Java Security

Errata for Java Security

Submit your own errata for this product.


The errata list is a list of errors and their corrections that were found after the product was released. If the error was corrected in a later version or reprint the date of the correction will be displayed in the column titled "Date Corrected".

The following errata were submitted by our customers and approved as valid errors by the author or editor.

Color Key: Serious Technical Mistake Minor Technical Mistake Language or formatting error Typo Question Note Update



Version Location Description Submitted By Date Submitted Date Corrected
Printed
Page x
1st paragraph

Changed "Activator" to "Plugin"

Anonymous    Feb 01, 1999
Printed
Page xi
2nd paragraph

Changed the last sentence to "The information in this book is based on the 1.2 FCS release."

Anonymous    Feb 01, 1999
Printed
Page xi
Added this paragraph

For the most part, we assume that developers using this book will be using the Java 2 platform, and our primary focus will be on the Java Development Kit (JDK) from Sun Microsystems. However, for developers using 1.1, we will provide full details of what's available in 1.1 and what has changed in Java 2; in some cases, this information has changed so radically that the information is relegated to an appendix. Complicating all of this is that while overall there are few differences between the 1.2 beta releases of the JDK and the Java 2 platform, many of those important differences occur in the security APIs. Unlike the first printing of this book, which focused on the 1.2 beta 3 release, this printing covers the API as it exists only in the Java 2 platform.

Anonymous    Feb 01, 1999
Printed
Page xiv
3rd indented paragraph

Changed "(but not often used)" to "(and are deprecated)".

Anonymous    Feb 01, 1999
Printed
Page xiv-xv
The following text was added to the Preface

"How to Contact Us: We have tested and verified the information in this book to the best of our ability, but you may find that features have changed (or even that we have made mistakes!). Please let us know about any errors you find, as well as your suggestions for future editions, by writing to: O'Reilly & Associates, Inc. 101 Morris Street Sebastopol, CA 95472 1-800-998-9938 (in the U.S. or Canada) 1-707-829-0515 (international/local) 1-707-829-0104 (FAX) You can also send us messages electronically. To be put on our mailing list or request a catalog, send email to: info@oreilly.com To ask technical questions or comment on the book, send email to: bookquestions@oreilly.com We have a web site for the book, where we'll list examples, errata, and any plans for future editions. You can access this page at: http://www.oreilly.com/catalog/9781565924031/ For more information about this book and others, see the O'Reilly web site: http://www.oreilly.com"

Anonymous    Feb 01, 2000
Printed
Page 14
4th and 5th paragraphs

Changed "-usepolicy" to "-Djava.security.manager"

Anonymous    Feb 01, 1999
Printed
Page 15

sidebar, last paragraph now reads: Beginning in 1.2 beta 3, the Launcher class was incorporated into the virtual machine itself, but the syntax to use it changed in the last few beta releases. In FCS, the correct syntax is: piccolo% java -Djava.security.manager Cat /etc/passwd

Anonymous    Feb 01, 1999
Printed
Page 23

2nd paragraph now reads: ... and readObject() methods. The writeObject() method is responsible for writing out all data in the class; it typically uses the defaultWriteObject() method to write out all non-transient data and then its writes the transient data out in any format it desires. Similarly, the readObject() method uses the defaultReadObject() method to read the data and then must restore the corresponding transient data. It's your decision how to save and reconstitute the transient data so that its ...

Anonymous    Feb 01, 1999
Printed
Page 23

3rd paragraph now reads: The last clause of the last sentence should be --no data can be stored or reconstituted by any default methods.

Anonymous    Feb 01, 1999
Printed
Page 29
2nd paragraph

Changed "zip" to "JAR" (added to the JAR file containing...)

Anonymous    Feb 01, 1999
Printed
Page 36
8th paragraph

Changed "otherslocated" to "others located" Change "classes.zip" to "rt.jar"

Anonymous    Feb 01, 1999
Printed
Page 39
After the continuation of the last paragraph on page 38 has

concluded added: [Paragraph] An instance of the URLClassLoader class may also be obtained via one of these methods: [ListVariableTerm] public static URLClassLoader newInstance(URL[] urls) [filled-star dingbat] public static URLClassLoader newInstance(URL[] urls, ClassLoader parent) [filled-star dingbat] [ListVariable] Create and return a URL class loader. The difference between these methods and constructing a URL class loader directly is that the class loader returned from these methods will call the security manager's checkPackageAccess() method before it attempts to define a class; this is the optional step 2 that we referred to earlier. In 1.2, only class loaders obtained in this way will perform that optional step (unless, of course, you write your own class loader that performs that step).

Anonymous    Feb 01, 1999
Printed
Page 39
footnote

Changed the first two sentences to: In 1.2, the URLCLassLoader class fails to handle multiple HTTP-based URLs correctly. It is hoped that this will be fixed someday; if it is not and ...

Anonymous    Feb 01, 1999
Printed
Page 40
Deleted the final bullet on the page (the one that begins "In the

URLClassLoader class, the invokeClass()...").

Anonymous    Feb 01, 1999
Printed
Page 41
code example

The code segment incorrectly defined the jrl instance variable twice. The correct code now reads: Class self = Class.forName("JavaRunner"); JavaRunnerLoader jrl = new JavaRunnerLoader(args[0], self.getClassLoader()); ThreadGroup tg = new ThreadGroup("JavaRunner Threadgroup");

Anonymous    Feb 01, 1999
Printed
Page 41
The code segment incorrectly defined the jrl instance

variable twice. Corrected the definition of jrl to read: Class self = Class.forName("JavaRunner"); JavaRunnerLoader jrl = new JavaRunnerLoader(args[0], self.getClassLoader());

Anonymous    Sep 01, 1999
Printed
Page 43
To the final ListVariableTerm entry, add one new signature. Also add

new text to the end of the corresponding ListVariable paragraph, so that the entire thing looks like this: protected final Class defineClass(String name, byte data[], int offset, int length) protected final Class defineClass(String name, byte data[], int offset, int length, ProtectionDomain pd) [filled-star dingbat] Create a Class object from an array ... the bytes actually define the desired class. We'll look more at protection domains in Chapter 5; if you use the signature without a protection domain, a default (system) domain will be provided for the class.

Anonymous    Feb 01, 1999
Printed
Page 46
2nd and 3rd paragraphs

Changed "findLocalClass()" to "findClass()"

Anonymous    Feb 01, 1999
Printed
Page 47
last 4 paragraphs

In the last paragraph with a paragraph tag, changed "these two new methods" to "this new method" Changed both ListVariableTerm paragraphs by replacing them with this new paragraph (still a ListVariableTerm format) and changed the corresponding ListVariable paragraph to: protected final Class defineClass(String name, byte[] buf, int offset, int length, CodeSource cs) [filled-star dingbat] Define a class that is associated with the given code source. If the code source is null, this method is the equivalent of the defineClass() method in the base ClassLoader class. We'll defer showing an example of this method to Chapter 5, when we discuss code source objects.

Anonymous    Feb 01, 1999
Printed
Page 48
Removed the ListVariableTerm entry

protected CodeSource getCodeSource(URL url, Object signers[]) as well as the ListVariable paragraph immediately following it. Hence, the top of page 48 now has the continuation of the paragraph that was changed on page 47 and then the next regular paragraph: showing an example of this method to Chapter 5, when we discuss code source objects. As our first example of a class loader, ...

Anonymous    Feb 01, 1999
Printed
Page 48-49
code example

Changed the line that reads protected Class findLocalClass(String name) { to protected Class findClass(String name) { changed the lines that read CodeSource cs = getCodeSource(urlBase, null); cl = defineClass(name, buf, 0, buf.length, cs, null); to cl = defineClass(name, buf, 0, buf.length, null); Deleted all the following lines: publc void checkPackageAccess(String name) { SecurityManager sm = System.getSecurityManager(); if (sm != null) sm.checkPackageAccess(name); }

Anonymous    Feb 01, 1999
Printed
Page 49
2nd and 3rd paragraphs

Changed "findLocalClass()" to "findClass()"

Anonymous    Feb 01, 1999
Printed
Page 50
4th paragraph

Changed the middle of that paragraph so that it reads: ... even in 1.2. In 1.2 if you want to make the check for package access, you can do that by calling the checkPackageAccess() method of the security manager in the same way that we called the checkPackageDefinition() method, but that will only prevent you from access classes that aren't found by the system class loader. Alternately in 1.2, you can use the newInstance() method of the URLClassLoader class which makes such a check, or you can override the loadClass() method itself to provide such a check as we showed earlier. In 1.1, of course, you ...

Anonymous    Feb 01, 1999
Printed
Page 50
5th paragraph

Changed "findLocalClass()" to "findClass()" Changed the last sentence to begin Note that classes loaders that are created by calling the constructor of the URLClassLoader class do not make such a call;

Anonymous    Feb 01, 1999
Printed
Page 53-54
code example

Changed the line that reads protected Class findLocalClass(String name) { to protected Class findClass(String name) { Changed the line that reads return defineClass(name, buf, 0, buf.length, cs, null); to return defineClass(name, buf, 0, buf.length, null);

Anonymous    Feb 01, 1999
Printed
Page 54
code fragment at the bottom of the page

Changed the lines that read url[0] = new URL("http://hr.xyz.com/"); url[1] = new URL("http://support.xyz.com/"); to urls[0] = new URL("http://hr.xyz.com/"); urls[1] = new URL("http://support.xyz.com/");

Anonymous    Feb 01, 1999
Printed
Page 55
paragraph continuation from page 54, add a last sentence

... approach we've outlined above. In addition, the present implementation of the URLClassLoader will not work with multiple HTTP-based URLs, so for the present, you must write your own class loader to handle that case.

Anonymous    Feb 01, 1999
Printed
Page 56-58
code example

Deleted the line (line 5) reading CodeSource cs; Deleted the line (line 14) reading cs = getCodeSource(urlBase, null); Changed the line reading protected Class findLocalClass(String name) { to protected Class findClass(String name) { Change the line reading cl = defineClass(name, buf, 0, buf.length, cs, null); to cl = defineClass(name, buf, 0, buf.length, null);

Anonymous    Feb 01, 1999
Printed
Page 58
last paragraph

Changed "findLocalClass()" to "findClass()"

Anonymous    Feb 01, 1999
Printed
Page 60
first paragraph, added the word final

public final ClassLoader getParent() [filled-star dingbat] Immediately preceeding the HeadB header (Loading resources), added the following [Paragraph] This URL class loader is known as the system class loader, and it may be retrieved via the following method: [ListVariableTerm] public static ClassLoader getSystemClassLoader() [filled-star dingbat] [ListVariable] Return the system class loader -- that is, the class loader that was used to load the base application classes. If a security manager is in place, you must have the getClassLoader runtime permission to use this method (see Chapter 5). [Paragraph] Hence, to set up a delegation class loader, you can use this call: [CodeIndent] jrl = new JavaRunnerLoader(ClassLoader.getSystemClassLoader()) [Paragraph] instead of the methods we showed earlier.

Anonymous    Feb 01, 1999
Printed
Page 60
last few paragraphs

Changed all occurences of "getLocalResource" to "findResource" [in the ListVariableTerm and the middle of the final paragraph].

Anonymous    Feb 01, 1999
Printed
Page 61
2nd set of ListVariableTerm paragraphs

Changed "getLocalResources" to "findResources".

Anonymous    Feb 01, 1999
Printed
Page 61
Immediately before the "Summary" header, added the following

[HeadB] Loading Libraries [Paragraph] In 1.2, a new method exists in the ClassLoader class: [ListVariableTerm] protected String findLibrary(String libname) [filled-star dingbat] [ListVariable] Return the directory from which native libraries should be loaded. [Paragraph] This method is used by the System.loadLibrary() method to determine the directory in which the hative library in question should be found. If this method returns null (the default), then the native library must be in one of the directories specified by either the java.library.path or java.sys.library.path properties; typically, these properties are set in a platform-specific way (e.g. from the LD_LIBRARY_PATH on Solaris or the PATH on Windows). That mimics the behavior that applies in 1.1 and earlier releases. [Paragraph] However, a 1.2 custom class loader can override that policy and require that libraries be found in some application-define location. This prevents a user for overriding the runtime environment to specify an alternate location for that library, which offers a slight security advantage. Note that if the user can write to the hardwired directory where the library lives that this advantage no longer exists: the user can simply overwrite the existing library instead of change an environment variable to point to another library; the end result is the same.

Anonymous    Feb 01, 1999
Printed
Page 82
Table 4-4, added as the last entry

checkPermission(Permission p) Thread.stop() Stopping a thread could corrupt state of the virtual machine.

Anonymous    Feb 01, 1999
Printed
Page 83
After the 2nd paragraph (before the headline) added

In 1.2, the Thread class also calls the checkPermission() method of the security manager whenever the stop() method is called, since stopping a thread is an inherently dangerous operation (which has led the stop() to method become deprecated). For backward compatibility, this permission is normally granted even to untrusted classes, but an end-user may change her environment so that the security manager throws an exception whenever the stop() method is called.

Anonymous    Feb 01, 1999
Printed
Page 84
Fixed the font for some method entries in Table 4-5.

Anonymous    Feb 01, 1999
Printed
Page 91
In the last paragraph

Changed "-usepolicy" to "-Djava.security.manager"

Anonymous    Feb 01, 1999
Printed
Page 92
Changed the first ListVariableTerm paragraph to

public CodeSource(URL url, Certificate cers[]) [filled-star dingbat]

Anonymous    Feb 01, 1999
Printed
Page 93
Deleted the ListVariableTerm entry

public final PublicKey[] getKeys() Return a copy ... (or maliciously). and replaced it with these two entries public final Certificate[] getCertificates() [filled-star dingbat] Return the array of certificates that were used to construct this code source object. The original certificates are not returned so that they cannot be modified accidentally (or mailciously). public boolean implies(CodeSource cs) [filled-star dingbat] Determine if the code source implies the parameter according to the rules of the Permission class (see later in this chapter). One code source implies another if it contains all the certificates of the parameter and if the URL of the parameter is implied by the URL of the target. Removed the 4th paragraph (the one immediately preceeding the Permissions header) and replaced it with this paragraph: In Chapter 3, we didn't bother to create code sources, which meant that our classes were assigned to a default code source. For the time being, we'll create code sources in an URL-based class loader simply based on the URL that we used to construct the class loader; these classes will all be unsigned classes as a result. In Chapter 12, we'll show how you can get the correct certificates with which to construct a code source object for a signed class.

Anonymous    Feb 01, 1999
Printed
Page 98
In the code lines associated with list item 4,

changed RuntimePermission r1 = new RuntimePermission("exit"); RuntimePermission r2 = new RuntimePermission("package.access.*"); to RuntimePermission r1 = new RuntimePermission("exitVM"); RuntimePermission r2 = new RuntimePermission("accessClassInPackage.java");

Anonymous    Feb 01, 1999
Printed
Page 99

Changed the last clause of the first sentence to read: "and r2 represents permission to access classes in the java package."

Anonymous    Feb 01, 1999
Printed
Page 99
In the first paragraph under item 5 in the list, changed

"topLevelWindow" to "showWindowWithoutWarningBanner"; changed "systemClipboard" to "accessClipboard", and change "eventQueue" to "accessEventQueue". In the first code line, changed "topLevelWindow" to "showWindowWithoutWarningBanner".

Anonymous    Feb 01, 1999
Printed
Page 99
List item 6

In the first sentence of the paragraph, changed "three different classes" to "two different classes". In that paragraph, changed "Authenticator.setDefault" to "setDefaultAuthenticator" and changed "Authenticator.requestPasswordAuthentication" to "requestPasswordAuthentication". Deleted the second paragraph (the one beginning "In addition, the ability to create multicast...") altogether. Rewrote the third paragraph (the one that begins "Finally, the ability to create a listener...") as follows: In addition, this class encapsulates various URL-related permissions. Permission to specify a stream handler in the URL class is named specifyStreamHander. Deleted the first code line: NetPermission n1 = new NetPermission("multicast"); Changed the second code line to NetPermission n1 = new NetPermission("requestPasswordAuthentication");

Anonymous    Feb 01, 1999
Printed
Page 99-100
List item 8

Changed the third sentence from has one valid name: enableSubstitution. If granted, this permission to has two valid names: enableSubstitution and enableSubclassImplementation. The first of these permissions Then added the following sentence at the end of the paragraph: The latter permission allows the ObjectInputStream and ObjectOutputStream classes to be subclassed, which would potentially override the readObject() and writeObject() methods.

Anonymous    Feb 01, 1999
Printed
Page 100
List item 9

Changed single name (access) to single name (supressAccessChecks)

Anonymous    Feb 01, 1999
Printed
Page 101
The second italicized method used to read:

public abstract String getName() It now reads: public final String getName()

Anonymous    Sep 01, 1999
Printed
Page 107
In the code example

Changed line 13 from if (addedAdmin && (adminMask & xyz.mask) != 0) to if (addedAdmin && (adminMask & xyz.mask) != xyz.mask)

Anonymous    Feb 01, 1999
Printed
Page 107
Immediately before the "The Permissions Class" header, added

[Paragraph] If you implement your own PermissionCollection class, you must also keep track of whether it has been marked as read-only. There are two methods involved in this: [ListVariableTerm] public boolean isReadOnly() [filled-star dingbat] [ListTerm] Return an indication of whether the collection has been marked as read-only. [ListVariableTerm] public void setReadOnly() [filled-star dingbat] [ListTerm] Set the collection to be read-only. Once the read-only flag has been set, it cannot be unset: the collection will remain read-only forever. [Paragraph] A permission collection is expected to throw a security exception from its add() method if it has been marked as read-only. Note that the read-only instance variable is private to the PermissionCollection class, so subclasses will have to rely on the isReadOnly() method to test its value.

Anonymous    Feb 01, 1999
Printed
Page 107

This line of code used to read: if (adminAdded && (adminMask & xyz.mask) != xyz.mask) It now reads: if (adminAdded && (adminMask & xyz.mask) == xyz.mask)

Anonymous    Feb 01, 2000
Printed
Page 108
Deleted from the 5th paragraph ("In addition to the methods that

are inherited...") to the "The Policy Class" header.

Anonymous    Feb 01, 1999
Printed
Page 109
In the 7th paragraph (beginning "Getting and setting the policy"),

change "Policy.getPolicy" to "getPolicy" and change "Policy.setPolicy" to "setPolicy".

Anonymous    Feb 01, 1999
Printed
Page 109
In the 4th ListVariableTag paragraph, changed "evaluate" to

"getPermissions" public abstract Permissions getPermissions(CodeSource cs) [dingbat]

Anonymous    Feb 01, 1999
Printed
Page 109
In the final paragraph, changed "java.security.PolicyFile" to

"sun.security.provider.PolicyFile".

Anonymous    Feb 01, 1999
Printed
Page 110
In the first sentence, changed "package-protected" to "file in the sun

package".

Anonymous    Feb 01, 1999
Printed
Page 111
In the List #1 item, changed the first "-usepolicy" to

"-Djava.security.policy, which must be used in conjunction with the -Djava.security.manager option." Changed the first command line to: piccolo% java -Djava.security.manager -Djava.security.policy=/globalfiles/java.policy Cat /etc/passwd Changed the next two "-usepolicy" to "-Djava.security.manager" [both in the ListText... paragraph between the first and second command line examples.] Changed the second command line to: piccolo% java -Djava.security.manager -Djava.security.policy==/globalfiles/java.policy Cat /etc/ passwd Changed the paragraph beginning "Note that you may also specify..." to "Note that you may also simply specify the -Djava.security.manager flag with no additional arguments, in which case..." Changed the third command line to: piccolo% java -Djava.security.manager Cat /etc/passwd

Anonymous    Feb 01, 1999
Printed
Page 112
In the List paragraph tagged 3, changed "-usepolicy" to

"-Djava.security.policy"

Anonymous    Feb 01, 1999
Printed
Page 114
In the code example, immediately preceeding the final close

brace, added the line: permission java.lang.RuntimePermission "stopThread"; At the end of the 1st paragraph, added the sentence: All other classes will also be able to call the stop() method on a thread.

Anonymous    Feb 01, 1999
Printed
Page 114
Changed the ListVariableTerm paragraph from

public ProtectionDomain(CodeSource cs, Permissions p) [dingbat] to public ProtectionDomain(CodeSource cs, PermissionCollection p) [dingbat]

Anonymous    Feb 01, 1999
Printed
Page 115
The three bulleted paragraphs required the following changes

First bullet: o The defineClass() method accepts a protection domain as a parameter. In this case, the given protection domain is assigned to the class. This case is typically unused, since that method exists only in the ClassLoader class and not in the SecureClassLoader class. Second bullet: o The defineClass() method accepts a code source as a parameter. In this case, the getPermissions() method of the SecureClassLoader is used to determine the protection domain for the code source. By default, this just uses the getPermissions() class of the Policy class to find the permissions that are defined for the given code base. However, a secure class loader (including, of course, a URL class loader) has the option of overriding the getPermissions() method to enhance the set of permissions that a particular class might have. We'll see an example of this in Chapter 6, when we discuss network permissions in the class loader. Third bullet: changed "evaluate()" to "getPermissions()".

Anonymous    Feb 01, 1999
Printed
Page 115
Changed the 2nd ListVariableTerm paragraph from

public Permissions getPermissions() [dingbat] to public PermissionCollection getPermissions() [dingbat] In the associated ListVariable paragraph, change "permissions" to "permission collection". (117:) At the beginning of the fourth line, changed "Test" to "AccessTest". In figure 5-2, change "Test.init()" to "AccessTest.init()".

Anonymous    Feb 01, 1999
Printed
Page 119
Deleted the text beginning with the paragraph starting "That

facility is possible with these two methods..." through the first two paragraphs of the page 120. Replaced that section with this text: [Paragraph] That facility is possible with these two methods of the access controller class: [ListVariableTerm] public static Object doPrivileged(PrivilegedAction pa) [filled-star dingbat] [ListVariableTerm] public static Object doPrivileged(PrivilegedExceptionAction pae) [filled-star dingbat] [ListVariable] Execute the run() method of the given object, temporarily granting its permission to any protection domains that are below it on the stack. In the second case, if the embedded run() method throws an exception, the doPrivileged() method will throw a PrivilegedActionException. [Paragraph] The PrivilegedAction and PrivilegedExceptionAction interfaces contain a single method: [ListVariableTerm] public Object run() [filled-star dingbat] [ListVariable] Run the target code, which will have the permissions of the calling class. [Paragraph] The different in the two interfaces is that the run() method in the PrivilegedExceptionAction interface may throw an arbitrary exception. Note the unfortunate overloading between this method and the run() method of the Thread class and Runnable interface, which return void; a class cannot implement both the Runnable and PrivilegedAction interface. [Paragraph] The PrivilegedActionException class is a standard exception, so you must always be prepared to catch it when using the doPrivileged() method. If the embedded run() method does throw an exception, that exception will be wrapped into the PrivilegedActionException, where it may be retrieved with this call: [ListVariableTerm] public Exception getException() [ListVariable] Return the exception that was originally thrown to cause the PrivilegedActionException to be thrown. [Paragraph] Let's see how all of this might work with our network monitor example: [CodeIndent] public class NetworkMonitor { public NetworkMonitor() { try { class doSocket implements PrivilegedExceptionAction { public Object run() throws UnknownHostException, IOException { return new Socket("net.xyz.com", 4000); } }; doSocket ds = new doSocket(); Socket s = (Socket) AccessContoller.doPrivileged(ds); } catch (PrivilegedActionException pae) { Exception e = pae.getException(); if (e instanceof UnknownHostException) { // process host exception } else if (e instanceof IOException { // process IOException } else { // e must be a runtime exception throw (RuntimeException) e; } } } } [Paragraph] Two points are noteworthy here. First, the code that needs to be executed with the privileges of the NetworkMonitor class has been encapsulated into a new class -- the inner doSocket() class. [Paragraph] Second, the exception handling is somewhat new: we must list the exceptions that the socket constructor can throw in the run() method of our embedded class. If either of those exceptions is thrown, it will be encapsulated into a PrivilegedActionException and thrown back to the network monitor, where we can retrieve the actual exception with the getException() method. [Continue with the paragraph reading "Let's examine the effect these calls have" but change "these calls" to "this call". In that paragraph, also change "beginPrivileged()" to "doPrivileged()".]

Anonymous    Feb 01, 1999
Printed
Page 120
paragraph 4: Change "beginPrivileged()" to "doPrivileged()".

Changed the code example to the following: public class PayrollApp { NetworkMonitor nm; public void init() { class doInit implements PrivilegedAction { public void run() { nm = new NetworkMonitor(); } } doInit di = new doInit(); AccessContoller.doPrivileged(di); } }

Anonymous    Feb 01, 1999
Printed
Page 121
1st paragraph: Changed "beginPrivileged()" to "doPrivileged()".

Anonymous    Feb 01, 1999
Printed
Page 136
2nd paragraph: Changed "beginPrivileged()" to "doPrivileged()"

[both occurances in the paragraph.]

Anonymous    Feb 01, 1999
Printed
Page 136
2nd-to-last paragraph: changed "in check" to "inCheck"; that word

should be in Courier font.

Anonymous    Feb 01, 1999
Printed
Page 138

2nd paragraph now reads: In 1.2, this variable and method are deprecated. The correct operation to perform in a 1.2-based security manager is to place the calls to the InetAddress class in a class that can be used by the doPrivileged() method. In addition, the InetAddress class in 1.2 no longer calls the getInCheck() method.

Anonymous    Feb 01, 1999
Printed
Page 139
Changed the end of the 2nd paragraph by adding the following

support machine are trusted and other classes are not. Note that if you are going to use this technique in 1.2 that it is quite possible that the class loader will not be your multi loader -- it might be one of the internal class loaders that is use to load extension or API classes. In that case, instead of throwing a security exception when the class cast fails, you should simply call the super.checkWrite() method, which will do the correct thing in 1.2.

Anonymous    Feb 01, 1999
Printed
Page 142
code example

At the beginning of the example, (as line 1), added the following private ClassLoader getNonSystemClassLoader() { Class c[] = getClassContext(); ClassLoader sys = ClassLoader.getSystemClassLoader(); for (int i = 1; i < c.length; i++) { ClassLoader cl = c[i].getClassLoader(); if (cl != null && !cl.equals(sys)) return cl; } return null; } Changed line 9 from ClassLoader loader = currentClassLoader(); to // In 1.1, use currentClassLoader() instead ClassLoader loader = getNonSystemClassLoader(); Changed lines 22 to 32 from try { AccessController.beginPrivileged(); ... } finally { AccessController.endPrivileged(); } to try { class testHost implements PrivilegedExceptionAction { String local, remote; testHost(String local, String remote) { this.local = local; this.remote = remote; } public Object run() throws UnknownHostException { InetAddress hostAddr = InetAddress.getByName(local); InetAddress remoteAddr = InetAddress.getByName(remote); if (hostAddr.equals(remoteAddr)) return new Boolean("true"); return new Boolean("false"); } } testHost th = new testHost(host, remoteHost); Boolean b = (Boolean) AccessController.doPrivileged(th); if (b.booleanValue()) return; } catch (PrivilegedActionException pae) { // Must be an UnknownHostException; continue and throw exception }

Anonymous    Feb 01, 1999
Printed
Page 143

2nd paragraph, the 2nd sentence now reads: For a 1.1-based security manager, you would set the inCheck variable to true, execute the calls that are in the run() method of the testHost class, and then set inCheck to false. You would also need to make this method and the getInCheck() methods synchronized.

Anonymous    Feb 01, 1999
Printed
Page 144

1st paragraph: changed the last sentence to read: In Java 1.2, you can use the doPrivileged() method of the access controller from within the class loader to attempt to open the URL.

Anonymous    Feb 01, 1999
Printed
Page 144-145
In the code example: Changed the last paragraph of 144, the

subsequent entire code example, and the first paragraph of 145 to be [Paragraph] This implementation requires us to override the getPermissions() method of the SecureClassLoader class as follows: [CodeIndent] protected PermissionCollection getPermissions(CodeSource cs) { if (!cs.equals(this.cs)) return null; Policy pol = Policy.getPolicy(); PermissionCollection pc = pol.getPermissions(cs); pc.add(new SocketPermission(urlBase.getHost(), "connect"); return pc; } [Paragraph] As long as we use the correct code source to define the class, then when the class loader resolves its permissions, the appropriate socket permission will be added to its user-defined set of permissions.

Anonymous    Feb 01, 1999
Printed
Page 145
2nd paragraph

Changed the sentence In 1.2, the default behavior of the security manager is to implement the model we'll describe in this section. To In 1.2, the default behavior of the security manager is to allow the checkAccess() method to succeed in all cases unless the target thread is a member of the system thread group or the target thread group is the system thread group. In those cases, the program must have been granted a runtime permission of modifyThread or modifyThreadGroup (depending on which checkAccess() method is involved) for the operation to succeed. Hence, any thread can modify any thread or thread group except for those that belong to the system thread group. In the 3rd paragraph, deleted the phrase "this is a model implemented by the SecurityManager class in 1.2.". So the paragraph reads We'll show an example that implements a hierarchical notion of thread permissions which fits well within the notion of the virtual machine's thread hierarchy (see Figure 6-1). In ths model, a ... In the last paragraph, changed the last sentence to read The 1.2 default security manager checks for the modifyThread and modifyThreadGroup permissions as we described above.

Anonymous    Feb 01, 1999
Printed
Page 148
second paragraph: changed "two caveats" to "three caveats".

Immediately preceeding the "Implementing Package Access" header, added this paragraph: Finally, remeber that in 1.2, the stop() method of the Thread class first calls the checkPermission() class of the security manager to see if the current stack has a runtime permission of "stopThread". For backward compatibility, all protection domains have that permission by default, but a particular user may be changed that in the policy file.

Anonymous    Feb 01, 1999
Printed
Page 148
Changed the last three paragraphs (including the continuation onto

page 149) to read A final area for which the default security manager is sometime inadequate is the manner in which it checks for package access and definition. In 1.1, the default security manager rejects all package access and definition attempts. In 1.2, the situation is somewhat complex. For package access, the security manager looks for a property defined in the java.security file named package.access. This property is a list of comma separated package names for which access should be checked. If the class loader uses the checkPackageAccess() method (and remember that many do not) and attempts to access a package that is in the list specified in the java.security file, then the program must have a runtime permission with a name of accessClassInPackage.<package name>. For defining a class, the operation is similar; the property name in the java.security file is package.definition and the appropriate runtime permission has a name of defineClassInPackage.<package name>. This model works well, but it requires that the java.security file and all the java.policy files be co-ordinated in their attempts to protect package access and definition. For that reason, and also to provide a better migration between releases (and because it's the only way to do it in 1.1), you may want to include the logic to process some policies within your new security manager. In that way, users will not need to make any changes on their system; in this case, the user will not have to put the appropriate RuntimePermission entries into the java.policy files by hand.

Anonymous    Feb 01, 1999
Printed
Page 149
In the code example

Changed the entire example to read public void checkPackageAccess(String pkg) { // In 1.1, don't call the super class, which will automatically // reject the operation super.checkPackageAccess(pkg); }

Anonymous    Feb 01, 1999
Printed
Page 150-152
Table 6-3

Changed checkAccess() [both signature] RuntimePermission("thread") to these two entries checkAccess(Thread t) RuntimePermission("modifyThread"); checkAcecss(ThreadGroup tg) RuntimePermission("modifyThreadGrou p"); Changed checkExit(int status) RuntimePermission("exit") to checkExit(int status) RuntimePermission("exitVM") Changed checkRead(FileDescriptor fd) RuntimePermission("fileDescriptor.read" ) to checkRead(FileDescriptor fd) RuntimePermission("readFileDescriptor") Changed checkWrite(FileDescriptor fd) RuntimePermission("fileDescriptor.write ") to checkWrite(FileDescriptor fd) RuntimePermission("writeFileDescriptor" ) Changed checkMulticast() [both signatures] NetPermission("multicast") to checkMulticast() [both signatures] SocketPermission(maddr.getHostAddress (), "accept,connect") Changed checkTopLevelWindow(Object w) AWTPermission("topLevelWindow") to checkTopLevelWindow(Object w) AWTPermission("showWindowWithoutWar ningBanner") Changed checkPrintJobAccess() RuntimePermission("print.queueJob") to checkPrintJobAccess() RuntimePermission("queuePrintJob") Changed checkSystemClipboardAccess() AWTPermission("systemClipboard"); to checkSystemClipboardAccess() AWTPermission("accessClipboard"); Changed checkAwtEventQueueAccess() AWTPermission("eventQueue"); to checkAwtEventQueueAccess() AWTPermission("accessEventQueue"); Changed checkPackageAccess(String pkg) RuntimePermission("package.access." + pkg) checkPackageDefinition(String pkg) RuntimePermission("package.define." + pkg) to checkPackageAccess(String pkg) RuntimePermission("accessClassInPac kage." + pkg) checkPackageDefinition(String pkg) RuntimePermission("defineClassInPac kage." + pkg) Changed checkMemberAccess(Class c, int which) RuntimePermission("reflect.declar ed." + c.getName()) to checkMemberAccess(Class c, int which) RuntimePermission("accessDeclared Members")

Anonymous    Feb 01, 1999
Printed
Page 152
1st bullet, changed to

o The checkAccess() methods only check for the given permission if the target thread (group) is in the system thread group.

Anonymous    Feb 01, 1999
Printed
Page 152
At the bottom of the page, added a new bullet

o Thread permissions may follow the thread hierarchy rather than the default all-or-nothing policy.

Anonymous    Feb 01, 1999
Printed
Page 153
In the code example, immediately before the last line, added

public void checkAccess(Thread t) { .. follow implementation given above .. } public void checkAccess(ThreadGroup tg) { .. follow implementation given above .. }

Anonymous    Feb 01, 1999
Printed
Page 159
2nd-to-last paragraph: Changed "-usepolicy" to

"-Djava.security.policy" [three instances.]

Anonymous    Feb 01, 1999
Printed
Page 160
Deleted the 2nd paragraph (the one beginning "A second change")

and the rest of the section through the next header ("The Secure Java Launcher").

Anonymous    Feb 01, 1999
Printed
Page 161
1st paragraph: Changed "-usepolicy" to "-Djava.security.manager".

At the end of the 1st paragraph, change "checkExit() method" to "checkExit(), checkPackageAccess(), and checkPackageDefinition() methods".

Anonymous    Feb 01, 1999
Printed
Page 164
In the second to last paragraph, first line, deleted the word "is"

[First we must prove that the author ...]

Anonymous    Feb 01, 1999
Printed
Page 180
Table 8-1: Added the following lines

KeyStore JKS CertificateFactory X509 SecureRandom SHA1PRNG

Anonymous    Feb 01, 1999
Printed
Page 183
In the last paragraph before the ListVariableTerm entries, change

"method" to "methods". [contain a number of useful methods we'll review here;]

Anonymous    Feb 01, 1999
Printed
Page 184
At the end of the 2nd paragraph [after "clear, put, or remove."]

added the following sentence: In 1.2, however, the argument string is clearProviderProperties, putProviderProperty, and removeProviderProperty, respectively.

Anonymous    Feb 01, 1999
Printed
Page 190
The ListVariableTerm (for getAlgorithmProperty) now has a

hollow-star dingbat. Deleted the footnote.

Anonymous    Feb 01, 1999
Printed
Page 191
At the end of the output, added the following four lines

KeyStore.JKS CertificateFactory.X509 Alg.Alias.CertificateFactory.X.509 SecureRandom.SHA1PRNG

Anonymous    Feb 01, 1999
Printed
Page 192
In table 8-4, replaced the middle column with the following

entries: insertProvider. + provider.getName() removeProvider. + provider.getName() - not called - - not called - getProperty. + key setProperty. + key

Anonymous    Feb 01, 1999
Printed
Page 193
3rd paragraph: changed "three" to "six" [six new engine

classes in 1.2,]. Changed "six" to "nine" [nine core Java engine classes]. In Table 8-5, added the following three rows: KeyStore KeyStoreSpi KeyStoreSpi CertificateFactory CertificateFactorySpi CertificateFactorySpi SecureRandom SecureRandomSpi SecureRandomSpi

Anonymous    Feb 01, 1999
Printed
Page 231
The last sentence before the "The X509Certificate Class" section

now reads "Fortunately, the next class allows us to import certificates." [delete "both" and "to export".]

Anonymous    Feb 01, 1999
Printed
Page 231
Immediately preceeding the "The X509Certificate Class" section,

inserted the following new section: [HeadB] The CertificateFactory class [Paragraph] If you need to import a certificate into a program, you do so by using the CertificateFactory class (java.security.cert.CertificateFactory). That class is an engine class, and it has the following interface: [ListVariableTerm] public static CertificateFactory getInstance(String type) [filled-star dingbat] [ListVariableTerm] public static CertificateFactory getInstance(String type, String provider) [filled-star dingbat] [ListVariable] Return a certificate factory that may be used to import certificates of the specified type (optionally implemented by the given provider). A CertificateException will be thrown if the given factory cannot be found or created; if the given provider is not found, a NoSuchProviderException will be thrown. The default Sun security provider has one certificate factory that works with certificates to type X509. [ListVariableTerm] public String getProvider() [filled-star dingbat] [ListTerm] Return the provider that implemented this factory. [ListVariableTerm] public String getType() [filled-star dingbat] [ListTerm] Return the type of certificates that this factory can import. [ListVariableTerm] public final Certificate generateCertificate(InputStream is) [filled-star dingbat] [ListTerm] Return a certificate that has been read in from the specified input steram. For the default Sun security provider, the input stream must be an X509 certificate in RFC 1421 format (that is, a DER-encoded certificate that has been translated into 7-bit ASCII characters); this is the most common format for transmission of X509 certificates. [ListVariableTerm] public final Collection generateCertificates(InputStream is) [filled-star dingbat] [ListTerm] Return a collection of certificates that have been defined in the given input stream. For the default Sun provider, the input stream in this case may have a single RFC 1421 formatted certificate, or it may contain a certificate chain in PKCS#7 format. [ListVariableTerm] public final CRL generateCRL(InputStream is) [filled-star dingbat] [ListTerm] Define a certificate revocation list from the data in the input stream. [ListVariableTerm] public final Collection generateCRLs(InputStream is) [filled-star dingbat] [ListTerm] Define a collection of CRLs from the data in the input stream. [Paragraph] Note that the CertificateFactory class cannot generate a new certificate -- it may only import a certificate found in a file. This is one reason why its hard to provide a certificate authority based solely on the standard Java API. In the next section, we'll see an example of reading a certificate through this interface. [Paragraph] The CertificateFactory is an engine class, so it has a companion SPI class -- the CertificateFactorySpi class -- that can be used if you want to implement your own certificate factory. Implementing such a class follows the familiar rules of engine classes: you must define a constructor that takes the type name as a parameter and then for each of the public methods listed above, you must implement a corresponding engine method with the same parameters. Certificates are complicated things, and parsing their encoding is a complicated procedure, so we won't bother showing an example of the engine class.

Anonymous    Feb 01, 1999
Printed
Page 232
Deleted the 2nd paragraph ["The X509Certificate class looks like

an engine class..."] and all the text until the last paragraph on the page that introduces the three bullets. Hence, the text reads public abstract class X509Certificate extends Certificate implements X509Extension Provide an infrastructure to support X509 version 3 formatted certificates. An X509 certificate has a number of properties...

Anonymous    Feb 01, 1999
Printed
Page 234
code example:

Changed the 5th line from X509Certificate c = X509Certificate.getInstance(fr); to CertificateFactory cf = CertificateFactory.getInstance("X509"); X509Certificate c = (X509Certificate) cf.generateCertificate(fr);

Anonymous    Feb 01, 1999
Printed
Page 234-235
Deleted the entire section "Importing and Exporting

Certificates".

Anonymous    Feb 01, 1999
Printed
Page 237
Changed "RevokedCertificate" to "X509CRLEntry" in the last sentence

of the third paragraph and the next ListVariableTerm as follows: Revoked certificates themselves are represented by the X509CRLEntry class (java.security.cert.X509CRLEntry): public abstract class X509CRLEntry implements X509Extension [dingbat]

Anonymous    Feb 01, 1999
Printed
Page 237
Deleted the last paragraph ("Like the X509Certificate class, the

X509CRL class...") and the code at the bottom of the page.

Anonymous    Feb 01, 1999
Printed
Page 238
Deleted the first paragraph and the subsequent ListVariableTag

definition. Changed the beginning of the next paragraph so that it reads Instances of the X509CRLEntry class are obtained by the getInstance() method of the CertificateFactory. Once the class has been instantiated, ... Hence, the text from 237 to 238 reads: public abstract class X509CRL implements X509Extension [dingbat] Provide the support for an X509-based certificate revocation list. Instances of the X509CRLEntry class are obtained by the getInstance() method ...

Anonymous    Feb 01, 1999
Printed
Page 238
Deleted the ListVariableTerm (and its associated ListVariable)

that reads public abstract boolean isRevoked(BigInteger serialNumber) [dingbat] Indicated whether or not ...

Anonymous    Feb 01, 1999
Printed
Page 238
Last ListVariableTerm entry: changed "RevokedCertificate" to

"X509CRLEntry": public abstract X509CRLEntry getRevokedCertificate(BigInteger bn) [dingbat]

Anonymous    Feb 01, 1999
Printed
Page 239
Before the actual paragraph on this page ("When all is said and

done,..."), inserted the following: [Paragraph] There is one more method of the X509CRL class, which it inherits from its superclass, the CRL class (java.security.cert.CRL): [ListVariableTerm] public abstract boolean isRevoked(Certificate c) [filled-star dingbat] [ListVariable] Indicate whether or not the given certificate has been revoked by this CRL. When all is said and done,...

Anonymous    Feb 01, 1999
Printed
Page 239
Changed the code example

Changed line 5 from c = X509Certificate.getInstance(data); to CertificateFactory cf = CertificateFactory.getInstance("X509"); ByteArrayInputStream bais = new ByteArrayInputStream(data); c = (X509Certificate) cf.generateCertificate(bais); Changed lines 10-12 from X509CRL crl = X509CRL.getInstance(crlFile); BigInteger bi = c.getSerialNumber(); if (crl.isRevoked(bi)) to cf = CertificateFactory.getInstance("X509CRL"); X509CRL crl = (X509CRL) cf.generateCRL(crlFile); if (crl.isRevoked(c))

Anonymous    Feb 01, 1999
Printed
Page 240
code example

Deleted lines 9-10 } catch (X509ExtensionException xee) { // treat as no crl

Anonymous    Feb 01, 1999
Printed
Page 243
2nd paragraph: Changed "Java Activator" to "Java Plug-In".

Last paragraph, changed the final sentence to: The IdentityScope class has been deprecated in 1.2.

Anonymous    Feb 01, 1999
Printed
Page 245

4th paragraph: Changed the final sentence to read: First, however, let's take a brief look at the notion of the identity to whom a key belongs. Then added this paragraph. In Java's key management model, the association between a key and its owner is application specific. There is an Identity class in Java that was used for this purpose in 1.2, but it has been deprecated (because, among other things, it used the wrong Certificate class). However, there is still one interface that can be useful in your own applications that use keys: the Principal interface. Then deleted the Identities header and the next two paragraphs. Most of the "Identities" section must be moved into Appendix B; changes in that section will be listed later. For now, after the paragraph that was just added, keep the "Principals" subsection (make sure that the sidebar is attached to something in that section). Deleted the entire subsection "The Identity Class", and also the subsection "signers". Note that we're deleting an entire HeadA section, so the cross-reference at the beginning of the chapter must have that entry removed as well. Hence, the text flows as follows: This framework is the ultimate goal of this chapter. First, however, let's take a brief look at the notion of the identity to whom a key belongs. In Java's key management model, the association bewteen ... that use keys: the Principal interface. [Still a HeadB] Principals Classes that are concerned with identities... ... discussion of principals, ending with the 7th paragraph on page 246 ... There are other methods listed in the Principal interface -- namely ... implemented correctly for all your classes, not just those that implement the Principal interface. [HeadA -- from page 253] The KeyStore Class

Anonymous    Feb 01, 1999
Printed
Page 246
4th paragraph: Changed "Identity class we're about to introduce" to

"the deprecated Identity class" [This paragraph is in the middle of the flow that we just discussed].

Anonymous    Feb 01, 1999
Printed
Page 255
In the first ListVariable term deleted "abstract"

public class KeyStore [dingbat]

Anonymous    Feb 01, 1999
Printed
Page 255
Deleted the 4th ("Although they share the features of a provider

interface...") paragraph through the ListVariableTerm for the getInstance() method (plus the corresponding ListVariable paragraph). Replaced them with the following: [paragraph] The KeyStore class is an engine class; there is a corresponding KeyStoreSpi class that you can use to write your own keystore (more about that a little later). By default, the Sun security provider implements a keystore called JKS (for Java KeyStore). Hence, instances of the KeyStore class are predictable obtained via this method: [ListVariableTerm] public static final KeyStore getInstance(String type) [filled-star dingbat] [ListVariableTerm] public static final KeyStore getInstance(String type, String provider) [filled-star dingbat] [ListVariable] Return an instance of the KeyStore class that implements the given algorithm, supplied by the given provider, if applicable. In the Sun security provider, the default algorithm name is "JKS". [paragraph] If you do not want to hard-wire the name of the keystore algorithm into your application, you may use this method to return the string that should be passed to the getInstance() method: [ListVariableTerm] public static final String getDefaultType() [filled-star dingbat] [ListVariable] Return the default keystore algorithm for the enviroment. This value is obtained by looking for a property called keystore.type in the java.security file. Then continued with the paragraph "When the keystore object is created..."

Anonymous    Feb 01, 1999
Printed
Page 255
Changed the final ListVariableTerm entry from

public abstract void load(InputStream is, String password) [dingbat] to public final void load(InputStream is, char[] password) [dingbat]

Anonymous    Feb 01, 1999
Printed
Page 256
Changed the 1st ListVariableTerm entry from

public abstract void store(OutputStream os, String password) [dingbat] to public final void store(OututStream os, char[] password) [dingbat]

Anonymous    Feb 01, 1999
Printed
Page 257
Before the 5 ListVariableTerm entries at the top of the page, added

these 2 entries (so that there will be 7 ListVariableTerm entries all together): public final String getType() [filled-star dingbat] Return the name of the algorithm that this keystore implements. public final String getProvider() [filled-star dingbat] Return the name of the provider that supplied this keystore implementation. In the remaining ListVariableTerm entries on this page (5 at the top and 2 at the bottom), changed the word "abstract" to "final".

Anonymous    Feb 01, 1999
Printed
Page 257
In the 8th paragraph (beginning with "The keystore holds two types

of entries...") delete the 2nd sentence. The paragraph now reads The keystore holds two types of entries: certificate entries and key entries. A certificate entry is an entry that contains...

Anonymous    Feb 01, 1999
Printed
Page 258
Changed the first ListVariableTerm from

public abstract PrivateKey getPrivateKey(String alias, String password [dingbat] to public final Key getKey(String alias, char[] password) [dingbat] Changed the final ListVariableTerm paragraphs from public abstract void setKeyEntry(String alias, byte privateKey[], Certificate chain[]) [dingbat] public abstract void setKeyEntry(String alias, PrivateKey pk, String password, Certificate chain[]) [dingbat] to public final void setKeyEntry(String alias, byte key[], Certificate chain[]) [dingbat] public final void setKeyEntry(String alias, Key k, char[] password, Certificate chain[]) [dingbat] In all other ListVariableTerm paragraphs on this page, changed "abstract" to "final". This applies as well to the 1st ListVariableTerm paragraph on page 259.

Anonymous    Feb 01, 1999
Printed
Page 259
code example

Changed line 4 from KeyStore ks = KeyStore.getInstance(); to KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType()); Changed lines 12-13 from System.out.println("The private key for " + args[0] + " is " + ks.getPrivateKey(args[0], args[1])); to char c[] = new char[args[1].length()]; args[1].getChars(0, c.length, c, 0); System.out.println("The private key for " + args[0] + " is " + ks.getKey(args[0], c));

Anonymous    Feb 01, 1999
Printed
Page 262
After the 1st paragraph, added the following

Implementing a keystore requires that we write a KeyStoreSpi class, just as any other engine class. For most methods in the KeyStore class, there is a corresponding abstract engine method in the KeyStoreSpi class that you must provide an implementation for. A complete list of these methods is given in Table 11-?.[simple table, 2 columns] [Table Title] Table 11-?. Engine methods in the KeyStoreSpi class [Cell Heading] KeyStore Class KeyStoreSpi class [Cell Body] aliases engineAliases containsAlias engineContainsAlias deleteEntry engineDeleteEntry getCertificate engineGetCertificate getCertificateAlias engineGetCertificateAlias getCertificateChain engineGetCertificateChain getCreationDate engineGetCreationDate getKey engineGetKey isCertificateEntry engineIsCertificateEntry isKeyEntry engineIsKeyEntry load engineLoad setCertificateEntry engineSetCertificateEntry setKeyEntry engineSetKeyEntry size engineSize store engineStore

Anonymous    Feb 01, 1999
Printed
Page 262
1st code example

Changed public Date getCreationDate(String alias) { to public Date engineGetCreationDate(String alias) {

Anonymous    Feb 01, 1999
Printed
Page 262
2nd code example (really a list of methods). Each one of these

were changed by prepending the word engine to them and capitalizing the next letter (the first one changes name as well): engineGetKey() engineGetCertificateChain() engineGetCertificate() engineGetCreationDate() engineAliases() engineContainsAlias() engineSize() engineIsKeyEntry() engineIsCertificateEntry() engineGetCertificateAlias()

Anonymous    Feb 01, 1999
Printed
Page 262
3rd code example

Changed the 1st and 2nd lines from public void setKeyEntry(String alias, PrivateKey pk, String passphrase, Certificate chain[]) to public void engineSetKeyEntry(String alias, Key key char[] passphrase, Certificate chain[])

Anonymous    Feb 01, 1999
Printed
Page 262
4th code example (really a list of methods, changed as they were

above): engineSetKeyEntry() engineSetCertificateEntry() engineDeleteEntry() engineStore()

Anonymous    Feb 01, 1999
Printed
Page 262-263
final paragraph: Changed "load()" to "engineLoad()" [3 instances]

Anonymous    Feb 01, 1999
Printed
Page 263
code example

Changed the first line from public void load(InputStream is, String password) to public void engineLoad(InputStream is, char[] password)

Anonymous    Feb 01, 1999
Printed
Page 263
2nd paragraph, changed "load()" to "engineLoad()".

Anonymous    Feb 01, 1999
Printed
Page 263
code example

Changed the first line from public int size() to public int engineSize()

Anonymous    Feb 01, 1999
Printed
Page 265
Removed the first code line, slightly changed the 1st paragraph, and

combined the next paragraph into the 1st paragraph. In sum, the start of this section ("Installing a KeyStore class") reads like this: In order to use an alternate keystore implementation, you must install your new class into a security provider. If necessary, you'll need to establish a convention...

Anonymous    Feb 01, 1999
Printed
Page 267
Added another ListVariableTerm and another ListVariable paragraph

to the final entry on the page: public final byte[] sign() public final int sign(byte[] outbuf, int offset, int len) [filled-star dingbat] Create the digital signature... In the first of these methods, the signature is returned from the the method. Otherwise, the signature is stored into the outbuf array at the given offset, and the length of the signature is returned. If the output buffer is too small to hold the data, an IllegalArgumentException will be thrown.

Anonymous    Feb 01, 1999
Printed
Page 269
code example

Changed line 11 from KeyStore ks = KeyStore.getInstance(); to KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType()); Changed line 15 from PrivateKey pk = ke.getPrivateKey(args[0], args[1]); to char c[] = new char[args[1].length()]; args[1].getChars(0, c.length, c, 0); PrivateKey pk = (PrivateKey) ks.getKey(args[0], c);

Anonymous    Feb 01, 1999
Printed
Page 270
code example

Changed line 25 from KeyStore ks = KeyStore.getInstance(); to KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType());

Anonymous    Feb 01, 1999
Printed
Page 273
code example

Changed lines 20-22 from X509Certificate x509 = X509Certificate.getInstance( new ByteArrayInputStream(b)); certificate = x509; to CertificateFactory cf = CertificateFactory.getInstance("X509"); certificate = cf.generateCertificate(new ByteArrayInputStream(b));

Anonymous    Feb 01, 1999
Printed
Page 274
1st code example

Changed lines 6-9 from KeyStore ks = KeyStore.getInstance(); ks.load(new FileInputStream( System.getProperty("user.home") + File.separator + ".keystore"), args[1]); to KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType()); char c[] = new char[args[1].length()]; args[1].getChars(0, c.length, c, 0); ks.load(new FileInputStream( System.getProperty("user.home") + File.separator + ".keystore"), c); Changed line 12 from PrivateKey pk = ks.getPrivateKey(args[0], args[1]); to PrivateKey pk = (PrivateKey) ks.getKey(args[0], c);

Anonymous    Feb 01, 1999
Printed
Page 275
code example

Changed line 2 from ks = KeyStore.getInstance(); to ks = KeyStore.getInstance(KeyStore.getDefaultType()); Changed line 10-27 from String signer = ks.getCertificateAlias(c); if (signer != null) { ... break; } } to try { String signer = ks.getCertificateAlias(c); if (signer != null) { System.out.println("We know the signer as " + signer); return; } for (Enumeration alias = ks.aliases(); alias.hasMoreElements(); ) { String s = (String) alias.nextElement(); try { sCert = (X509Certificate) ks.getCertificate(s); } catch (Exception e) { continue; } if (name.equals(sCert.getSubjectDN().getName())) { issuerCert = sCert; break; } } } catch (KeyStoreException kse) { throw new CertificateException("Invalid keystore"); }

Anonymous    Feb 01, 1999
Printed
Page 279
code example

Changed line 18 from protected Class findLocalClass(String name) { to protected Class findClass(String name) { Changed lines 32-35 (keep in bold) from Object ids[] = (Object []) classIds.get(urlName); CodeSource cs = getCodeSource(urlBase, ids); cl = defineClass(name, buf, 0, buf.length, cs, ids); to Certificate ids[] = (Certificate) classIds.get(urlName); CodeSource cs = new CodeSource(urlBase, ids); cl = defineClass(name, buf, 0, buf.length, cs); Deleted line 40 AccessController.beginPrivileged(); Changed lines 47-47 from CodeSource cs = getCodeSource(urlBase, null); cl = defineClass(name, buf, 0, buf.length, cs, null); to CodeSource cs = new CodeSource(urlBase, null); cl = defineClass(name, buf, 0, buf.length, cs);

Anonymous    Feb 01, 1999
Printed
Page 280
code example

Deleted lines 3-4 } finally { AccessController.endPrivileged();

Anonymous    Feb 01, 1999
Printed
Page 281
code example

Changed lines 6-8 (keep in bold) from Object ids[] = je.getIdentities(); if (ids != null) classIds.put(className, ids); to Certificate c[] = je.getCertificates(); if (c == null) c = new Certificate[0]; classIds.put(className, c);

Anonymous    Feb 01, 1999
Printed
Page 283
5th ListVariableTerm entry: Added a new ListVariableTerm so that

the entry looks like this: protected abstract byte[] engineSign() protected int engineSign(byte[] outbuf, int offset, int len) [filled-sta r dingbat] Create the signature based on the ...

Anonymous    Feb 01, 1999
Printed
Page 289
2nd paragraph: changed "early access 1.2 release of" to "early access

2 release for JDK 1.2 of"

Anonymous    Feb 01, 1999
Printed
Page 293

Changed 1st sentence of the 3rd paragraph to read: There are five new engine classes in the JCE: the Cipher, KeyAgreement, KeyGenerator, Mac, and SecretKeyFactory engines. In that paragraph, changed the 3rd sentence to read In addition to implementations of the new engines, the SunJCE security provider gives us a key factory and a key pair generator for Diffie-Hellman (DH) keys as well as a new engine for working with keystores. In Table 13-1, added the following entries Mac HmacSHA1 Mac HmacMD5 KeyStore JCEKS

Anonymous    Feb 01, 1999
Printed
Page 294
Removed the 2nd set of ListVariableTerm entries

public interface RSAPrivateKey extends PrivateKey public interface RSAPrivateKeyCrt extends PrivateKey public interface RSAPublicKey extends PublicKey This set of interfaces ... Note that the footnote has been deleted as well.

Anonymous    Feb 01, 1999
Printed
Page 297
To the first set of ListVariableTerm entries added the following

public final void init(int strength) public final void init(int strength, SecureRandom sr)

Anonymous    Feb 01, 1999
Printed
Page 298
To the 2nd set of ListVariableTerm entries added the following

public final void engineInit(int strength, SecureRandom sr)

Anonymous    Feb 01, 1999
Printed
Page 299
In the 3rd set of ListVariableTerm entries, deleted

public class DESParamaterSpec implements AlgorithmParameterSpec but kept the DESKeySpec and the associated text. In the ListVariable paragraph, changed "These classes" to "This class". In the next ListVariable paragraph, deleted the sentence "Note that there is no corresponding parameter specification for this algorithm."

Anonymous    Feb 01, 1999
Printed
Page 300
Replaced the ListVariableTerm entries

public class RSAPrivaeKeySpec implements KeySpec public class RSAPrivateKeyCrtSpec implements KeySpec public class RSAPublicKeySpec implements KeySpec These classes implement ... with the following set of entries public class IvParameterSpec implements AlgorithmParameterSpec This class implements an initialization vector. Initialization vectors are used in many algorithms; notable in DES. public class RC2ParameterSpec implements AlgorithmParameterSpec public class RC5ParameterSpec implements AlgorithmParameterSpec These classes implement the algorithm parameter specifications for RC2 and RC5 encryption. public class SecretKeySpec implements KeySpec This class implements a key specification for the new class of secret keys.

Anonymous    Feb 01, 1999
Printed
Page 300-301
Table 13-2

In the 2nd entry, changed "DESParameterSpec" to "IvParameterSpec" in columns 1 and 3. Replaced the final 3 entries (about RSA keys) with the following: RC2ParameterSpec byte[] getIV() RC2ParameterSpec(int effective) int getEffectiveKeyBits() RC2ParameterSpec(int effective, byte[] iv) RC2ParameterSpec(int effective, byte[] iv, int offset) RC5ParameterSpec byte[] getIV() RC5ParameterSpec(int version, int rounds, int wordSize) int getRounds() RC5ParameterSpec(int version, int rounds, int wordSize, byte[] iv) int getVersion() RC5ParameterSpec(int version, int rounds, int wordSize, byte[] iv, int offset) int getWordSize() SecretKeySpec byte[] getEncoded() SecretKeySpec(byte[] key, String Algorithm) SecretKeySpec(byte[] key, int offset, String Algorithm)

Anonymous    Feb 01, 1999
Printed
Page 305
To the second set of ListVariableTerm entries, added the following

public final void init(int op, Key k, AlgorithmParameters ap) public final void init(int op, Key k, AlgorithmParameters ap, SecureRandom sr)

Anonymous    Feb 01, 1999
Printed
Page 306
In the first (ListVariable) paragraph, changed "algorithm

parameter specification" to "algorithm parameter specification or algorithm parameters". Changed "DESParameterSpec" to "IvParameterSpec". The whole last sentence reads In these cases, the intialization vector must be passed to the init() method within the algorithm parameter specification or algorithm parameters; the IvParameterSpec class is typically used to do this for DES encryption.

Anonymous    Feb 01, 1999
Printed
Page 307
code example

Changed line 6 from DESParameterSpec dps = new DESParameterSpec(iv); to IvParameterSpec dps = new IvParameterSpec(iv);

Anonymous    Feb 01, 1999
Printed
Page 309
Deleted the entire first paragraph (the one that begins "An

alternate choice to using an initialization vector...).

Anonymous    Feb 01, 1999
Printed
Page 310
In the last paragraph, changed the first occurance of the word "is"

to "it": The rationale behind this system is that it allows the ...

Anonymous    Feb 01, 1999
Printed
Page 311
In the first paragraph after the "Implementing the Cipher Class

header", the first word is now "As".

Anonymous    Feb 01, 1999
Printed
Page 312
In the 4th set of ListVariableTerm entries, added the following

public void engineInit(int op, Key key, AlgorithmParameters ap, SecureRandom sr)

Anonymous    Feb 01, 1999
Printed
Page 313
code example

Before line 18 public byte[] engineUpdate(byte in[], int off, int len) { added the following: public void engineInit(int i, Key k, AlgorithmParameters ap, SecureRandom sr) throws InvalidKeyException, InvalidAlgorithmParameterException { throw new InvalidAlgorithmParameterException( "Algorithm parameters not supported in this class"); }

Anonymous    Feb 01, 1999
Printed
Page 317
code example

Deleted line 3 oos.close(); Deleted line 11 pw.print("XXXXXXXX"); Immediately after line 13 pw.close(); added (same indentation level) oos.writeObject(c.getIV()); oos.close();

Anonymous    Feb 01, 1999
Printed
Page 317
Deleted the entire 3rd paragraph (the one beginning "Note that in

this example, we've sent 8 arbitrary...")

Anonymous    Feb 01, 1999
Printed
Page 318
code example

Deleted line 9 ois.close(); Changed line 12 from c.init(Cipher.DECRYPT_MODE, key); to c.init(Cipher.DECRYPT_MODE, key, new IvParameterSpec((byte []) ois.readObject());

Anonymous    Feb 01, 1999
Printed
Page 321
In the last set of ListVariableTerm entries, added one new entry

changed the other three entries, and add a sentence to the end of the ListVariable entry so that they appear as follows: public final void init(Key k) public final void init(Key k, SecureRandom sr) public final void init(Key k, AlgorithmParameterSpec aps) public final void init(Key k, AlgorithmParameterSpec aps, SecureRandom sr) Initialize the key agreement engine. The parameter specifications (if present) will vary depending upon the underlying algorithm; if the parameters are invalid, of the incorrect class, or not supported, an InvalidAlgorithmParameterException is generated. This method will also perform the first phase of the key agreement protocol.

Anonymous    Feb 01, 1999
Printed
Page 322
Changed the first ListVariableTerm entry and its ListVariable text

to: public final Key doPhase(Key key, boolean final) Execute the next phase of the key agreement protocol. Key agreement protocols usually require a set of operations to be performed in a particular order. Each operation is represented in this class by a particular phase, which usually require a key to succeed. If the provided key is not supported by the key agreement protocol, is incorrect for the current phase, or is otherwise invalid an InvalidKeyException will be thrown. The number of phases, along with the types of keys they require, vary drastically from key exchange algorithm to algorithm. Your security provider must document the types of keys required for each phase. In addition, you must specify which is the final phase of the protocol. In the next set of entries, in the 2nd ListVariable paragraph, changed "starting with a new set of calls to the doPhase() method" to "starting with a new call to the init() method".

Anonymous    Feb 01, 1999
Printed
Page 324
code example

Changed line 18 from ka.doPhase(1, kp.getPrivate()); to ka.init(kp.getPrivate()); Changed line 28 from ka.doPhase(2, pk); to ka.doPhase(pk, true);

Anonymous    Feb 01, 1999
Printed
Page 325
code example

Changed line 19 from ka.doPhase(1, kp.getPrivate()); to ka.init(kp.getPrivate()); Changed line 27 from ka.doPhase(2, pk); to ka.doPhase(pk, true); ka.doPhase(1, k

Anonymous    Feb 01, 1999
Printed
Page 326
1st paragraph: Changed 128 to 512: "a size of 512 will be better

for testing."

Anonymous    Feb 01, 1999
Printed
Page 332
Inserted as a new ListVariableTerm entry between the -storepass and -v

entries -storetype type Specify the type of keystore that the keytool should operate on. This defaults to the keystore type in the java.security file, which defaults to JKS, the keystore type provided by the Sun security provider.

Anonymous    Feb 01, 1999
Printed
Page 332
Inserted a new >ListVariableTerm entry immediately following the

-storepass entry: -storetype storetype

Anonymous    Feb 01, 1999
Printed
Page 333
Inserted a new >ListVariableTerm entry following the -noprompt entry

-trustcacerts Use the cacerts file to obtain trusted certificates from certificate authorities that have signed the certificate that is being imported.

Anonymous    Feb 01, 1999
Printed
Page 334
Inserted a new >ListVariableTerm entry immediately following the

-storepass entry: -storetype storetype [This happens twice on the page: once at the very top and once at the very bottom.]

Anonymous    Feb 01, 1999
Printed
Page 334
In the list ListVariableTerm, changed "-csr" to "-certreq"

-certreq Generate a certificate signing request...

Anonymous    Feb 01, 1999
Printed
Page 336
In the first code example, changed "-csr" to "-certreq"

piccolo% keytool -certreq -alias sdo -file sdoCSR.cer

Anonymous    Feb 01, 1999
Printed
Page 336
Immediately preceeding the "Modifying Keystore Entries" header,

added the following: We've mentioned in this section that in order to import a certificate like this that the self-signed certificate of the certificate authority must already be in the keystore. However, there's a bootstrapping issue involved in this: how do you get the initial certificates for the certificate authorities into a keystore? The JDK comes with a set of five pre-installed certificates: four from VeriSign, which issues certificates at different levels, and 1 from RSA Data, Inc. These certificates are in the cacerts file in the ${JAVAHOME}/lib/security directory. While those certificates are not present in your .keystore file, you can still import certificates into your .keystore file by using the -trustcacerts option: in that case, as long as the certificate you're importing has been signed by one of the authorities in the cacerts file, the import operation will succeed. Hence, if we'd sent our CSR request in the above example to VeriSign and the returned certificate from VeriSign was stored in the sdo.cer file, we could import it with this command: piccolo% keytool -import -file sdo.cer -alias sdo -trustcacerts If you want to use the certificates of the certificate authorities programatically, you may do so by creating a keystore of type JKS, and loading that keystore from the cacerts file.

Anonymous    Feb 01, 1999
Printed
Page 337
Inserted a new >ListVariableTerm entry immediately following the

-storepass entry: -storetype storetype [This happens twice on this page]

Anonymous    Feb 01, 1999
Printed
Page 338
Inserted a new >ListVariableTerm entry immediately following the

-storepass entry: -storetype storetype [This happens three times on this page]

Anonymous    Feb 01, 1999
Printed
Page 339
Inserted a new >ListVariableTerm entry immediately following the

-storepass entry: -storetype storetype [This happens twice on this page]

Anonymous    Feb 01, 1999
Printed
Page 339
Before the subsection "Miscellaneous Commands", added the following

subsection: [HeadB] Importing a 1.1-based Identity database [Paragraph] The keystore in 1.2 is incompatible with the identity database in 1.1, but the keytool is capable of converting between the two. To convert a 1.1 identity database to a 1.2 keystore, use this command: [ListVariableTerm, in Italics] -identitydb [ListVariable] Convert a 1.1 identity database. This command has the following options [>ListVariableTerm, in Italics] -v -keystore keystore -keypass keypass -storepass storepass -storetype storetype -file db_file [>ListVariable] The file name of the 1.1 identity database. The default for this is identitydb.obj in the user's home directory. [paragraph] With this command, each trusted entry in the identity database will be created as a key entry in the keystore. All other entries in the identity database will be ignored.

Anonymous    Feb 01, 1999
Printed
Page 346
Changed the 2nd ListVariableTerm paragraph to

[ListVariableEntry in italics] A KeyStore type [ListVariable] You must have an entry in this file that lists the default type of keystore that an application should use. By default, that type is listed as [CodeIndent] keystore.type=jks [ListVariable] If you change the type listed in this entry, the new type will be used whenever anyone requests the default keystore implementation.

Anonymous    Feb 01, 1999
Printed
Page 346
Changed the code associated with the 3rd ListVariableTerm entry

from policy.provider=java.security.PolicyFile to policy.provider=sun.security.provider.PolicyFile

Anonymous    Feb 01, 1999
Printed
Page 346
In the last paragraph:

Changed "-usepolicy" to "-Djava.security.policy" [two occurences].

Anonymous    Feb 01, 1999
Printed
Page 347

1st code line now reads: -Djava.security.policy=/globals/java.policy 2nd code line now reads -Djava.security.policy==/globals/java.policy In the next ListParagraph, changed the sentence "The -usepolicy argument also initializes a security manager for the application, so you may use it by itself if you want to use only the files listed in the java.security file" to "The -Djava.security.policy argument must be used in conjunction with the -Djava.security.manager; if you want to use only the files listed in the java.security file, specify -Djava.security.manager without -Djava.security.policy.". argument, which initializes a security manager..."

Anonymous    Feb 01, 1999
Printed
Page 347
In the 2nd ListVariableTerm entry and its associated paragraph,

changed "-usepolicy" to "-Djava.security.policy" [two occurences].

Anonymous    Feb 01, 1999
Printed
Page 347
Deleted the 3rd and 4th ListVariableTerm entries and their

associated paragraphs. The last item before the next subsection "The java.policy File" now reads "Whether or not the -Djava.security.policy argument can be used."

Anonymous    Feb 01, 1999
Printed
Page 349
Deleted the last sentence of the 1st paragraph (the one that

begins "As a result, it is not possible to upgrade..."). Changed the last sentence of the 2nd paragraph (the one that begins "In particular, although the Identity class...") to read: In addition, the Identity and IdentityScope classes have been deprecated in 1.2, so you should really move to the keystore implementation as soon as possible. The section on Identities from Chapter 11, pages 245-253, was moved into this appendix. It now starts before the section on "Identity Scopes", so that after the first two introductory paragraphs, there is the "Identity" header, the text from chapter 11, and then the "Identity Scopes" header. In addition, the text that was moved into this appendix now has some changes as well. These are listed here with reference to their original page number: (245) Deleted the 2nd paragraph of the section (the one beginning "The classes we'll examine in this section were originally designed..."). The next subsection -- the one on Principals -- remained as part of chapter 11 (including the sidebar on page 247). Hence, after the 1 introductory paragraph of this section, the next thing is the subsection entitled "The Identity Class". (246) Last ListVariableTerm ("public class Identity...") -- append a hollow-star dingbat to the end of the line. (247) Deleted the last paragraph (the one that begins "In 1.1, the Identity class is an abstract class..."). (248) 4th bullet: Deleted the sentence that begins "This features is primarily used to support the javakey...". (248) 5th bullet: Deleted the extra punctuation at the end of the sentence. (248) Deleted the sidebar "Identities and Identity Scopes" (248) Last paragraph: deleted the last clause of the last sentence, so that the last sentence reads "You're free to add that feature to your own identity class." (249) At the end of all ListVariableTerm entries, appended a hollow-star dingbat. (249) 7th ListVariableTerm entry: deleted the ListVariableTerm paragraph public void addCertificate(java.security.cert.Certificate certificate) The other ListVariableTerm (that uses java.security.Certificate) remains, as does the ListVariable paragraph. (249) 8th ListVariableTerm entry: deleted the ListVariableTerm paragraph public void removeCertificate(java.security.cert.Certificate certificate) The other ListVariableTerm (that uses java.security.Certificate) remains, as does the ListVariable paragraph. (250) 1st ListVariableTerm entry: deleted the ListVariableTerm paragraph public java.security.cert.Certificate[] getCertificates() The other ListVariableTerm (that uses java.security.Certificate) remains, as does the ListVariable paragraph. (250) Changed the first paragraph (that begins "If you have an identity object") to be this single sentence: There are two ways to obtain an identity object -- via the getIdentity() method of the IdentityScope class or by implementing and constructing an instance of your own subclass of the Identity class. (251) Deleted the first ListVariableTerm entry and its associated ListVariable paragraph. (251) In the first paragraph of the subsection "The Identity class and the security manager", deleted the first clause of the 2nd sentence ("This mechanism has changed somewhat between 1.1. and 1.2"): ... performed by untrusted classes. Table B-1 lists the methods... In the table (now Table B-1), removed the 2nd column entirely so that there is only a column for Method and one for Argument in 1.1. But change the column heading to say simply "Argument". In the next paragraph, deleted the first two words "In 1.1" and delete the final sentence (the one that begins "For example, in 1.1 a call to the..."). (252) 1st full paragraph (the one that begins "In common implementations..."): changed this paragraph to the single sentence: In common implementations of the security manager, this string is ignored and trusted classes are typically able to work with identities while untrusted classes are not. (253) Table (now Table B-2): Remove the 2nd column entirely, and changed the heading of the last column to "Parameter". In the next paragraph, deleted the words "in 1.1". After this section, continued to the section "Identity Scopes".

Anonymous    Feb 01, 1999
Printed
Page 350
ListVariableTerm entry (public abstract class IdentityScope...)

appended a hollow-star dingbat

Anonymous    Feb 01, 1999
Printed
Page 351
For each ListVariableTerm entry, appended a hollow-star dingbat

Anonymous    Feb 01, 1999
Printed
Page 352
2nd-to-last paragraph: Deleted the final sentence (the one that

begins "Changes in the definition of the Identity class between...")

Anonymous    Feb 01, 1999
Printed
Page 356
1st paragraph of the "IdentityScope and the Security Manager"

section, delete the phrase 'in 1.1 and an argument of "IdentityScopre.setSystemScope" in 1.2'. In the next paragraph, deleted the two words "in 1.1".

Anonymous    Feb 01, 1999
Printed
Page 357
1st paragraph of the "Key Management..." section: deleted the

phrase "we touched upon in Chapter 11".

Anonymous    Feb 01, 1999
Printed
Page 365
1st paragraph of the "Summary": deleted the last sentence (the

one that begins "In the realm of Java 1.2...").

Anonymous    Feb 01, 1999
Printed
Page 369
Last paragraph: changed "March 1998" to "November 1998. There was

an additional bug reported in July 1998 regarding the class loader, but this applied only to Netscape's implementation, not to the standard JDK."

Anonymous    Feb 01, 1999
Printed
Page 376
In java.security.AccessController

Replaced the lines public static native void beginPrivileged(); public static native void beginPrivileged(AccessControlContext); with public static native Object doPrivileged(PrivilegedAction); public static native Object doPrivileged(PrivilegedAction, AccessControlContext); public static native Object doPrivileged(PrivilegedExceptionAction); public static native Object doPrivileged(PrivilegedExceptionAction, AccessControlContext); Deleted the line public static native void endPrivileged();

Anonymous    Feb 01, 1999
Printed
Page 378
In java.security.AlgorithmParameters

Changed the lines // Instance Methods protected AlgorithmParameters(AlgorithmParametersSpi, Provider, String) ; to the lines // Constructors protected AlgorithmParameters(AlgorithmParametersSpi, Provider, String) ; // Instance Methods

Anonymous    Feb 01, 1999
Printed
Page 380
In java.security.CodeSource

Changed the line public CodeSource(URL, PublicKey[]); to public CodeSource(URL, Certificate[]); Changed the line public final PublicKey[] getKeys(); to public final Certificate[] getCertificates(); public boolean implies();

Anonymous    Feb 01, 1999
Printed
Page 383
In java.security.Identity

Deleted the line public Identity(String, String, Certificate[], PublicKey); Changed the line public Certificate[] getCertificates(); to public Certificate[] certificates();

Anonymous    Feb 01, 1999
Printed
Page 387
In java.security.KeyPairGenerator

After the line public void initialize(int); Added the lines public void initialize(int, SecureRandom); public void initialize(AlgorithmParameterSpec, SecureRandom);

Anonymous    Feb 01, 1999
Printed
Page 388
In java.security.KeyStore

Changed the line public KeyStore(); to protected KeyStore(KeyStoreSpi, Provider, String); Changed the line public static final KeyStore getInstance(); to public static final String getDefaultType(); public static KeyStore getInstance(String); public static KeyStore getInstance(String, String); Changed the line public abstract PrivateKey getPrivateKey(String, String); to public final Key getKey(String, char[]); public final Provider getProvider(); public final String getType(); Changed the line public abstract void load(InputStream, String); to public final void load(InputStream, char[]); Changed the lines public abstract void setKeyEntry(String, PrivateKey, String, Certificate[]); to public final void setKeyEntry(String, Key, char[], Certificate[]); Changed the line public abstract void store(OutputStream, char[]) to public final void store(OutputStream, char[]) Also, in every other line of this entry that has the word "abstract", changed "abstract" to "final"

Anonymous    Feb 01, 1999
Printed
Page 392
In java.security.PermissionCollection

After the line public abstract boolean implies(Permission); added the lines public boolean isReadOnly(); public void setReadOnly();

Anonymous    Feb 01, 1999
Printed
Page 392
In java.security.Permissions

Deleted the lines public boolean isReadOnly(); public void setReadOnly();

Anonymous    Feb 01, 1999
Printed
Page 393
In java.security.Policy

Changed the line public abstract Permissions evaluate(CodeSource); to public abstract PermissionCollection getPermissions(CodeSource);

Anonymous    Feb 01, 1999
Printed
Page 394
In java.security.ProtectionDomain

Changed the line public ProtectionDomain(CodeSource, Permissions); to public ProtectionDomain(CodeSource, PermissionCollection); Changed the line public final Permissions getPermissions(); to public final PermissionCollection getPermissions();

Anonymous    Feb 01, 1999
Printed
Page 395
In java.security.Provider

Changed all the lines after // Instance Methods to public synchronized void clear(); public Set entrySet(); public String getInfo(); public String getName(); public double getVersion(); public Set keySet(); public synchronized void load(InputStream); public synchronized Object put(Object, Object); public synchronized void putAll(Map); public synchronized Object remove(Object); public String toString(); public Collection values(); }

Anonymous    Feb 01, 1999
Printed
Page 396
In java.security.SecureClassLoader

Changed all the lines after // Protected Instance Methods to protected final Class defineClass(String, byte[], int, int, CodeSource); protected PermissionCollection getPermissions(CodeSource); }

Anonymous    Feb 01, 1999
Printed
Page 398
In java.security.Signature

After the line public final byte[] sign(); added the line public final int sign(byte[], int, int);

Anonymous    Feb 01, 1999
Printed
Page 399
In java.security.SignatureSpi

After the line public final byte[] engineSign(); added the line public final int engineSign(byte[], int, int);

Anonymous    Feb 01, 1999
Printed
Page 401
In java.security.UnresolvedPermission

Changed the line public UnresolvedPermission(String, String, String, PublicKey); to public UnresolvedPermission(String, String, String, Certificate[]);

Anonymous    Feb 01, 1999
Printed
Page 402
After the entry for java.security.cert.Certificate, added this new

entry: Class java.security.cert.CertificateFactory A certificate factory is used to import certificates or certificate revocation lists from a file or other input stream. Class Definition public java.security.cert.CertificateFactory extends java.lang.Object { // Constructors protected CertificateFactory(CertificateFactorySpi, Provider, String); // Class Methods public static final CertificateFactory getInstance(String); public static final CertificateFactory getInstance(String, String); // Instance Methods public final CRL generateCRL(InputStream); public final Collection generateCRLs(InputStream); public final Certificate generateCertificate(InputStream); public final Collection generateCertificates(InputStream); public final Provider getProvider(); public final String getType(); } See also: X509Certificate, X509CRLEntry

Anonymous    Feb 01, 1999
Printed
Page 402
In java.security.cert.RevokedCertificate

First, the name of this entry has been changed to java.security.cert.X509CRLEntry (and it moved to its correct place in alphabetical order, which is after X509CRL). Then, after the line public abstract boolean hasExtensions(); added the line public abstract boolean hasUnsupportedCriticalExtension();

Anonymous    Feb 01, 1999
Printed
Page 403
In java.security.cert.X509Certificate

Removed the lines // Class Methods public static final X509Certificate getInstance(InputStream); public static final X509Certificate getInstance(byte[]); Removed the line public abstract boolean hasUnsupportedCriticalExtension();

Anonymous    Feb 01, 1999
Printed
Page 404
In java.security.cert.X509CRL

Removed the lines // Class Methods public static final X509CRL getInstance(InputStream); public static final X509CRL getInstance(byte[]); Changed the lines public abstract RevokedCertificate getRevokedCertificate(BigInteger); to public abtract X509CRLEntry getRevokedCertificate(BigInteger); After the line public abstract int getVersion(); added the line public abstract boolean hasUnsupportedCriticalExtension(); In the See Also section, changed "RevokedCertificate" to "X509CRLEntry".

Anonymous    Feb 01, 1999
Printed
Page 405
In java.security.cert.X509Extension

After the line public abstract Set getNonCriticalExtensionOIDs(); added the line public abstract boolean hasUnsupportedCriticalExtension(); In the See Also section, changed "RevokedCertificate" to "X509CRLEntry".

Anonymous    Feb 01, 1999
Printed
Page 411
In javax.crypto.Cipher

After the line public final int getOutputSize(int); added the line public final AlgorithmParameters getParameters(); After the lines public final void init(int, Key, AlgorithmParameterSpec, SecureRandom); added the lines public final void init(int, Key, AlgorithmParameters); public final void init(int, Key, AlgorithmParameters, SecureRandom);

Anonymous    Feb 01, 1999
Printed
Page 413
In javax.crypto.CipherSpi

After the line protected abstract byte[] engineGetIV(); added the line protected abstract int engineGetOutputSize(int); After the lines protected abstract void engineInit(int, Key, AlgorithmParameterSpec, SecureRandom); added the line protected abstract void engineInit(int, Key, AlgorithmParameters, SecureRandom);

Anonymous    Feb 01, 1999
Printed
Page 414
In javax.crypto.KeyAgreement

Changed the line public final Key doPhase(int, Key); to public final Key doPhase(Key, boolean); Changed the lines public final void init(SecureRandom); public final void init(AlgorithmParameterSpec); public final void init(AlgorithmParameterSpec, SecureRandom); to public final void init(Key); public final void init(Key, SecureRandom); public final void init(Key, AlgorithmParameterSpec); public final void init(Key, AlgorithmParameterSpec, SecureRandom);

Anonymous    Feb 01, 1999
Printed
Page 415
In javax.crypto.KeyAgreementSpi

Changed the line protected abstract Key engineDoPhase(int, Key); to protected abstract Key engineDoPhase(Key, boolean); Changed the lines protected abstract void engineInit(SecureRandom); protected abstract void engineInit(AlgorithmParameterSpec, SecureRandom); to protected abstract void engineInit(Key, SecureRandom); protected abstract void engineInit(Key, AlgorithmParameterSpec, SecureRandom);

Anonymous    Feb 01, 1999
Printed
Page 415-416
In javax.crypto.KeyGenerator

After the line public final Provider getProvider(); added the lines public final void init(int); public final void init(int, SecureRandom);

Anonymous    Feb 01, 1999
Printed
Page 416
In javax.crypto.KeyGeneratorSpi

After the line protected abstract SecretKey engineGenerateKey(); added the line protected abstract void engineInit(int, SecureRandom);

Anonymous    Feb 01, 1999
Printed
Page 417
In javax.crypto.SealedObject

After the line public final Object getObject(Cipher); added the lines public final Object getObject(Key); public final Object getObject(Key, String);

Anonymous    Feb 01, 1999
Printed
Page 420
In javax.crypto.interfaces.RSAPrivateKey

This section was renamed to java.security.interfaces.RSAPrivateKey, and the first line of its interface definition now reads public abstract interface java.security.interfaces.RSAPrivateKey It has been moved to the appropriate section on java.security.interfaces, immediately following DSAPublicKey.

Anonymous    Feb 01, 1999
Printed
Page 420
In javax.crypto.interfaces.RSAPrivateKeyCrt

Deleted this entry entirely.

Anonymous    Feb 01, 1999
Printed
Page 420
In javax.crypto.interface.RSAPublicKey

This section was renamed to java.security.interfaces.RSAPublicKey, and the first line of its interface definition now reads public abstract interface java.security.interfaces.RSAPublicKey It was moved to the appropriate section on java.security.interfaces, immediately following RSAPrivateKey.

Anonymous    Feb 01, 1999
Printed
Page 421
In javax.crypto.spec.DESKeySpec

Before the line (left a blank line before this) // Constructors added the lines // Constants public static final int DES_KEY_LEN; After the line public static boolean isParityAdjusted(byte[], int); added the line public static boolean isWeak(byte[], int);

Anonymous    Feb 01, 1999
Printed
Page 421
In javax.crypto.spec.DESParameterSpec

This entry was renamed to javax.crypto.spec.IvParameterSpec and its first line now reads public javax.crypto.spec.IvParameterSpec Changed the lines public DESParameterSpec(byte[]); public DESParameterSpec(byte[], int, int); to public IvParameterSpec(byte[]); public IvParameterSpec(byte[], int, int); Re-alphabetized this entry so that it follows DHPublicKeySpec

Anonymous    Feb 01, 1999
Printed
Page 422
In javax.crypto.spec.DESedeKeySpec

Before the line (left a blank line before this) // Constructors added the lines // Constants public static final int DES_EDE_KEY_LEN;

Anonymous    Feb 01, 1999
Printed
Page 425
In javax.crypto.spec.RSAPrivateKeyCrtSpec

Deleted this entry entirely.

Anonymous    Feb 01, 1999
Printed
Page 426
In javax.crypto.spec.RSAPrivateKeySpec

This entry was renamed to java.security.spec.RSAPrivateKeySpec and its first line was changed to public java.security.spec.RSAPrivateKeySpec In the See also list, removed RSAPrivateKeyCrtSpec It was moved into the section on java.security.spec, immediately following the PKCS8EncodedKeySpec entry.

Anonymous    Feb 01, 1999
Printed
Page 426
In javax.crypto.spec.RSAPublicKeySpec

This entry was renamed to java.security.spec.RSAPublicKeySpec and its first line was changed to public java.security.spec.RSAPublicKeySpec It was moved into the section on java.security.spec, immediately following the RSAPrivateKeySpec entry.

Anonymous    Feb 01, 1999
Printed
Page 428-429
In java.lang.ClassLoader

After the line // Class Methods added public static ClassLoader getSystemClassLoader(); Deleted the lines public URL getLocalResource(String); public Enumeration getLocalResources(String); Deleted the line public void checkPackageAccess(String); After the line protected final Class defineClass(byte[], int int); added the line protected final Class defineClass(String, byte[], int, int, ProtectionDomain); After the line protected Package definePackage(String, String, String, String, String String, String, URL); added the lines protected Class findClass(String); protected String findLibrary(String);

Anonymous    Feb 01, 1999
Printed
Page 433
In java.net.URLClassLoader

After the line public URLClassLoader(URL[], ClassLoader); added the lines public URLClassLoader(URL[]); public URLClassLoader(URL[], ClassLoader, URLStreamHandlerFactory); Changed the lines public static URL fileToURL(File); public static URL[] pathToURLs(String); to public static URLClassLoader newInstance(URL[]); public static URLClassLoader newInstance(URL[], ClassLoader); Changed the lines public URL getLocalResource(String); public Enumeration getLocalResources(String); public void invokeClass(String, String[]); public void setListener(URLClassLoader$Listener); to public URL findResource(String); public Enumeration findResources(String); public URL[] getURLs(); Changed the lines protected void checkPackageDefinition(String); protected Class defineClass(String, Resource); protected Package definePackage(String, Attributes, URL); protected Class findLocalClass(String); to protected void addURL(URL); protected Package definePackage(String, Manifest, URL); protected Class findClass(String); protected PermissionCollection getPermissions(CodeSource);

Anonymous    Feb 01, 1999
Printed
Page 433-434
n java.rmi.RMISecurityManager

Deleted all the lines after // Instance Methods except for the closing brace

Anonymous    Feb 01, 1999
Printed
Page 434
In java.rmi.security.RMISecurityManager

After the line public static Class loadClass(String); added the line public static Class loadClass(String, String);

Anonymous    Feb 01, 1999