Date: Thu, 30 Jul 1998 14:51:16 -0700
From: James Nicolson <nicolson@netscape.com>
To: java-security@java.sun.com
Subject: dynamic providers
This is a cryptographically signed message in MIME format.
--------------msFDACD6916BE3E24C901F1139
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
I previously asked about PKCS #11 support and was informed by Hemma that
it was being considered but no work had yet been done. Since it is
necessary for our software to support PKCS #11 tokens, we are currently
working on a way to integrate this with JCA. The primary problem we are
running up against is that Providers are static. That is, a Provider is
represented by a class. What we would like is to, at start up, make a
list of all the PKCS #11 tokens installed on the system, create a
Provider for each one, and register each Provider. This entails
creating and configuring Providers at run-time, which is not really
possible if a Provider is a class. What we need is either for a
Provider to be an object or for a Provider class to take some sort of
constructor argument to allow it to be parameterized. For example, we
could make a PKCS11Provider class that takes as a constructor argument
the name of the PKCS #11 token that is being modeled.
I understand that you haven't yet scheduled time to deal with PKCS #11,
but I think this sort of run-time configuration of Providers is common
(it also exists in CDSA, for example). Since the JCA crypto classes
(signature, cipher, messagedigest) all get their instances from a
provider, we can't use them if the Provider architecture doesn't work
for us. Is there something we are missing, perhaps some way to pull
this off? If not, I think that the Provider architecture will have to
be changed before PKCS #11 can be supported.
Thanks,
James
-- **************** My views are mine, not Netscape's ***************** James Nicolson Software Engineer nicolson@netscape.com Certificate Server and Security Tools
--------------msFDACD6916BE3E24C901F1139 Content-Type: application/x-pkcs7-signature; name="smime.p7s" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="smime.p7s" Content-Description: S/MIME Cryptographic Signature
MIILEQYJKoZIhvcNAQcCoIILAjCCCv4CAQExCzAJBgUrDgMCGgUAMAsGCSqGSIb3DQEHAaCC CQswggKjMIICDKADAgECAgEQMA0GCSqGSIb3DQEBBAUAMG8xCzAJBgNVBAYTAlVTMSwwKgYD VQQKEyNOZXRzY2FwZSBDb21tdW5pY2F0aW9ucyBDb3Jwb3JhdGlvbjEdMBsGA1UECxMURm9y IFRlc3RpbmcgVXNlIE9ubHkxEzARBgNVBAMTCkdhdGV3YXlDQTIwHhcNOTgwNzIzMDIwNTQ1 WhcNOTgwODIyMDIwNTQ1WjCBhzELMAkGA1UEBhMCVVMxLDAqBgNVBAoTI05ldHNjYXBlIENv bW11bmljYXRpb25zIENvcnBvcmF0aW9uMR0wGwYDVQQLExRGb3IgVGVzdGluZyBVc2UgT25s eTERMA8GA1UEAxMIbmljb2xzb24xGDAWBgoJkiaJk/IsZAEBEwhuaWNvbHNvbjCBnzANBgkq hkiG9w0BAQEFAAOBjQAwgYkCgYEAzC4+tsJNxerH/1ZyCUwm42UlfpUOXT2RFmT4sK8eVMsH +9Ut29eetrc+HuEYPCgCFGp05uPNuk2j9SrpCtpHA0Ho4V3EA6+EOEMm3Ee3ES6WA/Mx/EdQ LugfQ14dkC3VzCRgwqbiZdCoCW8zzRSMAtzetRBtQ54GfanfObub0A0CAwEAAaM2MDQwEQYJ YIZIAYb4QgEBBAQDAgCgMB8GA1UdIwQYMBaAFNeoeKD5k2Y8MTAwFpbHYOyGCJuUMA0GCSqG SIb3DQEBBAUAA4GBAC6sX4nibjU+KPqC6qYz0dNgnCEhXctf7KjI02UKJInnwaaQj/hbGkbe nPKbjzIlWpNw31OB0p2akadgOzJrzAoM2oH0Cql4DhfmNY2zKI+Pe1RIYjkY++zORjS1Z4uz 7P1JaVGeFlRTf+DFOQd1qaEasOlIclYMLv61UGD7zersMIIDEzCCAnygAwIBAgIQSr3EK1Zh Jj2jyi8q1JzWRTANBgkqhkiG9w0BAQQFADCB6zELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZl cmlTaWduLCBJbmMuMSAwHgYDVQQLExdDbGFzcyAxIEdhdGV3YXkgQ0EgQmV0YTFCMEAGA1UE CxM5d3d3LnZlcmlzaWduLmNvbS9yZXBvc2l0b3J5L1JQQSBJbmNvcnBvcmF0ZWQgYnkgUmVm ZXJlbmNlMTwwOgYDVQQLEzNMSUFCSUxJVFkgTElNSVRFRDogQ29weXJpZ2h0KGMpIDE5OTgg VmVyaVNpZ24sIEluYy4xHzAdBgNVBAsTFlZlcmlTaWduIFRydXN0IE5ldHdvcmswHhcNOTgw NzE0MDAwMDAwWhcNOTgxMDEyMjM1OTU5WjBvMQswCQYDVQQGEwJVUzEsMCoGA1UEChMjTmV0 c2NhcGUgQ29tbXVuaWNhdGlvbnMgQ29ycG9yYXRpb24xHTAbBgNVBAsTFEZvciBUZXN0aW5n IFVzZSBPbmx5MRMwEQYDVQQDEwpHYXRld2F5Q0EyMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCB iQKBgQDCBbakBFfQ1gMigmqVuPVekMfR2CN/iJ6zPWkMQRT5K2IW4AQe0NgYP57Dnn0rTj1x mY3K1ivWQhfZplIbSdeKeV2+vqQQsttOX38w9JfckugBtEafQw4J6Lw8WGs1ke5X7uJQk0vW AbFiT1CAdFno48mBK4QXrjvvEaHgG6BFvQIDAQABozMwMTAPBgNVHRMECDAGAQH/AgEAMAsG A1UdDwQEAwIBBjARBglghkgBhvhCAQEEBAMCAQYwDQYJKoZIhvcNAQEEBQADgYEAOd8Tvaso Nxdj6QxNJgsAonxB+Rm9DdutK4+y1iZv7bhO7jYO9bL3dbg38rvgqpsvGs0zI35gNAYwLr/A qi/B2yXSRqPkGl/7zHXsr7td86FnQN/tG2JViLxZo4a9SJFnVZrXGtW9C5E3uGy7koY6xtFq 7H+Lo18kAZZzBAG6XJwwggNJMIICsqADAgECAhA9CvrU4xNabXKDFQk7uHzJMA0GCSqGSIb3 DQEBAgUAMF8xCzAJBgNVBAYTAlVTMRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjE3MDUGA1UE CxMuQ2xhc3MgMSBQdWJsaWMgUHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw05 ODA2MDUwMDAwMDBaFw05OTA2MDQyMzU5NTlaMIHrMQswCQYDVQQGEwJVUzEXMBUGA1UEChMO VmVyaVNpZ24sIEluYy4xIDAeBgNVBAsTF0NsYXNzIDEgR2F0ZXdheSBDQSBCZXRhMUIwQAYD VQQLEzl3d3cudmVyaXNpZ24uY29tL3JlcG9zaXRvcnkvUlBBIEluY29ycG9yYXRlZCBieSBS ZWZlcmVuY2UxPDA6BgNVBAsTM0xJQUJJTElUWSBMSU1JVEVEOiBDb3B5cmlnaHQoYykgMTk5 OCBWZXJpU2lnbiwgSW5jLjEfMB0GA1UECxMWVmVyaVNpZ24gVHJ1c3QgTmV0d29yazCBnzAN BgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAt8cE9DFSWyjpklUgwPzf3OjjIOjuEU/JhJxRfJoa wvCUxdVnUVCj+YhI3c+aHwv7zd5+W3dR49RfCuFnmWJ2ZwpEX0ji8ECfSwhKxLz6+PPKdaUx Q1FLCOaa7sPps0IykivyPQtLd53zFT09Tc9tAKBDAmeb009eMJJOxUIowzcCAwEAAaN5MHcw EQYJYIZIAYb4QgEBBAQDAgEGMEQGA1UdIAQ9MDswOQYLYIZIAYb4RQEHAQEwKjAoBggrBgEF BQcCARYcaHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL1JQQTAPBgNVHRMECDAGAQH/AgEBMAsG A1UdDwQEAwIBBjANBgkqhkiG9w0BAQIFAAOBgQA5Y9oNTezZiUGjMNDYc0j+er6SNNAp3ZVW f4EYIeukVDK/EIX0Mo26eOfdAoMJXHSHCZ2kp3k5BSgQVPGNKz2uOx75T8EvwY0lGgZZXKP8 1z5uvVMFzEW3QykJ6njf7nR9MeN6dKst54mgWPRL6YglIbXynNhU/lbIPHsPwMTbJDGCAc4w ggHKAgEBMHQwbzELMAkGA1UEBhMCVVMxLDAqBgNVBAoTI05ldHNjYXBlIENvbW11bmljYXRp b25zIENvcnBvcmF0aW9uMR0wGwYDVQQLExRGb3IgVGVzdGluZyBVc2UgT25seTETMBEGA1UE AxMKR2F0ZXdheUNBMgIBEDAJBgUrDgMCGgUAoIGxMBgGCSqGSIb3DQEJAzELBgkqhkiG9w0B BwEwHAYJKoZIhvcNAQkFMQ8XDTk4MDczMDIxNTExNlowIwYJKoZIhvcNAQkEMRYEFFf8bRDQ TQ1DX7nOgb89xpGaJ9ezMFIGCSqGSIb3DQEJDzFFMEMwCgYIKoZIhvcNAwcwDgYIKoZIhvcN AwICAgCAMAcGBSsOAwIHMA0GCCqGSIb3DQMCAgFAMA0GCCqGSIb3DQMCAgEoMA0GCSqGSIb3 DQEBAQUABIGAmxMJ6zj7pj1KvV5nB38T1+E0lyjry5L20U2UZLMTpGmm+K/2Pz0JL4gNqlbr 6Mg7NkiufkREukoNEFSoqmqHuSVDElj4mf/tS2iCChR2LPzC4LHSeq2i8+zrUV4hG3H31DQ/ bsi7WHfheoJZqEQOgOoWOwfIt1YOO1s5EjoEjAU= --------------msFDACD6916BE3E24C901F1139--