JCA、它的提供者与JCE的关系？

Question

我认为在JCA代替JCE的地方很简单。但是，编写一些测试代码以使我的系统上的所有提供者都能访问到我的系统，这表明情况并非如此。

我注意到以下几点：

1. 有些算法有多个提供者(例如：MD5withRSA在SunRsaSign中，也在SunJSSE中)
2. JCA似乎有超越JCE中的算法的type

第1项是有意义的，因为在我看来，JCA是一个JCE提供者的库/数组，可以从中挑选。

第2项有点令人困惑，因为它表明JCA不是一个“相同”的JCE提供者数组；它是任何一种“类型”的提供者( JCE接口与否)的某种“水坑”。

那么，是JCA、它的提供者和JCE之间的工作关系吗？提供程序是否也存在于独立的筒仓中，或者它们是否“构建”了彼此之间的依赖关系？。

对于那些对代码和引发这个问题的结果感兴趣的人，下面列出

import java.security.Provider;
import java.security.Security;
import java.util.ArrayList;

public class ConsoleListJca 
{
    public static void main(String[] args) 
    {
        for (Provider provider : Security.getProviders()) 
        {
            System.out.println("Provider: " + provider.getName() + " (ver " + provider.getVersion() + ")");
            System.out.print("  Algorithms: ");
            ArrayList<String> algos = new ArrayList<String>();
            for (Provider.Service service : provider.getServices()) 
            {
                algos.add(String.format( "%s (%s)", service.getAlgorithm(), service.getType()));
            }
            java.util.Collections.sort(algos);
            String algorsStr = algos.toString();
            // remove [ and ] from ArrayList's toString()
            algorsStr = algorsStr.substring(1, algorsStr.length()-1); 
            System.out.println(algorsStr);
            System.out.println();
        }
    }
}

结果(格式化为SO)是

Provider: SUN (ver 1.7)
  Algorithms: CaseExactJKS (KeyStore), Collection (CertStore), DSA (AlgorithmParameterGenerator), 
              DSA (AlgorithmParameters), DSA (KeyFactory), DSA (KeyPairGenerator), 
              JKS (KeyStore), JavaLoginConfig (Configuration), JavaPolicy (Policy), 
              LDAP (CertStore), MD2 (MessageDigest), MD5 (MessageDigest), NONEwithDSA (Signature), 
              NativePRNG (SecureRandom), PKIX (CertPathBuilder), PKIX (CertPathValidator), 
              SHA (MessageDigest), SHA-256 (MessageDigest), SHA-384 (MessageDigest), 
              SHA-512 (MessageDigest), SHA1PRNG (SecureRandom), SHA1withDSA (Signature), 
              X.509 (CertificateFactory), com.sun.security.IndexedCollection (CertStore)

Provider: SunRsaSign (ver 1.7)
  Algorithms: MD2withRSA (Signature), MD5withRSA (Signature), RSA (KeyFactory), RSA (KeyPairGenerator), 
              SHA1withRSA (Signature), SHA256withRSA (Signature), SHA384withRSA (Signature), 
              SHA512withRSA (Signature)

Provider: SunEC (ver 1.7)
  Algorithms: EC (AlgorithmParameters), EC (KeyFactory), EC (KeyPairGenerator), ECDH (KeyAgreement), 
              NONEwithECDSA (Signature), SHA1withECDSA (Signature), SHA256withECDSA (Signature), 
              SHA384withECDSA (Signature), SHA512withECDSA (Signature)

Provider: SunJSSE (ver 1.7)
  Algorithms: Default (SSLContext), MD2withRSA (Signature), MD5andSHA1withRSA (Signature), 
              MD5withRSA (Signature), NewSunX509 (KeyManagerFactory), PKCS12 (KeyStore), 
              PKIX (TrustManagerFactory), RSA (KeyFactory), RSA (KeyPairGenerator), 
              SHA1withRSA (Signature), SunX509 (KeyManagerFactory), SunX509 (TrustManagerFactory), 
              TLSv1 (SSLContext), TLSv1.1 (SSLContext), TLSv1.2 (SSLContext)

Provider: SunJCE (ver 1.7)
  Algorithms: AES (AlgorithmParameters), AES (Cipher), AES (KeyGenerator), AESWrap (Cipher), 
              ARCFOUR (Cipher), ARCFOUR (KeyGenerator), Blowfish (AlgorithmParameters), 
              Blowfish (Cipher), Blowfish (KeyGenerator), DES (AlgorithmParameters), 
              DES (Cipher), DES (KeyGenerator), DES (SecretKeyFactory), DESede (AlgorithmParameters), 
              DESede (Cipher), DESede (KeyGenerator), DESede (SecretKeyFactory), DESedeWrap (Cipher), 
              DiffieHellman (AlgorithmParameterGenerator), DiffieHellman (AlgorithmParameters), 
              DiffieHellman (KeyAgreement), DiffieHellman (KeyFactory), 
              DiffieHellman (KeyPairGenerator), HmacMD5 (KeyGenerator), HmacMD5 (Mac), 
              HmacPBESHA1 (Mac), HmacSHA1 (KeyGenerator), HmacSHA1 (Mac), HmacSHA256 (KeyGenerator), 
              HmacSHA256 (Mac), HmacSHA384 (KeyGenerator), HmacSHA384 (Mac), HmacSHA512 (KeyGenerator), 
              HmacSHA512 (Mac), JCEKS (KeyStore), OAEP (AlgorithmParameters), PBE (AlgorithmParameters), 
              PBEWithMD5AndDES (AlgorithmParameters), PBEWithMD5AndDES (Cipher), 
              PBEWithMD5AndDES (SecretKeyFactory), PBEWithMD5AndTripleDES (AlgorithmParameters), 
              PBEWithMD5AndTripleDES (Cipher), PBEWithMD5AndTripleDES (SecretKeyFactory), 
              PBEWithSHA1AndDESede (AlgorithmParameters), PBEWithSHA1AndDESede (Cipher), 
              PBEWithSHA1AndDESede (SecretKeyFactory), PBEWithSHA1AndRC2_40 (AlgorithmParameters), 
              PBEWithSHA1AndRC2_40 (Cipher), PBEWithSHA1AndRC2_40 (SecretKeyFactory), 
              PBKDF2WithHmacSHA1 (SecretKeyFactory), RC2 (AlgorithmParameters), RC2 (Cipher), 
              RC2 (KeyGenerator), RSA (Cipher), SslMacMD5 (Mac), SslMacSHA1 (Mac), 
              SunTls12Prf (KeyGenerator), SunTlsKeyMaterial (KeyGenerator), SunTlsMasterSecret (KeyGenerator), 
              SunTlsPrf (KeyGenerator), SunTlsRsaPremasterSecret (KeyGenerator)

Provider: SunJGSS (ver 1.7)
  Algorithms: 1.2.840.113554.1.2.2 (GssApiMechanism), 1.3.6.1.5.5.2 (GssApiMechanism)

Provider: SunSASL (ver 1.7)
  Algorithms: CRAM-MD5 (SaslClientFactory), CRAM-MD5 (SaslServerFactory), DIGEST-MD5 (SaslClientFactory), 
              DIGEST-MD5 (SaslServerFactory), EXTERNAL (SaslClientFactory), GSSAPI (SaslClientFactory), 
              GSSAPI (SaslServerFactory), NTLM (SaslClientFactory), NTLM (SaslServerFactory), PLAIN (SaslClientFactory)

Provider: XMLDSig (ver 1.0)
  Algorithms: DOM (KeyInfoFactory), DOM (XMLSignatureFactory), 
              http://www.w3.org/2000/09/xmldsig#base64 (TransformService), 
              http://www.w3.org/2000/09/xmldsig#enveloped-signature (TransformService), 
              http://www.w3.org/2001/10/xml-exc-c14n# (TransformService), 
              http://www.w3.org/2001/10/xml-exc-c14n#WithComments (TransformService), 
              http://www.w3.org/2002/06/xmldsig-filter2 (TransformService), 
              http://www.w3.org/2006/12/xml-c14n11 (TransformService), 
              http://www.w3.org/2006/12/xml-c14n11#WithComments (TransformService), 
              http://www.w3.org/TR/1999/REC-xpath-19991116 (TransformService), 
              http://www.w3.org/TR/1999/REC-xslt-19991116 (TransformService), 
              http://www.w3.org/TR/2001/REC-xml-c14n-20010315 (TransformService), 
              http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments (TransformService)

Provider: SunPCSC (ver 1.7)
  Algorithms: PC/SC (TerminalFactory)

Provider: Apple (ver 1.1)
  Algorithms: KeychainStore (KeyStore)

Answer 1

JCA和JCE的基本区别在于JCE是JCA的扩展，而不是替代。JCA包括MessageDigest、SecureRandom、KeyFactory、Signature和KeyStore等类。JCE添加了更多的密码学类，如Cipher、KeyGeneration、Mac和KeyGeneration。JCA和JCE之间的区别在很大程度上已经消失，因为JCE已经提供标准运行时一段时间了。

JCA/JCE旨在将加密实现与抽象分离。它是一种基于提供程序的体系结构，您可以在其中插入您选择的提供者(例如BouncyCastle )，它比标准Java运行时中包含的提供者提供的密码算法支持更多。

Answer 2

JCE最初是一个单独的API，但现在JCE被合并为JCA的一部分。

来自JDK 11文档：

在JDK1.4之前，JCE是一个未绑定的产品，因此，JCA和JCE经常被称为独立的、不同的组件。由于JCE现在被捆绑在JDK中，这种区别变得不那么明显了。由于JCE使用与JCA相同的体系结构，因此应该更正确地将JCE视为JCA的一部分。

现在，JCE是JCA的一部分，JCE这个术语从生态系统中慢慢消失了。

简而言之：JCE是历史上的一个技术/术语/概念。现在的Java开发人员使用JCA来访问Java中的加密技术，而且从来没有提到JCE。