计算机类 外文文献 翻译.docx

计算机类 外文文献 翻译.docx

《计算机类 外文文献 翻译.docx》由会员分享，可在线阅读，更多相关《计算机类 外文文献 翻译.docx（11页珍藏版）》请在冰豆网上搜索。

计算机类外文文献翻译

本科毕业论文

外文文献及译文

文献、资料题目：

CoreJava™VolumeII–AdvancedFeatures

文献、资料来源：

著作

文献、资料发表（出版）日期：

2008.12.1

院（部）：

计算机科学与技术学院

专业：

网络工程

班级：

网络082

******

学号：

**********

*******

翻译日期：

2012.5.10

外文文献：

CoreJava™VolumeII–AdvancedFeatures

WhenJavatechnologyfirstappearedonthescene,theexcitementwasnotaboutawell-craftedprogramminglanguagebutaboutthepossibilityofsafelyexecutingappletsthataredeliveredovertheInternet（seeVolumeI,Chapter10formoreinformationaboutapplets）.Obviously,deliveringexecutableappletsispracticalonlywhentherecipientsaresurethatthecodecan'twreakhavocontheirmachines.Forthisreason,securitywasandisamajorconcernofboththedesignersandtheusersofJavatechnology.Thismeansthatunlikeotherlanguagesandsystems,wheresecuritywasimplementedasanafterthoughtorareactiontobreak-ins,securitymechanismsareanintegralpartofJavatechnology.

Threemechanismshelpensuresafety:

•Languagedesignfeatures（boundscheckingonarrays,nouncheckedtypeconversions,nopointerarithmetic,andsoon）.

•Anaccesscontrolmechanismthatcontrolswhatthecodecando（suchasfileaccess,networkaccess,andsoon）.

•Codesigning,wherebycodeauthorscanusestandardcryptographicalgorithmstoauthenticateJavacode.Then,theusersofthecodecandetermineexactlywhocreatedthecodeandwhetherthecodehasbeenalteredafteritwassigned.

Below,you'llseethecryptographicalgorithmssuppliedinthejava.securitypackage,whichallowforcodesigninganduserauthentication.

Aswesaidearlier,appletswerewhatstartedthecrazeovertheJavaplatform.Inpractice,peoplediscoveredthatalthoughtheycouldwriteanimatedappletslikethefamous"nervoustext"applet,appletscouldnotdoawholelotofusefulstuffintheJDK1.0securitymodel.Forexample,becauseappletsunderJDK1.0weresocloselysupervised,theycouldn'tdomuchgoodonacorporateintranet,eventhoughrelativelylittleriskattachestoexecutinganappletfromyourcompany'ssecureintranet.ItquicklybecamecleartoSunthatforappletstobecometrulyuseful,itwasimportantforuserstobeabletoassigndifferentlevelsofsecurity,dependingonwheretheappletoriginated.Ifanappletcomesfromatrustedsupplierandithasnotbeentamperedwith,theuserofthatappletcanthendecidewhethertogivetheappletmoreprivileges.

Togivemoretrusttoanapplet,weneedtoknowtwothings:

•Wheredidtheappletcomefrom?

•Wasthecodecorruptedintransit?

Inthepast50years,mathematiciansandcomputerscientistshavedevelopedsophisticatedalgorithmsforensuringtheintegrityofdataandforelectronicsignatures.Thejava.securitypackagecontainsimplementationsofmanyofthesealgorithms.Fortunately,youdon'tneedtounderstandtheunderlyingmathematicstousethealgorithmsinthejava.securitypackage.Inthenextsections,weshowyouhowmessagedigestscandetectchangesindatafilesandhowdigitalsignaturescanprovetheidentityofthesigner.

Amessagedigestisadigitalfingerprintofablockofdata.Forexample,theso-calledSHA1（securehashalgorithm#1）condensesanydatablock,nomatterhowlong,intoasequenceof160bits（20bytes）.Aswithrealfingerprints,onehopesthatnotwomessageshavethesameSHA1fingerprint.Ofcourse,thatcannotbetrue—thereareonly2160SHA1fingerprints,sotheremustbesomemessageswiththesamefingerprint.But2160issolargethattheprobabilityofduplicationoccurringisnegligible.Hownegligible?

AccordingtoJamesWalshinTrueOdds:

HowRisksAffectYourEverydayLife（MerrittPublishing1996）,thechancethatyouwilldiefrombeingstruckbylightningisaboutonein30,000.Now,thinkofnineotherpeople,forexample,yournineleastfavoritemanagersorprofessors.ThechancethatyouandallofthemwilldiefromlightningstrikesishigherthanthatofaforgedmessagehavingthesameSHA1fingerprintastheoriginal.（Ofcourse,morethantenpeople,noneofwhomyouarelikelytoknow,willdiefromlightningstrikes.However,wearetalkingaboutthefarslimmerchancethatyourparticularchoiceofpeoplewillbewipedout.）

Amessagedigesthastwoessentialproperties:

•Ifonebitorseveralbitsofthedataarechanged,thenthemessagedigestalsochanges.

•Aforgerwhoisinpossessionofagivenmessagecannotconstructafakemessagethathasthesamemessagedigestastheoriginal.

Thesecondpropertyisagainamatterofprobabilities,ofcourse.Considerthefollowingmessagebythebillionairefather:

"Uponmydeath,mypropertyshallbedividedequallyamongmychildren;however,mysonGeorgeshallreceivenothing."

ThatmessagehasanSHA1fingerprintof

2D8B35F3BF49CDB19404E066212B5E577049E17E

Thedistrustfulfatherhasdepositedthemessagewithoneattorneyandthefingerprintwithanother.Now,supposeGeorgecanbribethelawyerholdingthemessage.HewantstochangethemessagesothatBillgetsnothing.Ofcourse,thatchangesthefingerprinttoacompletelydifferentbitpattern:

2A330B4BB3FECC1C9D5C01A709510B49AC8F9892

CanGeorgefindsomeotherwordingthatmatchesthefingerprint?

IfhehadbeentheproudownerofabillioncomputersfromthetimetheEarthwasformed,eachcomputingamillionmessagesasecond,hewouldnotyethavefoundamessagehecouldsubstitute.

Anumberofalgorithmshavebeendesignedtocomputethesemessagedigests.Thetwobest-knownareSHA1,thesecurehashalgorithmdevelopedbytheNationalInstituteofStandardsandTechnology,andMD5,analgorithminventedbyRonaldRivestofMIT.Bothalgorithmsscramblethebitsofamessageiningeniousways.Fordetailsaboutthesealgorithms,see,forexample,CryptographyandNetworkSecurity,4thed.,byWilliamStallings（PrenticeHall2005）.Notethatrecently,subtleregularitieshavebeendiscoveredinbothalgorithms.Atthispoint,mostcryptographersrecommendavoidingMD5andusingSHA1untilastrongeralternativebecomesavailable.（Seeformoreinformation.）

TheJavaprogramminglanguageimplementsbothSHA1andMD5.TheMessageDigestclassisafactoryforcreatingobjectsthatencapsulatethefingerprintingalgorithms.Ithasastaticmethod,calledgetInstance,thatreturnsanobjectofaclassthatextendstheMessageDigestclass.ThismeanstheMessageDigestclassservesdoubleduty:

•Asafactoryclass

•Asthesuperclassforallmessagedigestalgorithms

Forexample,hereishowyouobtainanobjectthatcancomputeSHAfingerprints:

MessageDigestalg=MessageDigest.getInstance（"SHA-1"）;

（TogetanobjectthatcancomputeMD5,usethestring"MD5"astheargumenttogetInstance.）

AfteryouhaveobtainedaMessageDigestobject,youfeeditallthebytesinthemessagebyrepeatedlycallingtheupdatemethod.Forexample,thefollowingcodepassesallbytesinafiletothealgobjectjustcreatedtodothefingerprinting：

InputStreamin=...

intch;

while（（ch=in.read（））!

=-1）

alg.update（（byte）ch）;

Alternatively,ifyouhavethebytesinanarray,youcanupdatetheentirearrayatonce:

byte[]bytes=...;

alg.update（bytes）;

Whenyouaredone,callthedigestmethod.Thismethodpadstheinput—asrequiredbythefingerprintingalgorithm—doesthecomputation,andreturnsthedigestasanarrayofbytes.

byte[]hash=alg.digest（）;

TheprograminListing9-15computesamessagedigest,usingeitherSHAorMD5.Youcanloadthedatatobedigestedfromafile,oryoucantypeamessageinthetextarea.

MessageSigning

Inthelastsection,yousawhowtocomputeamessagedigest,afingerprintfortheoriginalmessage.Ifthemessageisaltered,thenthefingerprintofthealteredmessagewillnotmatchthefingerprintoftheoriginal.Ifthemessageanditsfingerprintaredeliveredseparately,thentherecipientcancheckwhetherthemessagehasbeentamperedwith.However,ifboththemessageandthefingerprintwereintercepted,itisaneasymattertomodifythemessageandthenrecomputethefingerprint.Afterall,themessagedigestalgorithmsarepubliclyknown,andtheydon'trequiresecretkeys.Inthatcase,therecipientoftheforgedmessageandtherecomputedfingerprintwouldneverknowthatthemessagehasbeenaltered.Digitalsignaturessolvethisproblem.

Tohelpyouunderstandhowdigitalsignatureswork,weexplainafewconceptsfromthefieldcalledpublickeycryptography.Publickeycryptographyisbasedonthenotionofapublickeyandprivatekey.Theideaisthatyoutelleveryoneintheworldyourpublickey.However,onlyyouholdtheprivatekey,anditisimportantthatyousafeguarditanddon'treleaseittoanyoneelse.Thekeysarematchedbymathematicalrelationships,buttheexactnatureoftheserelationshipsisnotimportantforus.（Ifyouareinterested,youcanlookitupinTheHandbookofAppliedCryptographyathttp:

//www.cacr.math.uwaterloo.ca/hac/.）

Thekeysarequitelongandcomplex.Forexample,hereisamatchingpairofpublicandprivateDigitalSignatureAlgorithm（DSA）keys.

Publickey:

CodeView:

p:

fca682ce8e12caba26efccf7110e526db078b05edecbcd1eb4a208f3ae1617ae01f35b91a47e6df63413c5e12ed0899bcd132acd50d99151bdc43ee737592e17

q:

962eddcc369cba8ebb260ee6b6a126d9346e38c5

g:

678471b27a9cf44ee91a49c5147db1a9aaf244f05a434d6486931d2d14271b9e35030b71fd73da179069b32e2935630e1c2062354d0da20a6c416e50be794ca4

y:

c0b6e67b4ac098eb1a32c5f8c4c1f0e7e6fb9d832532e27d0bdab9ca2d2a8123ce5a8018b8161a760480fadd040b927281ddb22cb9bc4df596d7de4d1b977d50

Privatekey:

CodeView:

p:

fca682ce8e12caba26efccf7110e526db078b05edecbcd1eb4a208f3ae1617ae01f35b91a47e6df63413c5e12ed0899bcd132acd