Downloading and installing the NinthTest JCA Provider

The NinthTest JCA Provider is available in both binary (JAR) and source forms. Please note that Java SE version 6 or greater is required.

The Java™ Cryptography Architecture requires that Java security providers be code-signed (using a code-signing certificate issued by Oracle Corporation). As a consequence of this requirement, a JAR that is compiled directly from source will not permit the use of the JCA engine classes implemented by the NinthTest JCA Provider. If you wish to use the NinthTest JCA Provider, you must download the signed JAR.

The non-JCA classes (see the NinthTest JCA Provider API documentation and the examples in Using the NinthTest JCA Provider) are not subject to the code-signing requirement, and can be used without restriction whether you download the signed JAR or compile from source.

Download the signed NinthTest JCA Provider JAR

The signed provider JAR can be downloaded from SourceForge.

This download is recommended for general use of the NinthTest JCA Provider. The current version is 1.1.0.

Download the NinthTest JCA Provider source code

This download is recommended if you wish to create a derivative work, or are interested in examining the NinthTest JCA Provider source code for any other reason.

Clone or fork the mzipay/NinthTestJCAProvider GitHub repository:

$ git clone https://github.com/mzipay/NinthTestJCAProvider.git

Alternatively, download and extract a .zip or .tar.gz release archive from NinthTestJCAProvider/releases.

Note: If you wish to create a derivative work, even for personal (non-distribution) use, you must obtain your own code-signing certificate from Oracle Corporation to sign the JAR. Please refer to How to Implement a Provider in the Java™ Cryptography Architecture (step 6) for details.

Install the NinthTest JCA Provider

Once you have acquired the binary (JAR) of the NinthTest JCA Provider, you must take additional steps to install or register the provider before using it; it is not sufficient to simply place the JAR on your CLASSPATH! This is a security provision of the Java™ Cryptography Architecture.

The sections below describe the differences between "installing" and "registering" the NinthTest JCA Provider, and include the requisite steps for each approach.

Choose the option that best suits your needs. Please note that installing or registering the provider is not necessary if you only wish to use the non-JCA classes (see the NinthTest JCA Provider API documentation and the examples in Using the NinthTest JCA Provider).

Use the NinthTest JCA Provider as an installed extension

This form of installation is persistent; the steps only need to be followed once for any given release.

  1. Copy the downloaded ninthtest-provider.jar file into your JAVA_HOME/lib/ext directory.
  2. Add the NinthTestProvider class to the list of approved providers in the Java security properties file (see below).

Approved providers are identified in the Java security properties file, JAVA_HOME/lib/security/java.security. The comments in that file explain how to add an approved provider:

# To register a provider in this master security properties file,
# specify the Provider subclass name and priority in the format
#
#    security.provider.<n>=<className>
#
# This declares a provider, and specifies its preference
# order n. The preference order is the order in which providers are 
# searched for requested algorithms (when no specific provider is
# requested). The order is 1-based; 1 is the most preferred, followed
# by 2, and so on.

For example, if the last approved provider has the property name security.provider.10, add the following line:

security.provider.11=net.ninthtest.security.provider.NinthTestProvider

Use the NinthTest JCA Provider as a dynamically-registered provider

Please note that dynamic registration of a provider is not persistent.

  1. Reference the downloaded ninthtest_provider.jar on your application's CLASSPATH.
  2. Grant permissions to the NinthTest JCA Provider (see below).

When registered dynamically, the NinthTest JCA Provider requires permission from the security manager for getProtectionDomain, insertProvider, and putProviderProperty operations.

These permissions can be granted to the NinthTest JCA Provider by placing the following grant entry into your HOME/.java.policy file. Change the location of the ninthtest_provider.jar file to match the location on your system. For example:

grant codeBase "file:/path/to/ninthtest_provider.jar" {
    permission java.lang.RuntimePermission "getProtectionDomain";
    permission java.security.SecurityPermission "insertProvider.NinthTestProvider";
    permission java.security.SecurityPermission "putProviderProperty.NinthTestProvider";
};

Redistributing

Because the NinthTest JCA Provider deals with encryption, it is subject to U.S. Export Regulations. The source code is classified as ECCN 5D002, and takes advantage of License Exception TSU under section 740.13(e) of the Export Administration Regulations (EAR).

Derivative works and/or redistribution may be subject to additional or alternate restrictions. Please visit http://www.bis.doc.gov/ for more information.