\u524d\u6bb5\u65f6\u95f4\u518d\u770b\u5173\u4e8eJDK\u7b97\u6cd5\u76f8\u5173\u7684\u77e5\u8bc6\u65f6\uff0c\u770b\u5230\u5f88\u591a\u4e0ejdk\u4e2dsecurity\u5305\u4e0b\u7684\u6a21\u5757\u6709\u4e00\u5b9a\u5173\u8054\uff0c\u4e4b\u524d\u5bf9\u8fd9\u5757\u4e00\u76f4\u6ca1\u6709\u5173\u6ce8\uff0c\u8d81\u6b64\u673a\u4f1a\u5148\u505a\u4e2a\u7b80\u5355\u7684\u4e86\u89e3\u3002<\/p>\n
\u672c\u6587\u65e8\u5728\u6df1\u5165\u63a2\u8ba8Java\u7684Security\u6280\u672f\uff0c\u5305\u62ec\u5176\u6838\u5fc3\u6982\u5ff5\u3001\u5173\u952e\u6a21\u5757\u4ee5\u53ca\u5177\u4f53\u5e94\u7528\u3002\u901a\u8fc7\u8be6\u7ec6\u5206\u6790\uff0c\u5e0c\u671b\u5e2e\u52a9\u8bfb\u8005\u66f4\u597d\u5730\u7406\u89e3\u5982\u4f55\u5728Java\u5e94\u7528\u7a0b\u5e8f\u4e2d\u5b9e\u73b0\u5b89\u5168\u9632\u62a4\uff0c\u63d0\u9ad8\u7cfb\u7edf\u7684\u53ef\u9760\u6027\u548c\u7a33\u5b9a\u6027\u3002<\/p>\n
\u4e3b\u8981\u529f\u80fd\u5305\u62ec\u6388\u6743\u3001\u8bbf\u95ee\u63a7\u5236\u3001\u6570\u636e\u52a0\u5bc6\u3001\u8eab\u4efd\u9a8c\u8bc1\u7b49\u3002<\/p>\n
\n
Java\u63d0\u4f9b\u4e86\u5bf9\u654f\u611f\u4fe1\u606f\u7684\u8bbf\u95ee\u63a7\u5236\u529f\u80fd\uff0c\u6bd4\u5982\u672c\u5730\u6587\u4ef6\uff0c\u7c7b\u65b9\u6cd5\u7b49\u7684\u8bbf\u95ee\u7ea6\u675f\uff0c\u4ee5\u6b64\u6765\u7ec4\u5efa\u5b89\u5168\u7684\u4ee3\u7801\u6846\u67b6<\/p>\n
\u5148\u770b\u4e00\u4e2a\u6587\u4ef6\u5199\u5165\u7684\u793a\u4f8b\uff1a<\/p>\n
(1) \u5b9a\u4e49policy<\/p>\n
grant {\n permission com.sucl.blog.security.jdk.control.UserResourcePermission \"read\";\n}<\/code><\/pre>\n(2) \u7f16\u5199\u6d4b\u8bd5\u7c7b<\/p>\n
public class FileAccessController {\n\n static {\n\/\/ -Djava.security.manager\n System.setSecurityManager( new SecurityManager() );\n }\n\n public static void main(String[] args) throws IOException {\n SecurityManager securityManager = System.getSecurityManager();\n if( securityManager == null ){\n System.out.println(\"\u6267\u884c\u6587\u4ef6\u5199\u51651\");\n writeHello(\"hello\");\n }else{\n System.out.println(\"\u6267\u884c\u6587\u4ef6\u5199\u51652\");\n AccessController.doPrivileged(new PrivilegedAction<Object>() {\n @Override\n public Object run() {\n try {\n writeHello(\"world\");\n } catch (IOException e) {\n throw new RuntimeException(e);\n }\n return null;\n }\n }, AccessController.getContext());\n }\n }\n\n private static void writeHello(String text) throws IOException {\n FileOutputStream fos = new FileOutputStream(\"e:\\\\home\\\\file.txt\", true);\n PrintWriter pw = new PrintWriter(fos);\n pw.println(text);\n pw.close();\n fos.close();\n }\n\n}<\/code><\/pre>\n(3) \u6d4b\u8bd5 cd \u5230target\/classes<\/p>\n
java -D\"java.security.policy=path\\file.policy\" com.sucl.blog.security.jdk.control.file.FileAccessController<\/code><\/pre>\n\u4e0a\u9762\u7684\u4f8b\u5b50\u4e2d\u5982\u679c\u6ca1\u6709\u5b9a\u4e49policy\u65f6\uff0c\u5982\u679c\u8c03\u7528\u6587\u4ef6\u5199\u5165\u65b9\u6cd5\uff0c\u6b64\u65f6\u4f1a\u629b\u51fa\u5f02\u5e38<\/p>\n
java.security.AccessControlException: access denied (\"java.io.FilePermission\" \"e:\\home\\file.txt\" \"write\")<\/code><\/pre>\n\u8fd9\u6837\u901a\u8fc7\u81ea\u5b9a\u4e49polic\u7f16\u5199\u6743\u9650\u7b56\u7565\uff0c\u5219\u53ef\u4ee5\u5b9e\u73b0\u5bf9\u8d44\u6e90\u8bbf\u95ee\u63a7\u5236\u7684\u6548\u679c\u3002<\/p>\n<\/p>\n
\u5982\u679c\u770bspring\u7684\u6e90\u4ee3\u7801\uff0c\u4f60\u4f1a\u53d1\u73b0\u6709\u5f88\u591a\u7c7b\u4f3cAccessController.doPrivileged\u8fd9\u6837\u7684\u5199\u6cd5\uff0c\u4e0d\u77e5\u9053\u5f53\u65f6\u6709\u6ca1\u8003\u8651\u8fc7\u5176\u76ee\u7684\uff0c\u867d\u7136\u5728\u8c03\u8bd5\u65f6\u53d1\u73b0\u5176\u6839\u672c\u6ca1\u6709\u6267\u884c<\/p>\n<\/p>\n
\u6570\u636e\u52a0\u5bc6\u4e0e\u89e3\u5bc6<\/h3>\n
Java Security API\u63d0\u4f9b\u4e86\u53ef\u4e92\u64cd\u4f5c\u7684\u7b97\u6cd5\u548c\u5b89\u5168\u670d\u52a1\u7684\u5b9e\u73b0\u3002\u670d\u52a1\u4ee5provider\u7684\u5f62\u5f0f\u5b9e\u73b0\uff0c\u53ef\u4ee5\u4ee5\u63d2\u4ef6\u7684\u5f62\u5f0f\u690d\u5165\u5e94\u7528\u7a0b\u5e8f\u4e2d\u3002 \u7a0b\u5e8f\u5458\u53ef\u4ee5\u900f\u660e\u5730\u4f7f\u7528\u8fd9\u4e9b\u670d\u52a1\uff0c\u5982\u6b64\u4f7f\u5f97\u7a0b\u5e8f\u5458\u53ef\u4ee5\u96c6\u4e2d\u7cbe\u529b\u5728\u5982\u4f55\u628a\u5b89\u5168\u7ec4\u4ef6\u96c6\u6210\u5230\u81ea\u5df1\u7684\u5e94\u7528\u7a0b\u5e8f\u4e2d\uff0c\u800c\u4e0d\u662f\u53bb\u5b9e\u73b0\u8fd9\u4e9b\u5b89\u5168\u529f\u80fd\u3002 \u6b64\u5916\uff0c\u9664\u4e86Java\u63d0\u4f9b\u7684\u5b89\u5168\u670d\u52a1\u5916\uff0c\u7528\u6237\u53ef\u4ee5\u7f16\u5199\u81ea\u5b9a\u4e49\u7684security provider\uff0c\u6309\u9700\u6269\u5c55Java\u7684security\u5e73\u53f0\u3002<\/p>\n
1.\u7b97\u6cd5<\/h4>\n\n- Message digest algorithms \u3010\u4fe1\u606f\u6458\u8981\u7b97\u6cd5, \u5982\uff1aMD5\u3011 <\/li>\n
- Digital signature algorithms \u3010\u6570\u5b57\u7b7e\u540d\u7b97\u6cd5\uff0cDSA\u3011 <\/li>\n
- Symmetric bulk encryption \u3010\u5bf9\u79f0\u5757\u52a0\u5bc6\uff0c \u5982\uff1aDES\u3011 <\/li>\n
- Symmetric stream encryption \u3010\u5bf9\u79f0\u6d41\u52a0\u5bc6\uff0c \u5982\uff1aRC4\u3011 <\/li>\n
- Asymmetric encryption \u3010\u975e\u5bf9\u79f0\u52a0\u5bc6\uff0c \u5982\uff1aRSA\u3011 <\/li>\n
- Password-based encryption (PBE) \u3010\u5bc6\u7801\u52a0\u5bc6\u3011 <\/li>\n
- Elliptic Curve Cryptography (ECC) \u3010\u692d\u5706\u66f2\u7ebf\u52a0\u5bc6\u3011 <\/li>\n
- Key agreement algorithms \u3010key\u534f\u8bae\u7b97\u6cd5\u3011 <\/li>\n
- Key generators \u3010key\u751f\u6210\u5668\u3011 <\/li>\n
- Message Authentication Codes (MACs) \u3010\u6d88\u606f\u8ba4\u8bc1\u7801\u3011 <\/li>\n
- (Pseudo-)random number generators \u3010\u4f2a\u968f\u673a\u6570\u751f\u6210\u5668\u3011<\/li>\n<\/ul>\n
2.\u793a\u4f8b<\/h4>\n
Java\u5185\u7f6e\u7684Provider\u63d0\u4f9b\u4e86\u8bb8\u591a\u901a\u7528\u7684\u5bc6\u7801\u7b97\u6cd5\uff0c\u6bd4\u5982\uff1aRSA, DSA, ECDSA\u7b49\u7b7e\u540d\u7b97\u6cd5\u3001DES, AES, ARCFOUR\u7b49\u52a0\u5bc6\u7b97\u6cd5\u3001MD5, SHA-1, SHA-256\u7b49 \u4fe1\u606f\u6458\u8981\u7b97\u6cd5\u3001\u8fd8\u6709Diffie-Hellman\u548cECDH\u8fd9\u6837\u7684\u5bc6\u94a5\u534f\u5546\u7b97\u6cd5\u3002\u4e0b\u9762\u7b80\u5355\u7684\u5b9e\u73b0\u4e86MD5\u3001DES\u3001RSA\u51e0\u4e2a\u6211\u4eec\u5e38\u7528\u7684\u7b97\u6cd5<\/p>\n
(1) MD5<\/p>\n
public class MD5 {\n\n private static final Charset DEFAULT_CHARSET = Charset.defaultCharset();\n\n static MessageDigest messageDigest;\n\n static {\n try {\n messageDigest = MessageDigest.getInstance(\"MD5\");\n } catch (NoSuchAlgorithmException e) {\n throw new RuntimeException(e);\n }\n }\n}<\/code><\/pre>\n(2) DES<\/p>\n
public class DES {\n\n private static final String DES = \"DES\";\n\n private static final int DEFAULT_ENCRYPT_CHUNK = 245;\n\n private static final int DEFAULT_DECRYPT_CHUNK = 256;\n\n private String salt;\n\n private SecretKey secretKey;\n\n public DES(String salt){\n this.salt = salt;\n initKey();\n }\n\n public void initKey(){\n try {\n KeyGenerator keyGenerator = KeyGenerator.getInstance(DES);\n SecureRandom secureRandom = new SecureRandom(salt.getBytes());\n keyGenerator.init(secureRandom);\n this.secretKey = keyGenerator.generateKey();\n } catch (NoSuchAlgorithmException e) {\n throw new RuntimeException(e);\n }\n }\n\n public String encrypt(String text){\n try {\n Cipher cipher = Cipher.getInstance(DES);\n cipher.init(Cipher.ENCRYPT_MODE, this.secretKey);\n\n byte[] codes = text.getBytes();\n int length = codes.length;\n\n ByteArrayOutputStream out = new ByteArrayOutputStream();\n int check = 0;\n byte[] cache ;\n while (check < length){\n int chunk = Math.min(DEFAULT_ENCRYPT_CHUNK, length-check);\n cache = cipher.doFinal(codes, check, chunk);\n check += chunk;\n out.write(cache, 0, cache.length);\n }\n return Base64.getEncoder().encodeToString(out.toByteArray());\n } catch (Exception e) {\n throw new RuntimeException(e);\n }\n }\n\n public String decrypt(String text){\n try {\n Cipher cipher = Cipher.getInstance(DES);\n cipher.init(Cipher.DECRYPT_MODE, this.secretKey);\n\n byte[] base64Text = Base64.getDecoder().decode(text);\n\n int length = base64Text.length;\n ByteArrayOutputStream out = new ByteArrayOutputStream();\n int check = 0;\n byte[] cache ;\n while (check < length){\n int chunk = Math.min(DEFAULT_DECRYPT_CHUNK, length-check);\n cache = cipher.doFinal(base64Text, check, chunk);\n check += chunk;\n out.write(cache, 0, cache.length);\n }\n return new String(out.toByteArray());\n } catch (Exception e) {\n throw new RuntimeException(e);\n }\n }\n}<\/code><\/pre>\n(3) RSA<\/p>\n
\n@Slf4j\npublic class RSA {\n\n private static final String KEY_ALGORITHM = \"RSA\";\n private static final int KEY_PAIR_SIZE = 2048;\n \/**\n * \u4e0d\u5927\u4e8e245\n *\/\n private static final int DEFAULT_ENCRYPT_CHUNK = 245;\n \/**\n * \u4e0d\u5927\u4e8e256\uff0c\u6539\u6210\u5176\u4ed6\u503c\u65f6\uff1aDecryption error\n *\/\n private static final int DEFAULT_DECRYPT_CHUNK = 256;\n\n \/**\n * NONEwithRSA\n * MD5withRSA\n * SHA256withRSA\n *\/\n private static final String SIGN_ALGORITHM = \"SHA256withRSA\";\n private static final String CIPHER_ALGORITHM = \"RSA\/ECB\/PKCS1Padding\";\n\n private KeyPair keyPair;\n\n public RSA() {\n this.keyPair = getKeyPair();\n }\n\n \/**\n * \u751f\u6210\u516c\u94a5\u3001\u79c1\u94a5\n * @param key\n * @return\n *\/\n private KeyPair getKeyPair(){\n try {\n KeyPairGenerator keyPairGen = KeyPairGenerator.getInstance(KEY_ALGORITHM);\n keyPairGen.initialize(KEY_PAIR_SIZE);\n return keyPairGen.generateKeyPair();\n } catch (Exception e) {\n throw new RuntimeException(e);\n }\n }\n\n \/**\n * \u83b7\u53d6\u516c\u94a5\n * @param base64PublicKey base64\u7f16\u7801\u7684\u503c \u57fa\u4e8eKeyPair\u516c\u94a5\n * @return\n *\/\n private PublicKey getPublicKey(String base64PublicKey){\n try {\n KeyFactory keyFactory = KeyFactory.getInstance(KEY_ALGORITHM);\n KeySpec keySpec = new X509EncodedKeySpec(hexToBytes(base64PublicKey)); \/\/\n PublicKey publicKey = keyFactory.generatePublic(keySpec);\n return publicKey;\n } catch (Exception e) {\n throw new RuntimeException(e);\n }\n }\n\n \/**\n * \u83b7\u53d6\u79c1\u94a5\n * @param base64PrivateKey base64\u7f16\u7801\u7684\u503c \u57fa\u4e8eKeyPair\u79c1\u94a5\n * @return\n *\/\n private PrivateKey getPrivateKey(String base64PrivateKey){\n try {\n KeyFactory keyFactory = KeyFactory.getInstance(KEY_ALGORITHM);\n\/\/ Security.addProvider(BouncyCastleProviderSingleton.getInstance());\n PKCS8EncodedKeySpec keySpec = new PKCS8EncodedKeySpec(hexToBytes(base64PrivateKey));\n PrivateKey privateKey = keyFactory.generatePrivate(keySpec);\n return privateKey;\n } catch (Exception e) {\n throw new RuntimeException(e);\n }\n }\n\n public String getPublicKey(){\n return bytesToHex(keyPair.getPublic().getEncoded());\n }\n\n public String getPrivateKey(){\n return bytesToHex(keyPair.getPrivate().getEncoded());\n }\n\n \/**\n * \u901a\u8fc7\u79c1\u94a5\u7b7e\u540d\n * @param data\n * @param privateKeyStr\n * @return\n *\/\n public String sign(byte[] data){\n PrivateKey privateKey = getPrivateKey(getPrivateKey());\n try {\n Signature sig = Signature.getInstance(SIGN_ALGORITHM);\n sig.initSign(privateKey);\n sig.update(data);\n return bytesToHex(sig.sign());\n } catch (Exception e) {\n throw new RuntimeException(e);\n }\n }\n\n \/**\n * \u6821\u9a8c\u7b7e\u540d\n * @param data\n * @param sign\n * @param publicKeyStr\n * @return\n *\/\n public boolean verify(byte[] data, String sign){\n PublicKey publicKey = getPublicKey(getPublicKey());\n try {\n Signature sig = Signature.getInstance(SIGN_ALGORITHM);\n sig.initVerify(publicKey);\n sig.update(data);\n return sig.verify(hexToBytes(sign));\n } catch (Exception e) {\n throw new RuntimeException(e);\n }\n }\n\n \/**\n * \u901a\u8fc7\u516c\u94a5\u52a0\u5bc6\n * @param text\n * @param publicKey\n * @return\n *\/\n public String encrypt(String text){\n byte[] codes = text.getBytes();\n PublicKey publicKey = getPublicKey(getPublicKey());\n try {\n Cipher cipher = Cipher.getInstance(CIPHER_ALGORITHM);\n cipher.init(Cipher.ENCRYPT_MODE, publicKey);\n int length = codes.length;\n\n ByteArrayOutputStream out = new ByteArrayOutputStream();\n int check = 0;\n byte[] cache ;\n while (check < length){\n int chunk = Math.min(DEFAULT_ENCRYPT_CHUNK, length-check);\n cache = cipher.doFinal(codes, check, chunk);\n check += chunk;\n out.write(cache, 0, cache.length);\n }\n return bytesToHex(out.toByteArray());\n } catch (Exception e) {\n throw new RuntimeException(e);\n }\n }\n\n \/**\n * \u901a\u8fc7\u79c1\u94a5\u89e3\u5bc6\n * @param text \u52a0\u5bc6\u5185\u5bb9\n * @param privateKeyStr\n * @return\n *\/\n public String decrypt(String text){\n PrivateKey privateKey = getPrivateKey(getPrivateKey());\n try {\n byte[] base64Text = hexToBytes(text);\n Cipher cipher = Cipher.getInstance(CIPHER_ALGORITHM);\n cipher.init(Cipher.DECRYPT_MODE, privateKey);\n\n int length = base64Text.length;\n ByteArrayOutputStream out = new ByteArrayOutputStream();\n int check = 0;\n byte[] cache ;\n while (check < length){\n int chunk = Math.min(DEFAULT_DECRYPT_CHUNK, length-check);\n cache = cipher.doFinal(base64Text, check, chunk);\n check += chunk;\n out.write(cache, 0, cache.length);\n }\n return new String(out.toByteArray());\n } catch (Exception e) {\n throw new RuntimeException(e);\n }\n }\n\n public byte[] hexToBytes(String str){\n return Base64.getDecoder().decode(str);\n }\n\n public String bytesToHex(byte[] bytes){\n return Base64.getEncoder().encodeToString(bytes);\n }\n}<\/code><\/pre>\n\u8eab\u4efd\u9a8c\u8bc1\u4e0e\u6388\u6743<\/h3>\n
\u5ba2\u6237\u7aef\u5411\u670d\u52a1\u5668\u53d1\u9001\u8eab\u4efd\u9a8c\u8bc1\u8bf7\u6c42\u3002 \u670d\u52a1\u5668\u968f\u673a\u751f\u6210\u4e00\u4e2a\u6311\u6218\u53c2\u6570\uff0c\u53d1\u9001\u7ed9\u5ba2\u6237\u7aef\u3002 \u5ba2\u6237\u7aef\u4f7f\u7528\u6311\u6218\u53c2\u6570\u548c\u5bc6\u7801\u8ba1\u7b97\u51fa\u54cd\u5e94\u53c2\u6570\uff0c\u5e76\u5c06\u54cd\u5e94\u53c2\u6570\u53d1\u9001\u7ed9\u670d\u52a1\u5668\u3002 \u670d\u52a1\u5668\u4f7f\u7528\u6311\u6218\u53c2\u6570\u3001\u7528\u6237\u540d\u548c\u5bc6\u7801\u8ba1\u7b97\u51fa\u671f\u671b\u7684\u54cd\u5e94\u53c2\u6570\uff0c\u5e76\u5c06\u5176\u4e0e\u5ba2\u6237\u7aef\u53d1\u9001\u7684\u54cd\u5e94\u53c2\u6570\u8fdb\u884c\u6bd4\u8f83\uff0c\u4ee5\u9a8c\u8bc1\u5ba2\u6237\u7aef\u7684\u8eab\u4efd\u3002<\/p>\n
\u8eab\u4efd\u8ba4\u8bc1\uff1a<\/p>\n
import javax.security.auth.login.LoginContext;\n\npublic class App {\n\n public static void main(String[] args) {\n URL url = ClassLoader.getSystemClassLoader().getResource(\"jaas.config\");\n System.setProperty(\"java.security.auth.login.config\", url.getPath());\n\n Subject subject = new Subject();\n subject.getPrincipals().add(new User(\"admin\"));\n \n LoginContext loginContext = new LoginContext(\"app\", subject);\n \n loginContext.login();\n }\n\n}<\/code><\/pre>\nAppLoginModule\uff1a<\/p>\n
@Slf4j\npublic class AppLoginModule implements LoginModule {\n\n @Override\n public void initialize(Subject subject, CallbackHandler callbackHandler, Map<String, ?> sharedState, Map<String, ?> options) {\n log.info(\"initialize\");\n \/\/ \u57fa\u4e8e\u914d\u7f6e\u6784\u5efa\u8ba4\u8bc1\u73af\u5883\n }\n\n @Override\n public boolean login() throws LoginException {\n log.info(\"login\");\n return true;\n }\n\n @Override\n public boolean commit() throws LoginException {\n log.info(\"commit\");\n return true;\n }\n\n @Override\n public boolean abort() throws LoginException {\n log.info(\"abort\");\n return false;\n }\n\n @Override\n public boolean logout() throws LoginException {\n log.info(\"logout\");\n return false;\n }\n}<\/code><\/pre>\njaas.config\uff0c\u653e\u5230classpath\u5373\u53ef\uff1a<\/p>\n
app {\n com.sucl.blog.security.jdk.auth.AppLoginModule required\n useTicketCache=true\n doNotPrompt=true;\n};<\/code><\/pre>\n<\/p>\n\u76f8\u5173\u8fd9\u5757\u77e5\u8bc6\u5728\u7f51\u4e0a\u627e\u4e86\u4e00\u5708\uff0c\u53d1\u73b0\u5f88\u5c11\u6709\u4eba\u8bb2\u5230\uff0c\u5728\u7f16\u5199\u793a\u4f8b\u51c6\u5907\u8ba9\u6587\u5fc3\u4e00\u8a00\u7ed9\u51fa\u70b9\u63d0\u793a\uff0c\u53d1\u73b0\u5b83\u53ea\u4f1a\u50bb\u50bb\u7684\u5751\u6211\uff0c\u7531\u4e8e\u65f6\u95f4\u539f\u56e0\u8fd9\u5757\u5185\u5bb9\u4e5f\u6ca1\u6709\u8fc7\u591a\u7684\u6df1\u5165\uff0c \u901a\u8fc7\u5173\u952e\u63a5\u53e3\u7684\u5b9e\u73b0\uff0c\u53ef\u4ee5\u770b\u5230\uff0c\u5728\u5f88\u591a\u6210\u719f\u7684\u9879\u76ee\u4e2d\u90fd\u6709\u88ab\u7528\u5230\uff0c\u53ef\u80fdjdk\u672c\u8eab\u7684\u6a21\u5757\u66f4\u591a\u662f\u5e94\u7528\u5728\u6784\u5efa\u57fa\u7840\u7cfb\u7edf\u67b6\u6784\u4e2d\u5427\u3002<\/p>\n<\/p>\n
\u5e38\u7528\u5de5\u5177\u7c7b<\/h3>\n
java.security \u5305\u662f Java \u5b89\u5168\u6846\u67b6\u7684\u6838\u5fc3\u90e8\u5206\uff0c\u4e0a\u9762\u8bf4\u5230\u5b83\u63d0\u4f9b\u4e86\u5404\u79cd\u7c7b\u548c\u63a5\u53e3\u6765\u652f\u6301\u52a0\u5bc6\u3001\u89e3\u5bc6\u3001\u7b7e\u540d\u3001\u9a8c\u8bc1\u7b49\u5b89\u5168\u64cd\u4f5c\u3002\u4e0b\u9762\u7b80\u5355\u7f57\u5217\u4e86\u5e38\u7528\u7684\u5de5\u5177\u7c7b\u53ca\u5176\u4f7f\u7528\u573a\u666f\u3002<\/p>\n
(1) KeyPairGenerator \u548c KeyPair\uff1a<\/p>\n
\n- KeyPairGenerator \u662f\u7528\u4e8e\u751f\u6210\u516c\u94a5\u548c\u79c1\u94a5\u5bf9\u7684\u7c7b\u3002\u5b83\u63d0\u4f9b\u4e86\u751f\u6210 RSA\u3001DSA \u7b49\u7b97\u6cd5\u7684\u5bc6\u94a5\u5bf9\u7684\u63a5\u53e3\u3002<\/li>\n
- KeyPair \u662f\u7531\u516c\u94a5\u548c\u79c1\u94a5\u7ec4\u6210\u7684\u952e\u5bf9\u7c7b\u3002\u5b83\u5305\u542b\u516c\u94a5\u548c\u79c1\u94a5\u7684\u4fe1\u606f\uff0c\u5e76\u63d0\u4f9b\u4e86\u64cd\u4f5c\u5bc6\u94a5\u7684\u65b9\u6cd5\u3002<\/li>\n
- \u4f7f\u7528\u573a\u666f\uff1a\u7528\u4e8e\u5b9e\u73b0\u57fa\u4e8e\u516c\u94a5\u52a0\u5bc6\u548c\u6570\u5b57\u7b7e\u540d\u7684\u5b89\u5168\u901a\u4fe1\uff0c\u4fdd\u8bc1\u6570\u636e\u4f20\u8f93\u7684\u5b89\u5168\u6027\u548c\u8eab\u4efd\u9a8c\u8bc1\u7684\u51c6\u786e\u6027\u3002<\/li>\n<\/ul>\n
(2) Certificate \u548c CertificateFactory\uff1a<\/p>\n
\n- Certificate \u662f\u8868\u793a\u8bc1\u4e66\u7684\u7c7b\u3002\u5b83\u63d0\u4f9b\u4e86\u8bc1\u4e66\u7684\u57fa\u672c\u4fe1\u606f\uff0c\u5982\u9881\u53d1\u8005\u3001\u6301\u6709\u8005\u3001\u6709\u6548\u671f\u7b49\u3002<\/li>\n
- CertificateFactory \u662f\u7528\u4e8e\u5904\u7406\u8bc1\u4e66\u7684\u7c7b\u3002\u5b83\u63d0\u4f9b\u4e86\u89e3\u6790\u8bc1\u4e66\u7684\u63a5\u53e3\uff0c\u53ef\u4ee5\u5c06\u8bc1\u4e66\u4ece\u5404\u79cd\u683c\u5f0f\u8f6c\u6362\u4e3a Certificate \u5bf9\u8c61\u3002<\/li>\n
- \u4f7f\u7528\u573a\u666f\uff1a\u7528\u4e8e\u9a8c\u8bc1\u8fdc\u7a0b\u8eab\u4efd\uff0c\u786e\u4fdd\u6570\u636e\u4f20\u8f93\u7684\u5b89\u5168\u6027\u3002\u5e38\u7528\u4e8e HTTPS \u7b49\u5b89\u5168\u534f\u8bae\u4e2d\u9a8c\u8bc1\u670d\u52a1\u5668\u8bc1\u4e66\u3002<\/li>\n<\/ul>\n
(3) AlgorithmParameters \u548c AlgorithmParameterGenerator\uff1a<\/p>\n
\n- AlgorithmParameters \u662f\u7528\u4e8e\u5904\u7406\u52a0\u5bc6\u7b97\u6cd5\u53c2\u6570\u7684\u7c7b\u3002\u5b83\u63d0\u4f9b\u4e86\u83b7\u53d6\u548c\u8bbe\u7f6e\u52a0\u5bc6\u7b97\u6cd5\u53c2\u6570\u7684\u65b9\u6cd5\u3002<\/li>\n
- AlgorithmParameterGenerator \u662f\u7528\u4e8e\u751f\u6210\u52a0\u5bc6\u7b97\u6cd5\u53c2\u6570\u7684\u7c7b\u3002\u5b83\u63d0\u4f9b\u4e86\u751f\u6210\u7279\u5b9a\u52a0\u5bc6\u7b97\u6cd5\u53c2\u6570\u7684\u63a5\u53e3\u3002<\/li>\n
- \u4f7f\u7528\u573a\u666f\uff1a\u7528\u4e8e\u589e\u5f3a\u52a0\u5bc6\u7b97\u6cd5\u7684\u5f3a\u5ea6\uff0c\u63d0\u4f9b\u66f4\u591a\u7684\u5b89\u5168\u9009\u9879\u3002\u4f8b\u5982\uff0c\u53ef\u4ee5\u7528\u4e8e\u751f\u6210 RSA \u52a0\u5bc6\u7b97\u6cd5\u4e2d\u7684\u5bc6\u94a5\u957f\u5ea6\u548c\u586b\u5145\u65b9\u5f0f\u3002<\/li>\n<\/ul>\n
(4) SecureRandom\uff1a<\/p>\n
\n- SecureRandom \u662f\u7528\u4e8e\u751f\u6210\u968f\u673a\u6570\u7684\u7c7b\u3002\u5b83\u63d0\u4f9b\u4e86\u52a0\u5bc6\u5f3a\u5ea6\u7684\u968f\u673a\u6570\u751f\u6210\u5668\uff0c\u751f\u6210\u7684\u968f\u673a\u6570\u66f4\u52a0\u5b89\u5168\u53ef\u9760\u3002<\/li>\n
- \u4f7f\u7528\u573a\u666f\uff1a\u7528\u4e8e\u751f\u6210\u968f\u673a\u6570\u9a8c\u8bc1\u7801\u3001\u968f\u673a\u5bc6\u94a5\u7b49\uff0c\u63d0\u9ad8\u5bc6\u7801\u5b89\u5168\u6027\u3002\u8fd8\u53ef\u4ee5\u7528\u4e8e\u521d\u59cb\u5316\u52a0\u5bc6\u7b97\u6cd5\u4e2d\u7684\u968f\u673a\u6570\u751f\u6210\u5668\u3002<\/li>\n<\/ul>\n
(5) KeyStore\uff1a<\/p>\n
\n- KeyStore \u662f\u7528\u4e8e\u7ba1\u7406\u5bc6\u94a5\u548c\u8bc1\u4e66\u5b58\u50a8\u7684\u7c7b\u3002\u5b83\u63d0\u4f9b\u4e86\u5b58\u50a8\u548c\u7ba1\u7406\u79c1\u94a5\u3001\u516c\u94a5\u8bc1\u4e66\u7b49\u5b89\u5168\u51ed\u636e\u7684\u65b9\u6cd5\u3002<\/li>\n
- \u4f7f\u7528\u573a\u666f\uff1a\u7528\u4e8e\u7ba1\u7406\u5e94\u7528\u7a0b\u5e8f\u7684\u5b89\u5168\u51ed\u636e\uff0c\u5982\u79c1\u94a5\u3001\u516c\u94a5\u8bc1\u4e66\u7b49\u3002\u53ef\u4ee5\u7528\u4e8e\u5b58\u50a8\u548c\u7ba1\u7406\u7528\u6237\u7684\u5bc6\u94a5\u5bf9\uff0c\u4fdd\u8bc1\u6570\u636e\u7684\u5b89\u5168\u6027\u3002<\/li>\n<\/ul>\n
\u9664\u4e86\u4e0a\u8ff0\u6a21\u5757\uff0cjava.security \u5305\u8fd8\u5305\u542b\u5176\u4ed6\u4e0e\u5b89\u5168\u76f8\u5173\u7684\u7c7b\u548c\u63a5\u53e3\uff0c\u5982\u6743\u9650\u3001\u7b56\u7565\u7b49\u3002\u8fd9\u4e9b\u6a21\u5757\u63d0\u4f9b\u4e86\u66f4\u7ec6\u7c92\u5ea6\u7684\u5b89\u5168\u63a7\u5236\u548c\u914d\u7f6e\u9009\u9879\uff0c\u9002\u7528\u4e8e\u5404\u79cd\u5b89\u5168\u573a\u666f\u3002 \u8981\u4e86\u89e3\u5168\u9762\u7684\u5b89\u5168\u529f\u80fd\u548c\u7528\u6cd5\uff0c\u8bf7\u53c2\u8003 Java \u5b98\u65b9\u6587\u6863\u6216\u76f8\u5173\u8d44\u6e90\u3002<\/p>\n
\u603b\u7ed3<\/h3>\n
Java Security\u6280\u672f\u63d0\u4f9b\u4e86\u5168\u9762\u7684\u5b89\u5168\u9632\u62a4\u673a\u5236\uff0c\u5305\u62ec\u6388\u6743\u3001\u8bbf\u95ee\u63a7\u5236\u3001\u6570\u636e\u52a0\u5bc6\u3001\u8eab\u4efd\u9a8c\u8bc1\u7b49\u3002\u901a\u8fc7\u6df1\u5165\u4e86\u89e3\u548c\u638c\u63e1\u8fd9\u4e9b\u6280\u672f\uff0c \u6211\u4eec\u53ef\u4ee5\u6784\u5efa\u66f4\u52a0\u5b89\u5168\u3001\u53ef\u9760\u7684Java\u5e94\u7528\u7a0b\u5e8f\u3002\u672c\u6587\u901a\u8fc7\u8be6\u7ec6\u4ecb\u7ecdJava Security\u7684\u6838\u5fc3\u6a21\u5757\u548c\u4ee3\u7801\u6f14\u793a\uff0c\u65e8\u5728\u5e2e\u52a9\u8bfb\u8005\u66f4\u597d\u5730\u7406\u89e3\u548c\u5e94\u7528\u8fd9\u4e9b\u6280\u672f\u3002 \u672a\u6765\uff0c\u968f\u7740\u6280\u672f\u7684\u4e0d\u65ad\u53d1\u5c55\uff0cJava Security\u5c06\u4f1a\u4e0d\u65ad\u5b8c\u5584\u548c\u6539\u8fdb\uff0c\u4e3a\u6211\u4eec\u7684\u5e94\u7528\u7a0b\u5e8f\u63d0\u4f9b\u66f4\u52a0\u5b89\u5168\u3001\u53ef\u9760\u7684\u4fdd\u969c\u3002<\/p>\n","protected":false},"excerpt":{"rendered":"
\u524d\u6bb5\u65f6\u95f4\u518d\u770b\u5173\u4e8eJDK\u7b97\u6cd5\u76f8\u5173\u7684\u77e5\u8bc6\u65f6\uff0c\u770b\u5230\u5f88\u591a\u4e0ejdk\u4e2dsecurity\u5305\u4e0b\u7684\u6a21\u5757\u6709\u4e00\u5b9a\u5173\u8054\uff0c\u4e4b\u524d\u5bf9\u8fd9\u5757\u4e00\u76f4 […]<\/p>\n","protected":false},"author":1,"featured_media":322743,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[61],"tags":[],"class_list":["post-322742","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-website"],"_links":{"self":[{"href":"https:\/\/idc.net\/help\/wp-json\/wp\/v2\/posts\/322742","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/idc.net\/help\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/idc.net\/help\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/idc.net\/help\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/idc.net\/help\/wp-json\/wp\/v2\/comments?post=322742"}],"version-history":[{"count":0,"href":"https:\/\/idc.net\/help\/wp-json\/wp\/v2\/posts\/322742\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/idc.net\/help\/wp-json\/wp\/v2\/media\/322743"}],"wp:attachment":[{"href":"https:\/\/idc.net\/help\/wp-json\/wp\/v2\/media?parent=322742"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/idc.net\/help\/wp-json\/wp\/v2\/categories?post=322742"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/idc.net\/help\/wp-json\/wp\/v2\/tags?post=322742"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}