搜索
计算机Java编程技术翻译文献CoreJava™VolumeII–AdvancedFeaturesWhenJavatechnologyfirstappearedonthescene,theexcitementwasnotaboutawell-craftedprogramminglanguagebutaboutthepossibilityofsafelyexecutingappletsthataredeliveredovertheInternet(seeVolumeI,Chapter10formoreinformationaboutapplets).Obviously,deliveringexecutableappletsispracticalonlywhentherecipientsaresurethatthecodecan'twreakhavocontheirmachines.Forthisreason,securitywasandisamajorconcernofboththedesignersandtheusersofJavatechnology.Thismeansthatunlikeotherlanguagesandsystems,wheresecuritywasimplementedasanafterthoughtorareactiontobreak-ins,securitymechanismsareanintegralpartofJavatechnology.Threemechanismshelpensuresafety:•Languagedesignfeatures(boundscheckingonarrays,nouncheckedtypeconversions,nopointerarithmetic,andsoon).•Anaccesscontrolmechanismthatcontrolswhatthecodecando(suchasfileaccess,networkaccess,andsoon).•Codesigning,wherebycodeauthorscanusestandardcryptographicalgorithmstoauthenticateJavacode.Then,theusersofthecodecandetermineexactlywhocreatedthecodeandwhetherthecodehasbeenalteredafteritwassigned.Below,you'llseethecryptographicalgorithmssuppliedinthejava.securitypackage,whichallowforcodesigninganduserauthentication.Aswesaidearlier,appletswerewhatstartedthecrazeovertheJavaplatform.Inpractice,peoplediscoveredthatalthoughtheycouldwriteanimatedappletslikethefamousnervoustextapplet,appletscouldnotdoawholelotofusefulstuffintheJDK1.0securitymodel.Forexample,becauseappletsunderJDK1.0weresocloselysupervised,theycouldn'tdomuchgoodonacorporateintranet,eventhoughrelativelylittleriskattachestoexecutinganappletfromyourcompany'ssecureintranet.ItquicklybecamecleartoSunthatforappletstobecometrulyuseful,itwasimportantforuserstobeabletoassigndifferentlevelsofsecurity,dependingonwheretheappletoriginated.Ifanappletcomesfromatrustedsupplierandithasnotbeentamperedwith,theuserofthatappletcanthendecidewhethertogivetheappletmoreprivileges.Togivemoretrusttoanapplet,weneedtoknowtwothings:•Wheredidtheappletcomefrom?•Wasthecodecorruptedintransit?Inthepast50years,mathematiciansandcomputerscientistshavedevelopedsophisticatedalgorithmsforensuringtheintegrityofdataandforelectronicsignatures.Thejava.securitypackagecontainsimplementationsofmanyofthesealgorithms.Fortunately,youdon'tneedtounderstandtheunderlyingmathematicstousethealgorithmsinthejava.securitypackage.Inthenextsections,weshowyouhowmessagedigestscandetectchangesindatafilesandhowdigitalsignaturescanprovetheidentityofthesigner.Amessagedigestisadigitalfingerprintofablockofdata.Forexample,theso-calledSHA1(securehashalgorithm#1)condensesanydatablock,nomatterhowlong,intoasequenceof160bits(20bytes).Aswithrealfingerprints,onehopesthatnotwomessageshavethesameSHA1fingerprint.Ofcourse,thatcannotbetrue—thereareonly2160SHA1fingerprints,sotheremustbesomemessageswiththesamefingerprint.But2160issolargethattheprobabilityofduplicationoccurringisnegligible.Hownegligible?AccordingtoJamesWalshinTrueOdds:HowRisksAffectYourEverydayLife(MerrittPublishing1996),thechancethatyouwilldiefrombeingstruckbylightningisaboutonein30,000.Now,thinkofnineotherpeople,forexample,yournineleastfavoritemanagersorprofessors.ThechancethatyouandallofthemwilldiefromlightningstrikesishigherthanthatofaforgedmessagehavingthesameSHA1fingerprintastheoriginal.(Ofcourse,morethantenpeople,noneofwhomyouarelikelytoknow,willdiefromlightningstrikes.However,wearetalkingaboutthefarslimmerchancethatyourparticularchoiceofpeoplewillbewipedout.)Amessagedigesthastwoessentialproperties:•Ifonebitorseveralbitsofthedataarechanged,thenthemessagedigestalsochanges.•Aforgerwhoisinpossessionofagivenmessagecannotconstructafakemessagethathasthesamemessagedigestastheoriginal.Thesecondpropertyisagainamatterofprobabilities,ofcourse.Considerthefollowingmessagebythebillionairefather:Uponmydeath,mypropertyshallbedividedequallyamongmychildren;however,mysonGeorgeshallreceivenothing.ThatmessagehasanSHA1fingerprintof2D8B35F3BF49CDB19404E066212B5E577049E17EThedistrustfulfatherhasdepositedthemessagewithoneattorneyandthefingerprintwithanother.Now,supposeGeorgecanbribethelawyerholdingthemessage.HewantstochangethemessagesothatBillgetsnothing.Ofcourse,thatchangesthefingerprinttoacompletelydifferentbitpattern:2A330B4BB3FECC1C9D5C01A709510B49AC8F9892CanGeorgefindsomeotherwordingthatmatchesthefingerprint?IfhehadbeentheproudownerofabillioncomputersfromthetimetheEarthwasformed,eachcomputingamillionmessagesasecond,hewouldnotyethavefoundamessagehecouldsubstitute.Anumberofalgorithmshavebeendesignedtocomputethesemessagedigests.Thetwobest-knownareSHA1,thesecurehashalgorithmdevelopedbytheNationalInstituteofStandardsandTechnology,andMD5,analgorithminventedbyRonaldRivestofMIT.Bothalgorithmsscramblethebitsofamessageiningeniousways.Fordetailsaboutthesealgorithms,see,forexample,CryptographyandNetworkSecurity,4thed.,byWilliamStallings(PrenticeHall2005).Notethatrecently,subtleregularitieshavebeendiscoveredinbothalgorithms.Atthispoint,mostcryptographersrecommendavoidingMD5andusingSHA1untilastrongeralternativebecomesavailable.(Seehtt