计算机类外文文献翻译Java核心技术.docx
《计算机类外文文献翻译Java核心技术.docx》由会员分享,可在线阅读,更多相关《计算机类外文文献翻译Java核心技术.docx(11页珍藏版)》请在冰豆网上搜索。
计算机类外文文献翻译Java核心技术
本科毕业论文
外文文献及译文
文献、资料题目:
CoreJava™VolumeII–AdvancedFeatures
文献、资料来源:
著作
文献、资料发表(出版)日期:
2008.12.1
院(部):
计算机科学与技术学院
专业:
网络工程
班级:
姓名:
学号:
指导教师:
翻译日期:
外文文献:
CoreJava™VolumeII–AdvancedFeatures
WhenJavatechnologyfirstappearedonthescene,theexcitementwasnotaboutawell-craftedprogramminglanguagebutaboutthepossibilityofsafelyexecutingappletsthataredeliveredovertheInternet(seeVolumeI,Chapter10formoreinformationaboutapplets).Obviously,deliveringexecutableappletsispracticalonlywhentherecipientsaresurethatthecodecan'twreakhavocontheirmachines.Forthisreason,securitywasandisamajorconcernofboththedesignersandtheusersofJavatechnology.Thismeansthatunlikeotherlanguagesandsystems,wheresecuritywasimplementedasanafterthoughtorareactiontobreak-ins,securitymechanismsareanintegralpartofJavatechnology.
Threemechanismshelpensuresafety:
•Languagedesignfeatures(boundscheckingonarrays,nouncheckedtypeconversions,nopointerarithmetic,andsoon).
•Anaccesscontrolmechanismthatcontrolswhatthecodecando(suchasfileaccess,networkaccess,andsoon).
•Codesigning,wherebycodeauthorscanusestandardcryptographicalgorithmstoauthenticateJavacode.Then,theusersofthecodecandetermineexactlywhocreatedthecodeandwhetherthecodehasbeenalteredafteritwassigned.
Below,you'llseethecryptographicalgorithmssuppliedinthejava.securitypackage,whichallowforcodesigninganduserauthentication.
Aswesaidearlier,appletswerewhatstartedthecrazeovertheJavaplatform.Inpractice,peoplediscoveredthatalthoughtheycouldwriteanimatedappletslikethefamous"nervoustext"applet,appletscouldnotdoawholelotofusefulstuffintheJDK1.0securitymodel.Forexample,becauseappletsunderJDK1.0weresocloselysupervised,theycouldn'tdomuchgoodonacorporateintranet,eventhoughrelativelylittleriskattachestoexecutinganappletfromyourcompany'ssecureintranet.ItquicklybecamecleartoSunthatforappletstobecometrulyuseful,itwasimportantforuserstobeabletoassigndifferentlevelsofsecurity,dependingonwheretheappletoriginated.Ifanappletcomesfromatrustedsupplierandithasnotbeentamperedwith,theuserofthatappletcanthendecidewhethertogivetheappletmoreprivileges.
Togivemoretrusttoanapplet,weneedtoknowtwothings:
•Wheredidtheappletcomefrom?
•Wasthecodecorruptedintransit?
Inthepast50years,mathematiciansandcomputerscientistshavedevelopedsophisticatedalgorithmsforensuringtheintegrityofdataandforelectronicsignatures.Thejava.securitypackagecontainsimplementationsofmanyofthesealgorithms.Fortunately,youdon'tneedtounderstandtheunderlyingmathematicstousethealgorithmsinthejava.securitypackage.Inthenextsections,weshowyouhowmessagedigestscandetectchangesindatafilesandhowdigitalsignaturescanprovetheidentityofthesigner.
Amessagedigestisadigitalfingerprintofablockofdata.Forexample,theso-calledSHA1(securehashalgorithm#1)condensesanydatablock,nomatterhowlong,intoasequenceof160bits(20bytes).Aswithrealfingerprints,onehopesthatnotwomessageshavethesameSHA1fingerprint.Ofcourse,thatcannotbetrue—thereareonly2160SHA1fingerprints,sotheremustbesomemessageswiththesamefingerprint.But2160issolargethattheprobabilityofduplicationoccurringisnegligible.Hownegligible?
AccordingtoJamesWalshinTrueOdds:
HowRisksAffectYourEverydayLife(MerrittPublishing1996),thechancethatyouwilldiefrombeingstruckbylightningisaboutonein30,000.Now,thinkofnineotherpeople,forexample,yournineleastfavoritemanagersorprofessors.ThechancethatyouandallofthemwilldiefromlightningstrikesishigherthanthatofaforgedmessagehavingthesameSHA1fingerprintastheoriginal.(Ofcourse,morethantenpeople,noneofwhomyouarelikelytoknow,willdiefromlightningstrikes.However,wearetalkingaboutthefarslimmerchancethatyourparticularchoiceofpeoplewillbewipedout.)
Amessagedigesthastwoessentialproperties:
•Ifonebitorseveralbitsofthedataarechanged,thenthemessagedigestalsochanges.
•Aforgerwhoisinpossessionofagivenmessagecannotconstructafakemessagethathasthesamemessagedigestastheoriginal.
Thesecondpropertyisagainamatterofprobabilities,ofcourse.Considerthefollowingmessagebythebillionairefather:
"Uponmydeath,mypropertyshallbedividedequallyamongmychildren;however,mysonGeorgeshallreceivenothing."
ThatmessagehasanSHA1fingerprintof
2D8B35F3BF49CDB19404E066212B5E577049E17E
Thedistrustfulfatherhasdepositedthemessagewithoneattorneyandthefingerprintwithanother.Now,supposeGeorgecanbribethelawyerholdingthemessage.HewantstochangethemessagesothatBillgetsnothing.Ofcourse,thatchangesthefingerprinttoacompletelydifferentbitpattern:
2A330B4BB3FECC1C9D5C01A709510B49AC8F9892
CanGeorgefindsomeotherwordingthatmatchesthefingerprint?
IfhehadbeentheproudownerofabillioncomputersfromthetimetheEarthwasformed,eachcomputingamillionmessagesasecond,hewouldnotyethavefoundamessagehecouldsubstitute.
Anumberofalgorithmshavebeendesignedtocomputethesemessagedigests.Thetwobest-knownareSHA1,thesecurehashalgorithmdevelopedbytheNationalInstituteofStandardsandTechnology,andMD5,analgorithminventedbyRonaldRivestofMIT.Bothalgorithmsscramblethebitsofamessageiningeniousways.Fordetailsaboutthesealgorithms,see,forexample,CryptographyandNetworkSecurity,4thed.,byWilliamStallings(PrenticeHall2005).Notethatrecently,subtleregularitieshavebeendiscoveredinbothalgorithms.Atthispoint,mostcryptographersrecommendavoidingMD5andusingSHA1untilastrongeralternativebecomesavailable.(Seeformoreinformation.)
TheJavaprogramminglanguageimplementsbothSHA1andMD5.TheMessageDigestclassisafactoryforcreatingobjectsthatencapsulatethefingerprintingalgorithms.Ithasastaticmethod,calledgetInstance,thatreturnsanobjectofaclassthatextendstheMessageDigestclass.ThismeanstheMessageDigestclassservesdoubleduty:
•Asafactoryclass
•Asthesuperclassforallmessagedigestalgorithms
Forexample,hereishowyouobtainanobjectthatcancomputeSHAfingerprints:
MessageDigestalg=MessageDigest.getInstance("SHA-1");
(TogetanobjectthatcancomputeMD5,usethestring"MD5"astheargumenttogetInstance.)
AfteryouhaveobtainedaMessageDigestobject,youfeeditallthebytesinthemessagebyrepeatedlycallingtheupdatemethod.Forexample,thefollowingcodepassesallbytesinafiletothealgobjectjustcreatedtodothefingerprinting:
InputStreamin=...
intch;
while((ch=in.read())!
=-1)
alg.update((byte)ch);
Alternatively,ifyouhavethebytesinanarray,youcanupdatetheentirearrayatonce:
byte[]bytes=...;
alg.update(bytes);
Whenyouaredone,callthedigestmethod.Thismethodpadstheinput—asrequiredbythefingerprintingalgorithm—doesthecomputation,andreturnsthedigestasanarrayofbytes.
byte[]hash=alg.digest();
TheprograminListing9-15computesamessagedigest,usingeitherSHAorMD5.Youcanloadthedatatobedigestedfromafile,oryoucantypeamessageinthetextarea.
MessageSigning
Inthelastsection,yousawhowtocomputeamessagedigest,afingerprintfortheoriginalmessage.Ifthemessageisaltered,thenthefingerprintofthealteredmessagewillnotmatchthefingerprintoftheoriginal.Ifthemessageanditsfingerprintaredeliveredseparately,thentherecipientcancheckwhetherthemessagehasbeentamperedwith.However,ifboththemessageandthefingerprintwereintercepted,itisaneasymattertomodifythemessageandthenrecomputethefingerprint.Afterall,themessagedigestalgorithmsarepubliclyknown,andtheydon'trequiresecretkeys.Inthatcase,therecipientoftheforgedmessageandtherecomputedfingerprintwouldneverknowthatthemessagehasbeenaltered.Digitalsignaturessolvethisproblem.
Tohelpyouunderstandhowdigitalsignatureswork,weexplainafewconceptsfromthefieldcalledpublickeycryptography.Publickeycryptographyisbasedonthenotionofapublickeyandprivatekey.Theideaisthatyoutelleveryoneintheworldyourpublickey.However,onlyyouholdtheprivatekey,anditisimportantthatyousafeguarditanddon'treleaseittoanyoneelse.Thekeysarematchedbymathematicalrelationships,buttheexactnatureoftheserelationshipsisnotimportantforus.(Ifyouareinterested,youcanlookitupinTheHandbookofAppliedCryptographyathttp:
//www.cacr.math.uwaterloo.ca/hac/.)
Thekeysarequitelongandcomplex.Forexample,hereisamatchingpairofpublicandprivateDigitalSignatureAlgorithm(DSA)keys.
Publickey:
CodeView:
p:
fca682ce8e12caba26efccf7110e526db078b05edecbcd1eb4a208f3ae1617ae01f35b91a47e6df63413c5e12ed0899bcd132acd50d99151bdc43ee737592e17
q:
962eddcc369cba8ebb260ee6b6a126d9346e38c5
g:
678471b27a9cf44ee91a49c5147db1a9aaf244f05a434d6486931d2d14271b9e35030b71fd73da179069b32e2935630e1c2062354d0da20a6c416e50be794ca4
y:
c0b6e67b4ac098eb1a32c5f8c4c1f0e7e6fb9d832532e27d0bdab9ca2d2a8123ce5a8018b8161a760480fadd040b927281ddb22cb9bc4df596d7de4d1b977d50
Privatekey:
CodeView:
p:
fca682ce8e12caba26efccf7110e526db078b05edecbcd1eb4a208f3ae1617ae01f35b91a47e6df63413c5e12ed0899bcd132acd50d99151bdc43ee737592e17
升级会员 