SignedObject is a class for the purpose of creating authentic
* runtime objects whose integrity cannot be compromised without being detected.
*
More specifically, a SignedObject contains another
* {@link Serializable} object, the (to-be-)signed object and its signature.
The signed object is a "deep copy" (in serialized form) of an * original object. Once the copy is made, further manipulation of the original * object has no side effect on the copy.
* *The underlying signing algorithm is designated by the {@link Signature}
* object passed to the constructor and the verify() method. A
* typical usage for signing is the following:
* Signature signingEngine = Signature.getInstance(algorithm, provider); * SignedObject so = new SignedObject(myobject, signingKey, signingEngine); ** *
A typical usage for verification is the following (having received
* SignedObject so):
* Signature verificationEngine = Signature.getInstance(algorithm, provider);
* if (so.verify(publickey, verificationEngine))
* try
* {
* Object myobj = so.getObject();
* }
* catch (ClassNotFoundException ignored) {};
*
*
* Several points are worth noting. First, there is no need to initialize the
* signing or verification engine, as it will be re-initialized inside the
* constructor and the verify() method. Secondly, for verification
* to succeed, the specified public key must be the public key corresponding to
* the private key used to generate the SignedObject.
More importantly, for flexibility reasons, the constructor
* and verify() method allow for customized signature engines,
* which can implement signature algorithms that are not installed formally as
* part of a crypto provider. However, it is crucial that the programmer writing
* the verifier code be aware what {@link Signature} engine is being used, as
* its own implementation of the verify() method is invoked to
* verify a signature. In other words, a malicious {@link Signature} may choose
* to always return true on verification in an attempt to bypass a
* security check.
The signature algorithm can be, among others, the NIST standard DSS,
* using DSA and SHA-1. The algorithm is specified using the same
* convention as that for signatures. The DSA algorithm using the
* SHA-1 message digest algorithm can be specified, for example, as
* "SHA/DSA" or "SHA-1/DSA" (they are equivalent). In
* the case of RSA, there are multiple choices for the message digest
* algorithm, so the signing algorithm could be specified as, for example,
* "MD2/RSA", "MD5/RSA" or "SHA-1/RSA".
* The algorithm name must be specified, as there is no default.
The name of the Cryptography Package Provider is designated also by the
* {@link Signature} parameter to the constructor and the
* verify() method. If the provider is not specified, the default
* provider is used. Each installation can be configured to use a particular
* provider as default.
Potential applications of SignedObject include:
SignedObject from any {@link Serializable}
* object. The given object is signed with the given signing key, using the
* designated signature engine.
*
* @param object the object to be signed.
* @param signingKey the private key for signing.
* @param signingEngine the signature signing engine.
* @throws IOException if an error occurs during serialization.
* @throws InvalidKeyException if the key is invalid.
* @throws SignatureException if signing fails.
*/
public SignedObject(Serializable object, PrivateKey signingKey,
Signature signingEngine)
throws IOException, InvalidKeyException, SignatureException
{
thealgorithm = signingEngine.getAlgorithm();
ByteArrayOutputStream ostream = new ByteArrayOutputStream();
ObjectOutputStream p = new ObjectOutputStream(ostream);
p.writeObject(object);
p.flush();
p.close();
content = ostream.toByteArray();
signingEngine.initSign(signingKey);
signingEngine.update(content);
signature = signingEngine.sign();
}
/**
* Retrieves the encapsulated object. The encapsulated object is de-serialized
* before it is returned.
*
* @return the encapsulated object.
* @throws IOException if an error occurs during de-serialization.
* @throws ClassNotFoundException if an error occurs during de-serialization.
*/
public Object getObject() throws IOException, ClassNotFoundException
{
ByteArrayInputStream bais = new ByteArrayInputStream(content);
ObjectInput oi = new ObjectInputStream(bais);
Object obj = oi.readObject();
oi.close();
bais.close();
return obj;
}
/**
* Retrieves the signature on the signed object, in the form of a byte array.
*
* @return a copy of the signature.
*/
public byte[] getSignature()
{
return (byte[]) signature.clone();
}
/**
* Retrieves the name of the signature algorithm.
*
* @return the signature algorithm name.
*/
public String getAlgorithm()
{
return thealgorithm;
}
/**
* Verifies that the signature in this SignedObject is the valid
* signature for the object stored inside, with the given verification key,
* using the designated verification engine.
*
* @param verificationKey the public key for verification.
* @param verificationEngine the signature verification engine.
* @return true if the signature is valid, false
* otherwise.
* @throws SignatureException if signature verification failed.
* @throws InvalidKeyException if the verification key is invalid.
*/
public boolean verify(PublicKey verificationKey, Signature verificationEngine)
throws InvalidKeyException, SignatureException
{
verificationEngine.initVerify(verificationKey);
verificationEngine.update(content);
return verificationEngine.verify(signature);
}
/** Called to restore the state of the SignedObject from a stream. */
private void readObject(ObjectInputStream s)
throws IOException, ClassNotFoundException
{
s.defaultReadObject();
content = (byte[]) content.clone();
signature = (byte[]) signature.clone();
}
}