1: /* SignedObject.java --- Signed Object Class 2: Copyright (C) 1999, 2003, Free Software Foundation, Inc. 3: 4: This file is part of GNU Classpath. 5: 6: GNU Classpath is free software; you can redistribute it and/or modify 7: it under the terms of the GNU General Public License as published by 8: the Free Software Foundation; either version 2, or (at your option) 9: any later version. 10: 11: GNU Classpath is distributed in the hope that it will be useful, but 12: WITHOUT ANY WARRANTY; without even the implied warranty of 13: MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 14: General Public License for more details. 15: 16: You should have received a copy of the GNU General Public License 17: along with GNU Classpath; see the file COPYING. If not, write to the 18: Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 19: 02110-1301 USA. 20: 21: Linking this library statically or dynamically with other modules is 22: making a combined work based on this library. Thus, the terms and 23: conditions of the GNU General Public License cover the whole 24: combination. 25: 26: As a special exception, the copyright holders of this library give you 27: permission to link this library with independent modules to produce an 28: executable, regardless of the license terms of these independent 29: modules, and to copy and distribute the resulting executable under 30: terms of your choice, provided that you also meet, for each linked 31: independent module, the terms and conditions of the license of that 32: module. An independent module is a module which is not derived from 33: or based on this library. If you modify this library, you may extend 34: this exception to your version of the library, but you are not 35: obligated to do so. If you do not wish to do so, delete this 36: exception statement from your version. */ 37: 38: package java.security; 39: 40: import java.io.ByteArrayInputStream; 41: import java.io.ByteArrayOutputStream; 42: import java.io.IOException; 43: import java.io.ObjectInput; 44: import java.io.ObjectInputStream; 45: import java.io.ObjectOutputStream; 46: import java.io.Serializable; 47: 48: /** 49: * <code>SignedObject</code> is used for storing runtime objects whose 50: * integrity cannot be compromised without being detected. 51: * 52: * <p><code>SignedObject</code> contains a {@link Serializable} object which is 53: * yet to be signed and a digital signature of that object.</p> 54: * 55: * <p>The signed copy is a "deep copy" (in serialized form) of an original 56: * object. Any changes to that original instance are not reflected in the 57: * enclosed copy inside this <code>SignedObject</code>.</p> 58: * 59: * <p>Several things to note are that, first there is no need to initialize the 60: * signature engine as this class will handle that automatically. Second, 61: * verification will only succeed if the public key corresponds to the private 62: * key used to generate the digital signature inside this 63: * <code>SignedObject</code>.</p> 64: * 65: * <p>For fexibility, the signature engine can be specified in the constructor 66: * or the <code>verify()</code> method. Programmers wishing to verify 67: * <code>SignedObject</code>s should be aware of the {@link Signature} engine 68: * they use. A malicious or flawed {@link Signature} implementation may always 69: * return true on verification thus circumventing the intended secrity check 70: * provided by the <code>SignedObject</code>.</p> 71: * 72: * <p>The GNU security provider offers an implementation of the standard NIST 73: * DSA which uses "DSA" and "SHA-1". It can be specified by "SHA/DSA", 74: * "SHA-1/DSA" or its OID. If the RSA signature algorithm is provided then it 75: * could be "MD2/RSA". "MD5/RSA", or "SHA-1/RSA". The algorithm must be 76: * specified because there is no default.</p> 77: * 78: * @author Mark Benvenuto (ivymccough@worldnet.att.net) 79: * @since 1.2 80: * @see Signature 81: */ 82: public final class SignedObject implements Serializable 83: { 84: private static final long serialVersionUID = 720502720485447167L; 85: 86: /** @serial */ 87: private byte[] content; 88: /** @serial */ 89: private byte[] signature; 90: /** @serial */ 91: private String thealgorithm; 92: 93: /** 94: * Constructs a new instance of <code>SignedObject</code> from a 95: * {@link Serializable} object. The object is signed with a designated 96: * private key and a signature engine. 97: * 98: * @param object 99: * the object to sign. 100: * @param signingKey 101: * the key to use. 102: * @param signingEngine 103: * the signature engine to use. 104: * @throws IOException 105: * if a serialization error occurred. 106: * @throws InvalidKeyException 107: * if the key is invalid. 108: * @throws SignatureException 109: * if a signing error occurs. 110: */ 111: public SignedObject(Serializable object, PrivateKey signingKey, 112: Signature signingEngine) 113: throws IOException, InvalidKeyException, SignatureException 114: { 115: thealgorithm = signingEngine.getAlgorithm(); 116: 117: ByteArrayOutputStream ostream = new ByteArrayOutputStream(); 118: ObjectOutputStream p = new ObjectOutputStream(ostream); 119: p.writeObject(object); 120: p.flush(); 121: p.close(); 122: 123: content = ostream.toByteArray(); 124: 125: signingEngine.initSign(signingKey); 126: signingEngine.update(content); 127: signature = signingEngine.sign(); 128: } 129: 130: /** 131: * Returns the encapsulated object. The object is de-serialized before being 132: * returned. 133: * 134: * @return the encapsulated object. 135: * @throws IOException 136: * if a de-serialization error occurs. 137: * @throws ClassNotFoundException 138: * if the encapsulated object's class was not found. 139: */ 140: public Object getObject() throws IOException, ClassNotFoundException 141: { 142: ByteArrayInputStream bais = new ByteArrayInputStream(content); 143: ObjectInput oi = new ObjectInputStream(bais); 144: Object obj = oi.readObject(); 145: oi.close(); 146: bais.close(); 147: 148: return obj; 149: } 150: 151: /** 152: * Returns the signature bytes of the encapsulated object. 153: * 154: * @return the signature bytes of the encapsulated object. 155: */ 156: public byte[] getSignature() 157: { 158: return (byte[]) signature.clone(); 159: 160: } 161: 162: /** 163: * Returns the name of the signature algorithm. 164: * 165: * @return the name of the signature algorithm. 166: */ 167: public String getAlgorithm() 168: { 169: return thealgorithm; 170: } 171: 172: /** 173: * Verifies the encapsulated digital signature by checking that it was 174: * generated by the owner of a designated public key. 175: * 176: * @param verificationKey 177: * the public key to use. 178: * @param verificationEngine 179: * the signature engine to use. 180: * @return <code>true</code> if signature is correct, <code>false</code> 181: * otherwise. 182: * @throws InvalidKeyException 183: * if the key is invalid. 184: * @throws SignatureException 185: * if verification fails. 186: */ 187: public boolean verify(PublicKey verificationKey, Signature verificationEngine) 188: throws InvalidKeyException, SignatureException 189: { 190: verificationEngine.initVerify(verificationKey); 191: verificationEngine.update(content); 192: return verificationEngine.verify(signature); 193: } 194: 195: /** Called to restore the state of the SignedObject from a stream. */ 196: private void readObject(ObjectInputStream s) 197: throws IOException, ClassNotFoundException 198: { 199: s.defaultReadObject(); 200: content = (byte[]) content.clone(); 201: signature = (byte[]) signature.clone(); 202: } 203: }