10

我认为 JCA 代替 JCE 很简单。然而,编写一些测试代码来获取我系统上的所有提供程序表明情况并非如此。

我注意到以下内容:

  1. 一些算法有多个提供者(例如:MD5withRSAis inSunRsaSign以及SunJSSE
  2. JCA 似乎拥有type超越 JCE 的算法

第 1 项是有道理的,因为 JCA(对我来说)是一个可供选择的 JCE 提供程序库/数组。

第 2 项有点令人困惑,因为它表明 JCA 并不完全是一组“相同”的 JCE 提供者。对于任何和每一种“类型”的提供者来说,这都是某种水坑,无论是否有 JCE 接口。

那么,JCA、它的提供者和 JCE 之间的工作关系是什么?提供者是否也存在于独立的孤岛中,还是它们相互“构建”/相互依赖?

对于对代码和提示此问题的结果感兴趣的人,它在下面列出

import java.security.Provider;
import java.security.Security;
import java.util.ArrayList;

public class ConsoleListJca 
{
    public static void main(String[] args) 
    {
        for (Provider provider : Security.getProviders()) 
        {
            System.out.println("Provider: " + provider.getName() + " (ver " + provider.getVersion() + ")");
            System.out.print("  Algorithms: ");
            ArrayList<String> algos = new ArrayList<String>();
            for (Provider.Service service : provider.getServices()) 
            {
                algos.add(String.format( "%s (%s)", service.getAlgorithm(), service.getType()));
            }
            java.util.Collections.sort(algos);
            String algorsStr = algos.toString();
            // remove [ and ] from ArrayList's toString()
            algorsStr = algorsStr.substring(1, algorsStr.length()-1); 
            System.out.println(algorsStr);
            System.out.println();
        }
    }
}

结果(格式化为SO)是

Provider: SUN (ver 1.7)
  Algorithms: CaseExactJKS (KeyStore), Collection (CertStore), DSA (AlgorithmParameterGenerator), 
              DSA (AlgorithmParameters), DSA (KeyFactory), DSA (KeyPairGenerator), 
              JKS (KeyStore), JavaLoginConfig (Configuration), JavaPolicy (Policy), 
              LDAP (CertStore), MD2 (MessageDigest), MD5 (MessageDigest), NONEwithDSA (Signature), 
              NativePRNG (SecureRandom), PKIX (CertPathBuilder), PKIX (CertPathValidator), 
              SHA (MessageDigest), SHA-256 (MessageDigest), SHA-384 (MessageDigest), 
              SHA-512 (MessageDigest), SHA1PRNG (SecureRandom), SHA1withDSA (Signature), 
              X.509 (CertificateFactory), com.sun.security.IndexedCollection (CertStore)

Provider: SunRsaSign (ver 1.7)
  Algorithms: MD2withRSA (Signature), MD5withRSA (Signature), RSA (KeyFactory), RSA (KeyPairGenerator), 
              SHA1withRSA (Signature), SHA256withRSA (Signature), SHA384withRSA (Signature), 
              SHA512withRSA (Signature)

Provider: SunEC (ver 1.7)
  Algorithms: EC (AlgorithmParameters), EC (KeyFactory), EC (KeyPairGenerator), ECDH (KeyAgreement), 
              NONEwithECDSA (Signature), SHA1withECDSA (Signature), SHA256withECDSA (Signature), 
              SHA384withECDSA (Signature), SHA512withECDSA (Signature)

Provider: SunJSSE (ver 1.7)
  Algorithms: Default (SSLContext), MD2withRSA (Signature), MD5andSHA1withRSA (Signature), 
              MD5withRSA (Signature), NewSunX509 (KeyManagerFactory), PKCS12 (KeyStore), 
              PKIX (TrustManagerFactory), RSA (KeyFactory), RSA (KeyPairGenerator), 
              SHA1withRSA (Signature), SunX509 (KeyManagerFactory), SunX509 (TrustManagerFactory), 
              TLSv1 (SSLContext), TLSv1.1 (SSLContext), TLSv1.2 (SSLContext)

Provider: SunJCE (ver 1.7)
  Algorithms: AES (AlgorithmParameters), AES (Cipher), AES (KeyGenerator), AESWrap (Cipher), 
              ARCFOUR (Cipher), ARCFOUR (KeyGenerator), Blowfish (AlgorithmParameters), 
              Blowfish (Cipher), Blowfish (KeyGenerator), DES (AlgorithmParameters), 
              DES (Cipher), DES (KeyGenerator), DES (SecretKeyFactory), DESede (AlgorithmParameters), 
              DESede (Cipher), DESede (KeyGenerator), DESede (SecretKeyFactory), DESedeWrap (Cipher), 
              DiffieHellman (AlgorithmParameterGenerator), DiffieHellman (AlgorithmParameters), 
              DiffieHellman (KeyAgreement), DiffieHellman (KeyFactory), 
              DiffieHellman (KeyPairGenerator), HmacMD5 (KeyGenerator), HmacMD5 (Mac), 
              HmacPBESHA1 (Mac), HmacSHA1 (KeyGenerator), HmacSHA1 (Mac), HmacSHA256 (KeyGenerator), 
              HmacSHA256 (Mac), HmacSHA384 (KeyGenerator), HmacSHA384 (Mac), HmacSHA512 (KeyGenerator), 
              HmacSHA512 (Mac), JCEKS (KeyStore), OAEP (AlgorithmParameters), PBE (AlgorithmParameters), 
              PBEWithMD5AndDES (AlgorithmParameters), PBEWithMD5AndDES (Cipher), 
              PBEWithMD5AndDES (SecretKeyFactory), PBEWithMD5AndTripleDES (AlgorithmParameters), 
              PBEWithMD5AndTripleDES (Cipher), PBEWithMD5AndTripleDES (SecretKeyFactory), 
              PBEWithSHA1AndDESede (AlgorithmParameters), PBEWithSHA1AndDESede (Cipher), 
              PBEWithSHA1AndDESede (SecretKeyFactory), PBEWithSHA1AndRC2_40 (AlgorithmParameters), 
              PBEWithSHA1AndRC2_40 (Cipher), PBEWithSHA1AndRC2_40 (SecretKeyFactory), 
              PBKDF2WithHmacSHA1 (SecretKeyFactory), RC2 (AlgorithmParameters), RC2 (Cipher), 
              RC2 (KeyGenerator), RSA (Cipher), SslMacMD5 (Mac), SslMacSHA1 (Mac), 
              SunTls12Prf (KeyGenerator), SunTlsKeyMaterial (KeyGenerator), SunTlsMasterSecret (KeyGenerator), 
              SunTlsPrf (KeyGenerator), SunTlsRsaPremasterSecret (KeyGenerator)

Provider: SunJGSS (ver 1.7)
  Algorithms: 1.2.840.113554.1.2.2 (GssApiMechanism), 1.3.6.1.5.5.2 (GssApiMechanism)

Provider: SunSASL (ver 1.7)
  Algorithms: CRAM-MD5 (SaslClientFactory), CRAM-MD5 (SaslServerFactory), DIGEST-MD5 (SaslClientFactory), 
              DIGEST-MD5 (SaslServerFactory), EXTERNAL (SaslClientFactory), GSSAPI (SaslClientFactory), 
              GSSAPI (SaslServerFactory), NTLM (SaslClientFactory), NTLM (SaslServerFactory), PLAIN (SaslClientFactory)

Provider: XMLDSig (ver 1.0)
  Algorithms: DOM (KeyInfoFactory), DOM (XMLSignatureFactory), 
              http://www.w3.org/2000/09/xmldsig#base64 (TransformService), 
              http://www.w3.org/2000/09/xmldsig#enveloped-signature (TransformService), 
              http://www.w3.org/2001/10/xml-exc-c14n# (TransformService), 
              http://www.w3.org/2001/10/xml-exc-c14n#WithComments (TransformService), 
              http://www.w3.org/2002/06/xmldsig-filter2 (TransformService), 
              http://www.w3.org/2006/12/xml-c14n11 (TransformService), 
              http://www.w3.org/2006/12/xml-c14n11#WithComments (TransformService), 
              http://www.w3.org/TR/1999/REC-xpath-19991116 (TransformService), 
              http://www.w3.org/TR/1999/REC-xslt-19991116 (TransformService), 
              http://www.w3.org/TR/2001/REC-xml-c14n-20010315 (TransformService), 
              http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments (TransformService)

Provider: SunPCSC (ver 1.7)
  Algorithms: PC/SC (TerminalFactory)

Provider: Apple (ver 1.1)
  Algorithms: KeychainStore (KeyStore)
4

2 回答 2

14

JCA 和 JCE 的基本区别在于 JCE 是 JCA 的扩展,而不是替代品。JCA 包括MessageDigestSecureRandomKeyFactorySignature等类KeyStoreJCE添加更多的密码学类Cipher,如KeyGeneration,MacKeyGeneration. JCA 和 JCE 之间的区别在很大程度上已经消失,因为 JCE 已经提供了标准运行时一段时间了。

JCA/JCE旨在将加密实现与抽象分开。它是一个基于提供者的架构,您可以在其中插入您选择的提供者,例如BouncyCastle,它比标准 Java 运行时中包含的提供者提供的加密算法支持更多。

于 2015-09-24T07:43:38.077 回答
3

JCE最初是一个单独的 API,但现在JCE 被合并为 JCA 的一部分

来自 JDK 11 文档:

在 JDK 1.4 之前,JCE 是一个未捆绑的产品,因此,JCA 和 JCE 通常被称为独立的、不同的组件。由于 JCE 现在捆绑在 JDK 中,因此区别变得不那么明显了。由于 JCE 使用与 JCA 相同的体系结构,因此应该更恰当地将 JCE 视为 JCA 的一部分。

现在,JCE 是 JCA 的内置部分, JCE 这个词慢慢地从 Java 生态系统中消失了。

简而言之:JCE是一个来自历史的技术/术语/概念。现代 Java 开发人员使用JCA来访问 Java 中的密码学,而从未提及 JCE。

于 2019-01-25T11:32:02.240 回答