which handles
certificates (Java.security.cert). It does not take care or
replace basic security functionality provided by the Java
security package. It is designed to augment the capabilities of
the Java security API. Hence Sun decided to include the
certification path API as a standard package rather than a
extension package(javax.*). The certification path API classes
are packaged in the java.security.certpath package. The package
has classes that implement certification path functionality in an
algorithm and control implementation in an independent manner. The
certification path needs to be validated before it can be
trusted as a legitimate path to verify the subject's public key.
Validation is done by checking the validity of the certificates
in the certification path. The process includes checking if the
digital certificates have been revoked and also checking if the
certificate is a valid one. The API can be used by developers
who need to write service provider implementations for a
specific certification path or to validate algorithms. It can
also be used by developers who need to access standard
algorithms for creating, building and validating certification
paths.
The article assumes that the reader is familiar with the Java
security package and Java cryptography architecture. A basic
knowledge of digital certificates, public key cryptography and
X.509 certificates would also help. The Java security tutorial
could provide a starting point for Java security
http://java.sun.com/j2se/1.4/docs/guide/security/index.html.
Apart from that
http://java.sun.com/j2se/1.4.2/docs/guide/security/CryptoSpec.html
can provide an introduction to the basic aspects of
cryptography and the Java cryptography architecture.
The core API can be divided into four basic categories: Basic
Certification path classes, Certification path Validation
classes, Certification path Building classes, and
Certificate/CRL Storage classes.
New on the Java Boutique:
New Review:
Time Management Made Easy with the Quartz Enterprise Job Scheduler
Why not just use the Java timer API? This open source scheduling
API boasts simplicity, ease-of-integration, a well-rounded feature
set, and it's free!
New Applet:
Reverse Complement
Reverse Complement is a simple applet that converts DNA or RNA
sequences into three useful formats.
Elsewhere on internet.com:
WebDeveloper Java
Lots of Java information on webdeveloper.com
WDVL Java
Thorough Java resource at the Web Developer's Virtual Library.
ScriptSearch Java
Hundreds of free Java code files to download.
jGuru: Your View of the Java Universe
Customizable portal with online training, FAQs, regular news updates, and tutorials.
| 
