Docjar: A Java Source and Docuemnt Enginecom.*    java.*    javax.*    org.*    all    new    plug-in

Quick Search    Search Deep
Overview  Package   Class  Use  Deprecated  Index 
Home >> All >> java >> [ security overview ]  PREV CLASS  NEXT CLASS
SUMMARY: JavaDoc of java.security.SignedObject JAVADOC | Sourc code of java.security.SignedObject SOURCE | Download java.security.SignedObject DOWNLOAD | NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD

java.security
Class SignedObject  view SignedObject download SignedObject.java

java.lang.Object
  extended byjava.security.SignedObject
All Implemented Interfaces:
java.io.Serializable
public final class SignedObject
extends java.lang.Object
implements java.io.Serializable

SignedObject is used for storing runtime objects whose integrity cannot be compromised without being detected.

SignedObject contains a java.io.Serializable object which is yet to be signed and a digital signature of that object.

The signed copy is a "deep copy" (in serialized form) of an original object. Any changes to that original instance are not reflected in the enclosed copy inside this SignedObject.

Several things to note are that, first there is no need to initialize the signature engine as this class will handle that automatically. Second, verification will only succeed if the public key corresponds to the private key used to generate the digital signature inside this SignedObject.

For fexibility, the signature engine can be specified in the constructor or the verify() method. Programmers wishing to verify SignedObjects should be aware of the Signature engine they use. A malicious or flawed Signature implementation may always return true on verification thus circumventing the intended secrity check provided by the SignedObject.

The GNU security provider offers an implementation of the standard NIST DSA which uses "DSA" and "SHA-1". It can be specified by "SHA/DSA", "SHA-1/DSA" or its OID. If the RSA signature algorithm is provided then it could be "MD2/RSA". "MD5/RSA", or "SHA-1/RSA". The algorithm must be specified because there is no default.

Since:
1.2

Field Summary
private  byte[] content
           
private static long serialVersionUID
           
private  byte[] signature
           
private  java.lang.String thealgorithm
           
 
Constructor Summary
SignedObject(java.io.Serializable object, PrivateKey signingKey, Signature signingEngine)
          Constructs a new instance of SignedObject from a java.io.Serializable object.
 
Method Summary
 java.lang.String getAlgorithm()
          Returns the name of the signature algorithm.
 java.lang.Object getObject()
          Returns the encapsulated object.
 byte[] getSignature()
          Returns the signature bytes of the encapsulated object.
private  void readObject(java.io.ObjectInputStream s)
          Called to restore the state of the SignedObject from a stream.
 boolean verify(PublicKey verificationKey, Signature verificationEngine)
          Verifies the encapsulated digital signature by checking that it was generated by the owner of a designated public key.
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Field Detail

serialVersionUID

private static final long serialVersionUID
See Also:
Constant Field Values

content

private byte[] content

signature

private byte[] signature

thealgorithm

private java.lang.String thealgorithm
Constructor Detail

SignedObject

public SignedObject(java.io.Serializable object,
                    PrivateKey signingKey,
                    Signature signingEngine)
             throws java.io.IOException,
                    InvalidKeyException,
                    SignatureException
Constructs a new instance of SignedObject from a java.io.Serializable object. The object is signed with a designated private key and a signature engine.

Method Detail

getObject

public java.lang.Object getObject()
                           throws java.io.IOException,
                                  java.lang.ClassNotFoundException
Returns the encapsulated object. The object is de-serialized before being returned.

getSignature

public byte[] getSignature()
Returns the signature bytes of the encapsulated object.

getAlgorithm

public java.lang.String getAlgorithm()
Returns the name of the signature algorithm.

verify

public boolean verify(PublicKey verificationKey,
                      Signature verificationEngine)
               throws InvalidKeyException,
                      SignatureException
Verifies the encapsulated digital signature by checking that it was generated by the owner of a designated public key.

readObject

private void readObject(java.io.ObjectInputStream s)
                 throws java.io.IOException,
                        java.lang.ClassNotFoundException
Called to restore the state of the SignedObject from a stream.

Overview  Package   Class  Use  Deprecated  Index 
Home >> All >> java >> [ security overview ]  PREV CLASS  NEXT CLASS
SUMMARY: JavaDoc of java.security.SignedObject JAVADOC | Sourc code of java.security.SignedObject SOURCE | Download java.security.SignedObject DOWNLOAD | NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD