Java SE Security - Basic

Create new connection as a client and get data from the server using secure sockets:

• SSLSocketFactory
• SSLSocket

Create new connection as a secure server and get data from the client using:

• SSLServerSocketFactory
• SSLServerSocket

Explain the difference between:

• Symmetric and asymmetric cryptography
• Stream and block ciphers

The Cipher class provides the functionality of a cryptographic cipher used for encryption and decryption. Demonstrate the usage of this class:

• getInstance() static factory method
• init() methods
• doFinal()
• update()

Explain the meaning of modes while creating Cipher object:

• ENCRYPT_MODE
• DECRYPT_MODE
• WRAP_MODE
• UNWRAP_MODE

A simple, secure, stream-based communication object can be created by combining existing InputStream/OutputStreams with Cipher objects. Demonstrate how the stream of data can be encrypted/decrypted using:

• CipherInputStream,
• CipherOutputStream

The Signature class is an engine class designed to provide the functionality of a cryptographic digital signature algorithm such as DSA or RSA with MD5.

Write code which creates and initializes Signature object.

Explain what the three states of Signature class mean:

• UNINITIALIZED
• SIGN
• VERIFY

Demonstrate the usage of methods:

• sign()
• update()
• verify()

Be familiar with two of the main digest properties:

• It should be computationally unfeasible to find two messages that hash to the same value.
• The digest should not reveal anything about the input that was used to generate it.

Demonstrate the steps which should be taken in order to write code which hashes the message:

• Creating a Message Digest Object
• Updating a Message Digest Object
• Computing the Digest

Demonstrate the basic steps which should be taken in order to write code for user authentication:

1. Initialize the LoginContext calling one of its four constructors
2. Perform authentication by calling the LoginContext's login() method (including exception handling)

Explain the role of the CallbackHandler and Callback(s) in the authentication process. Describe the handle method

Display the knowledge required to write a CustomLoginModule implementing the LoginModule Interface. Describe the following methods:

• abort()
• commit()
• initialize()
• login()
• logout()

NB: Specific questions about built-in LoginModules (JndiLoginModule, Krb5LoginModule, KeyStoreLoginModule, NTLoginModule, UnixLoginModule) are Not Covered.

Write a JAAS Login Configuration File

1. Define structure and contents of the login configuration file
2. Indicate where to specify which login configuration file should be used

Write and review code that uses the above mentioned Interfaces/Classes to implement a user authentication.

Demonstrate the basic knowledge about security policy:

• Policy implementation
• Policy file syntax
• Policy file location
• Graphical Policy Tool utility

Define the responsibilities of abstract Policy class and write code to get a Policy object using:

• getInstance(String type, Policy.Parameters params)
• getInstance(String type, Policy.Parameters params, Provider provider)
• getInstance(String type, Policy.Parameters params, String provider)

Display understanding of usage and applications of:

• CodeSource
• ProtectionDomain

Indicate how to get set of permissions granted to the specified CodeSource or ProtectionDomain:

• getPermissions(CodeSource codesource)
• getPermissions(ProtectionDomain domain)

Explain the general ways to obtain key(s) using the following objects:

• KeyGenerator
• KeyPairGenerator
• KeyFactory

Understand that java.security.Key interface is the top-level interface for all opaque keys and be familiar with methods:

• String getAlgorithm()
• byte getEncoded()
• String getFormat()

Demonstrate the general knowledge about java.security.Key subinterfaces:

• SecretKey
• PBEKey
• PrivateKey
• PublicKey

Be aware that a keystore, which is also called database, can be used to manage a repository of keys and certificates. Demonstrate the knowledge of corresponding KeyStore class which supplies well-defined interfaces to access and modify the information in a keystore.

Write code which creates KeyStore object and loads it into memory.

Define how to get information from the keystore using methods:

• final Key getKey(String alias, char password)
• final Certificate getCertificate(String alias)
• final Certificate getCertificateChain(String alias)
• final String getCertificateAlias(Certificate cert)

Write code using KeyStore class methods to determine entry type and be able to add/set/delete entry from keystore.

Explain how to use two command-line tools associated with KeyStore:

• keytool
• jarsigner