1000 Java Tips ebook
Free "1000 Java Tips" eBook is here! It is huge collection of big and small Java
programming articles and tips. Please take your copy here.
Take your copy of free "Java Technology Screensaver"!.
Easy Learn Java: Programming Articles, Examples and Tips - Page 259
1060 Stories (530 Pages, 2 Per Page)
Generate Certificate Chains for Testing Java Applications
If you're developing Java software that relies on public key infrastructure
(PKI) for security, you often need to create digital-certificate chains (also
known as certification paths) for testing purposes. This is a relatively simple
task but one for which clear documentation is scarce. This article describes how
to create arbitrary-length certificate chains using the open source OpenSSL
toolkit (see Resources). You'll also learn about some common certificate
attributes and examine a sample program that reads certificates into a Java
Digital certificates: A quick overview
This article assumes that you're familiar with PKI basics, so I'll give you just
a quick overview of the purpose and structure of digital certificates to help
clarify the concept of a certificate chain.
The primary use for digital certificates is to verify the origin of signed data,
such as e-mail and JAR files. Verifying the signed data with a certificate lets
the recipient know the origin of the data and if it has been altered in transit.
A digital certificate contains, at a high level, a distinguished name (DN) and a
public key. The DN identifies an entity -- a person, for example -- that holds
the private key that matches the public key of the certificate. You tie the two
together by signing the certificate with a private key and placing the signature
in the certificate.
A certificate signed by the private key that matches the public key of the
certificate is known as a self-signed certificate. Root certification authority
(CA) certificates fall into this category. User certificates are often signed by
a different private key, such as a private key of the CA . This constitutes a
two-certificate chain. Verifying that a user certificate is genuine involves
verifying its signature, which requires the public key of the CA, from its
certificate. But before the public key of the CA can be used, the enclosing CA
certificate needs to be verified. Because the CA certificate is self signed, the
CA public key is used to verify the certificate.
A user certificate need not be signed by the private key of the root CA. It
could be signed by the private key of an intermediary whose certificate is
signed by the private key of the CA. This is an instance of a three-certificate
chain: user certificate, intermediary certificate, and CA certificate. But more
than one intermediary can be part of the chain, so certificate chains can be of
Another point worth noting is that a certificate can contain additional
information, known as extensions. Extensions can specify the use of the
certificate, among other things. Certain extensions can be very important,
depending on the use of the certificate.
Learn how to create digital-certificate chains to test your software. IBM Software Engineer, Paul H. Abbott, clarifies this seldom-do*****ented process by showing you how to use the freely available OpenSSL toolkit to create a certificate chain of any length. He also describes common certificate attributes and shows you some sample Java code for reading the certificates you create into a Java keystore.
519 bytes more | 21 comments | | Score: 4
Posted by Anonymous on Friday, October 29, 2004 (00:00:00) (7856 reads)
Easy source code access with IBM's framework for JDBC
JDBC, SQL, data management, SCM
What is Framework for Java Database Connectivity?
The Framework for Java Database Connectivity (JDBC) was implemented to demonstrate the ease with which a JavaTM application may be designed to access a source code repository using a relational query language, such as SQL. The design was made general enough to accommodate easy access to virtually any data source. The framework supports parsing of the SQL query along with calculations supported within the SQL 92 standard specifications. Access to the data source is performed through the creation of a specific plug-in.
How does it work?
The Framework for JDBC is compatible with the JDBC 1.0 specification. (Future plans include improving and completing the current JDBC 1.0 implementation. A small set of methods similar to those of JDBC 2.0 is available through the IOptimizedResultSet interface.) A SQL query from the application and/or user is parsed into an internal query representation. Through optimization processes, this query is transformed to a data access plan. For each node within the data access plan, a specific plug-in is then called to read or write the data source or, alternatively, the framework performs a calculation in order to build a query result.
IBM’s new Framework for Java Database Connectivity (JDBC) was implemented to demonstrate the ease with which a Java application may be designed to access a source code repository using a relational query language, such as SQL. The design was made general enough to accommodate easy access to virtually any data source.
472 bytes more | 2 comments | | Score: 0
Posted by Anonymous on Friday, October 29, 2004 (00:00:00) (2751 reads)