计算机类外文文献翻译Java核心技术.doc

上传人:文库蛋蛋多 文档编号:3992729 上传时间:2023-03-30 格式:DOC 页数:13 大小:725.50KB
返回 下载 相关 举报
计算机类外文文献翻译Java核心技术.doc_第1页
第1页 / 共13页
计算机类外文文献翻译Java核心技术.doc_第2页
第2页 / 共13页
计算机类外文文献翻译Java核心技术.doc_第3页
第3页 / 共13页
计算机类外文文献翻译Java核心技术.doc_第4页
第4页 / 共13页
计算机类外文文献翻译Java核心技术.doc_第5页
第5页 / 共13页
点击查看更多>>
资源描述

《计算机类外文文献翻译Java核心技术.doc》由会员分享,可在线阅读,更多相关《计算机类外文文献翻译Java核心技术.doc(13页珍藏版)》请在三一办公上搜索。

1、本科毕业论文外文文献及译文文献、资料题目:Core Java Volume IIAdvanced Features文献、资料来源:著作文献、资料发表(出版)日期:2008.12.1院 (部): 计算机科学与技术学院专 业: 网络工程班 级: 网络082姓 名: 刘治华学 号: 2008111242指导教师: 许丽娜翻译日期: 2012.5.10外文文献:Core Java Volume IIAdvanced FeaturesWhen Java technology first appeared on the scene, the excitement was not about a well-

2、crafted programming language but about the possibility of safely executing applets that are delivered over the Internet (see Volume I, Chapter 10 for more information about applets). Obviously, delivering executable applets is practical only when the recipients are sure that the code cant wreak havo

3、c on their machines. For this reason, security was and is a major concern of both the designers and the users of Java technology. This means that unlike other languages and systems, where security was implemented as an afterthought or a reaction to break-ins, security mechanisms are an integral part

4、 of Java technology.Three mechanisms help ensure safety:Language design features (bounds checking on arrays, no unchecked type conversions, no pointer arithmetic, and so on).An access control mechanism that controls what the code can do (such as file access, network access, and so on).Code signing,

5、whereby code authors can use standard cryptographic algorithms to authenticate Java code. Then, the users of the code can determine exactly who created the code and whether the code has been altered after it was signed.Below, youll see the cryptographic algorithms supplied in the java.security packa

6、ge, which allow for code signing and user authentication.As we said earlier, applets were what started the craze over the Java platform. In practice, people discovered that although they could write animated applets like the famous nervous text applet, applets could not do a whole lot of useful stuf

7、f in the JDK 1.0 security model. For example, because applets under JDK 1.0 were so closely supervised, they couldnt do much good on a corporate intranet, even though relatively little risk attaches to executing an applet from your companys secure intranet. It quickly became clear to Sun that for ap

8、plets to become truly useful, it was important for users to be able to assign different levels of security, depending on where the applet originated. If an applet comes from a trusted supplier and it has not been tampered with, the user of that applet can then decide whether to give the applet more

9、privileges.To give more trust to an applet, we need to know two things:Where did the applet come from?Was the code corrupted in transit?In the past 50 years, mathematicians and computer scientists have developed sophisticated algorithms for ensuring the integrity of data and for electronic signature

10、s. The java.security package contains implementations of many of these algorithms. Fortunately, you dont need to understand the underlying mathematics to use the algorithms in the java.security package. In the next sections, we show you how message digests can detect changes in data files and how di

11、gital signatures can prove the identity of the signer.A message digest is a digital fingerprint of a block of data. For example, the so-called SHA1 (secure hash algorithm #1) condenses any data block, no matter how long, into a sequence of 160 bits (20 bytes). As with real fingerprints, one hopes th

12、at no two messages have the same SHA1 fingerprint. Of course, that cannot be truethere are only 2160 SHA1 fingerprints, so there must be some messages with the same fingerprint. But 2160 is so large that the probability of duplication occurring is negligible. How negligible? According to James Walsh

13、 in True Odds: How Risks Affect Your Everyday Life (Merritt Publishing 1996), the chance that you will die from being struck by lightning is about one in 30,000. Now, think of nine other people, for example, your nine least favorite managers or professors. The chance that you and all of them will di

14、e from lightning strikes is higher than that of a forged message having the same SHA1 fingerprint as the original. (Of course, more than ten people, none of whom you are likely to know, will die from lightning strikes. However, we are talking about the far slimmer chance that your particular choice

15、of people will be wiped out.)A message digest has two essential properties:If one bit or several bits of the data are changed, then the message digest also changes.A forger who is in possession of a given message cannot construct a fake message that has the same message digest as the original.The se

16、cond property is again a matter of probabilities, of course. Consider the following message by the billionaire father:Upon my death, my property shall be divided equally among my children; however, my son George shall receive nothing.That message has an SHA1 fingerprint of2D 8B 35 F3 BF 49 CD B1 94

17、04 E0 66 21 2B 5E 57 70 49 E1 7EThe distrustful father has deposited the message with one attorney and the fingerprint with another. Now, suppose George can bribe the lawyer holding the message. He wants to change the message so that Bill gets nothing. Of course, that changes the fingerprint to a co

18、mpletely different bit pattern:2A 33 0B 4B B3 FE CC 1C 9D 5C 01 A7 09 51 0B 49 AC 8F 98 92Can George find some other wording that matches the fingerprint? If he had been the proud owner of a billion computers from the time the Earth was formed, each computing a million messages a second, he would no

19、t yet have found a message he could substitute.A number of algorithms have been designed to compute these message digests. The two best-known are SHA1, the secure hash algorithm developed by the National Institute of Standards and Technology, and MD5, an algorithm invented by Ronald Rivest of MIT. B

20、oth algorithms scramble the bits of a message in ingenious ways. For details about these algorithms, see, for example, Cryptography and Network Security, 4th ed., by William Stallings (Prentice Hall 2005). Note that recently, subtle regularities have been discovered in both algorithms. At this point

21、, most cryptographers recommend avoiding MD5 and using SHA1 until a stronger alternative becomes available. (See for more information.)The Java programming language implements both SHA1 and MD5. The MessageDigest class is a factory for creating objects that encapsulate the fingerprinting algorithms.

22、 It has a static method, called getInstance, that returns an object of a class that extends the MessageDigest class. This means the MessageDigest class serves double duty:As a factory classAs the superclass for all message digest algorithmsFor example, here is how you obtain an object that can compu

23、te SHA fingerprints:MessageDigest alg = MessageDigest.getInstance(SHA-1);(To get an object that can compute MD5, use the string MD5 as the argument to getInstance.)After you have obtained a MessageDigest object, you feed it all the bytes in the message by repeatedly calling the update method. For ex

24、ample, the following code passes all bytes in a file to the alg object just created to do the fingerprinting:InputStream in = . . .int ch;while (ch = in.read() != -1)alg.update(byte) ch);Alternatively, if you have the bytes in an array, you can update the entire array at once:byte bytes = . . .;alg.

25、update(bytes);When you are done, call the digest method. This method pads the inputas required by the fingerprinting algorithmdoes the computation, and returns the digest as an array of bytes.byte hash = alg.digest();The program in Listing 9-15 computes a message digest, using either SHA or MD5. You

26、 can load the data to be digested from a file, or you can type a message in the text area. Message SigningIn the last section, you saw how to compute a message digest, a fingerprint for the original message. If the message is altered, then the fingerprint of the altered message will not match the fi

27、ngerprint of the original. If the message and its fingerprint are delivered separately, then the recipient can check whether the message has been tampered with. However, if both the message and the fingerprint were intercepted, it is an easy matter to modify the message and then recompute the finger

28、print. After all, the message digest algorithms are publicly known, and they dont require secret keys. In that case, the recipient of the forged message and the recomputed fingerprint would never know that the message has been altered. Digital signatures solve this problem.To help you understand how

29、 digital signatures work, we explain a few concepts from the field called public key cryptography. Public key cryptography is based on the notion of a public key and private key. The idea is that you tell everyone in the world your public key. However, only you hold the private key, and it is import

30、ant that you safeguard it and dont release it to anyone else. The keys are matched by mathematical relationships, but the exact nature of these relationships is not important for us. (If you are interested, you can look it up in The Handbook of Applied Cryptography at http:/www.cacr.math.uwaterloo.c

31、a/hac/.)The keys are quite long and complex. For example, here is a matching pair of public and private Digital Signature Algorithm (DSA) keys.Public key:Code View:p:fca682ce8e12caba26efccf7110e526db078b05edecbcd1eb4a208f3ae1617ae01f35b91a47e6df63413c5e12ed0899bcd132acd50d99151bdc43ee737592e17q: 962

32、eddcc369cba8ebb260ee6b6a126d9346e38c5g:678471b27a9cf44ee91a49c5147db1a9aaf244f05a434d6486931d2d14271b9e35030b71fd73da179069b32e2935630e1c2062354d0da20a6c416e50be794ca4y:c0b6e67b4ac098eb1a32c5f8c4c1f0e7e6fb9d832532e27d0bdab9ca2d2a8123ce5a8018b8161a760480fadd040b927281ddb22cb9bc4df596d7de4d1b977d50 Pr

33、ivate key:Code View:p:fca682ce8e12caba26efccf7110e526db078b05edecbcd1eb4a208f3ae1617ae01f35b91a47e6df63413c5e12ed0899bcd132acd50d99151bdc43ee737592e17q: 962eddcc369cba8ebb260ee6b6a126d9346e38c5g:678471b27a9cf44ee91a49c5147db1a9aaf244f05a434d6486931d2d14271b9e35030b71fd73da179069b32e2935630e1c2062354

34、d0da20a6c416e50be794ca4x: 146c09f881656cc6c51f27ea6c3a91b85ed1d70aIt is believed to be practically impossible to compute one key from the other. That is, even though everyone knows your public key, they cant compute your private key in your lifetime, no matter how many computing resources they have

35、available.It might seem difficult to believe that nobody can compute the private key from the public keys, but nobody has ever found an algorithm to do this for the encryption algorithms that are in common use today. If the keys are sufficiently long, brute forcesimply trying all possible keyswould

36、require more computers than can be built from all the atoms in the solar system, crunching away for thousands of years. Of course, it is possible that someone could come up with algorithms for computing keys that are much more clever than brute force. For example, the RSA algorithm (the encryption a

37、lgorithm invented by Rivest, Shamir, and Adleman) depends on the difficulty of factoring large numbers. For the last 20 years, many of the best mathematicians have tried to come up with good factoring algorithms, but so far with no success. For that reason, most cryptographers believe that keys with

38、 a modulus of 2,000 bits or more are currently completely safe from any attack. DSA is believed to be similarly secure.Figure 9-12 illustrates how the process works in practice.Suppose Alice wants to send Bob a message, and Bob wants to know this message came from Alice and not an impostor. Alice wr

39、ites the message and then signs the message digest with her private key. Bob gets a copy of her public key. Bob then applies the public key to verify the signature. If the verification passes, then Bob can be assured of two facts:The original message has not been altered.The message was signed by Al

40、ice, the holder of the private key that matches the public key that Bob used for verification.You can see why security for private keys is all-important. If someone steals Alices private key or if a government can require her to turn it over, then she is in trouble. The thief or a government agent c

41、an impersonate her by sending messages, money transfer instructions, and so on, that others will believe came from Alice.The X.509 Certificate FormatTo take advantage of public key cryptography, the public keys must be distributed. One of the most common distribution formats is called X.509. Certifi

42、cates in the X.509 format are widely used by VeriSign, Microsoft, Netscape, and many other companies, for signing e-mail messages, authenticating program code, and certifying many other kinds of data. The X.509 standard is part of the X.500 series of recommendations for a directory service by the in

43、ternational telephone standards body, the CCITT.The precise structure of X.509 certificates is described in a formal notation, called abstract syntax notation #1 or ASN.1. Figure 9-13 shows the ASN.1 definition of version 3 of the X.509 format. The exact syntax is not important for us, but, as you c

44、an see, ASN.1 gives a precise definition of the structure of a certificate file. The basic encoding rules, or BER, and a variation, called distinguished encoding rules (DER) describe precisely how to save this structure in a binary file. That is, BER and DER describe how to encode integers, characte

45、r strings, bit strings, and constructs such as SEQUENCE, CHOICE, and OPTIONAL.中文译文:Java核心技术 卷高级特性当Java技术刚刚问世时,令人激动的并不是因为它是一个设计完美的编程语言,而是因为它能够安全地运行通过因特网传播的各种applet。很显然,只有当用户确信applet的代码不会破坏他的计算机时,用户才会接受在网上传播的可执行的applet。正因为如此,无论过去还是现在,安全都是设计人员和Java技术使用者所关心的一个重大问题。这就意味着,Java技术与其他的语言和系统有所不同,在那些语言和系统中安全是事

46、后才想到要去实现的,或者仅仅是对破坏的一种应对措施,而对Java技术来说,安全机制是一个不可分割的组成部分。Java技术提供了以下三种确保安全的机制:(1)语言设计特性(对数组的边界进行检查,无不检查类型的转换,无指针算法等)。(2)访问控制机制,用于控制代码能够执行的功能(比如文件访问,网络访问等)。(3) 代码签名,利用该特性,代码的作者就能够用标准的加密算法来表明Java代码的身份。这样,该代码的使用者就能够准确地知道谁创建了该代码,以及代码被标识后是否被修改过。下面,我们要介绍java.security包提供的加密算法,用来进行代码的标识和用户身份认证。正如我们前面所说,applet

47、是在Java平台上开始流行起来的。实际上,人们发现尽管他们可以编写像著名的“nervous text”那样栩栩如生的applet,但是在JDK1.0安全模式下无法发挥其一整套非常有用的作用。例如,由于JDK1.0下的applet要受到严密的监督,因此,即使applet在公司安全内部网上运行时的风险相对较小,applet也无法在企业内部网上发挥很大的作用。Sun公司很快就认识到,要使applet真正变得非常有用,用户必须可以根据applet的来源为其分配不同的安全级别。如果applet来自值得信赖的提供商,并且没有被篡改过,那么applet的用户就可以决定是否给applet授予更多的运行特权。如

48、果要给予applet更多的信赖,你必须知道下面两件事:(1)applet来自哪里?(2)在传输过程中代码是否被破坏?在过去的50年里,数学家和技术机科学家已经开发出各种各样成熟的算法,用于确保数据和电子签名的完整性,在java.security包中包含了许多这些算法的实现。在下面几节,我们将要介绍消息摘要是如何检测数据文件中的变化的,以及数字签名是如何证明签名者的身份的。消息摘要是数据块的数字指纹。例如,所谓的SHA1(安全散列算法#1)可将任何数据块,无论其数据有多长,都压缩为160位(20字节)的序列。与真实的指纹一样,人们希望任何两条消息都不会有相同的SHA1指纹。当然这是不可能的因为只存在2160 个SHA1指纹,所有肯定会有某些消息具有相同的指纹。因为2160 是一个很大的数字,所以存在重复指纹的可能性微乎其微,那么这种重复的可能性到底小到什么程度呢?根据James Walsh在他的True Odds:How Risks Affect Your Everyday Life,Merritt Publishing出版社1996年出版,一书中所阐述的,你和他们所有的人都死于雷击的概率,比伪造的消息与原来消息具有相同的SHA1指纹的概率还要高。(当然,可能有你不认识的其他10个以上的人会死于雷击,但这里我们讨论的是

展开阅读全文
相关资源
猜你喜欢
相关搜索
资源标签

当前位置:首页 > 办公文档 > 其他范文


备案号:宁ICP备20000045号-2

经营许可证:宁B2-20210002

宁公网安备 64010402000987号