Re: java.security.Security.getImpl()

Jan Luehe (Jan.Luehe@Eng)
Tue, 17 Feb 1998 10:02:29 -0800 (PST)

Date: Tue, 17 Feb 1998 10:02:29 -0800 (PST)
From: Jan Luehe <Jan.Luehe@Eng>
Subject: Re: java.security.Security.getImpl()
To: java-security@web2.javasoft.com, leachbj@aba.net.au

Bernard:

> I was looking at the jdk1.2 sources and jce1.2 documentation
> and I'm confused as to how the javax.crypto.Cipher class determines
> the class that implements a particular algorithm for a given
> provider.
>
> The java.security.MessageDigest & java.security.Signature classes
> use the java.security.Security.getImpl() method to do the mapping
> but that method has package protection and so is inaccessible to
> the javax.crypto package.
>
> Is it just an oversight that the getImpl() method has this protection
> or is there some other reason I have missed?

There is a package-private class "JceSecurity.java"
in javax.crypto, which does the job of creating instances of
provider implementations. It provides a "getImpl" method in the same
fashion as java.security.Security, only that it checks if the
provider implementation is a subclass of

"javax.crypto." + type + "Spi"

instead of

"java.security." + type + "Spi".

javadocs does not create any documentation for package-private
classes, so that's why you did not see it.

Note that all providers (including those for the JCE) are managed
(i.e., registered and removed) by an instance of java.security.Security.

When you request a provider implementation in JCE,
javax.crypto.JceSecurity.getImpl() first
retrieves a list of currently registered providers
(by calling java.security.Security.getProviders()), and then operates
in the same way as java.security.Security.getImpl()
(with the one difference mentioned above).

Jan