From 8aa540d2f783474d1d2e06f16744bf67b9c1facc Mon Sep 17 00:00:00 2001 From: Mark Wielaard Date: Fri, 10 Mar 2006 21:46:48 +0000 Subject: Imported GNU Classpath 0.90 Imported GNU Classpath 0.90 * scripts/makemake.tcl: Set gnu/java/awt/peer/swing to ignore. * gnu/classpath/jdwp/VMFrame.java (SIZE): New constant. * java/lang/VMCompiler.java: Use gnu.java.security.hash.MD5. * java/lang/Math.java: New override file. * java/lang/Character.java: Merged from Classpath. (start, end): Now 'int's. (canonicalName): New field. (CANONICAL_NAME, NO_SPACES_NAME, CONSTANT_NAME): New constants. (UnicodeBlock): Added argument. (of): New overload. (forName): New method. Updated unicode blocks. (sets): Updated. * sources.am: Regenerated. * Makefile.in: Likewise. From-SVN: r111942 --- libjava/classpath/java/security/SignedObject.java | 177 +++++++++------------- 1 file changed, 70 insertions(+), 107 deletions(-) (limited to 'libjava/classpath/java/security/SignedObject.java') diff --git a/libjava/classpath/java/security/SignedObject.java b/libjava/classpath/java/security/SignedObject.java index d565b2ea3b4..be5a6746122 100644 --- a/libjava/classpath/java/security/SignedObject.java +++ b/libjava/classpath/java/security/SignedObject.java @@ -46,82 +46,34 @@ import java.io.ObjectOutputStream; import java.io.Serializable; /** - *

SignedObject is a class for the purpose of creating authentic - * runtime objects whose integrity cannot be compromised without being detected. - *

- * - *

More specifically, a SignedObject contains another - * {@link Serializable} object, the (to-be-)signed object and its signature.

- * - *

The signed object is a "deep copy" (in serialized form) of an - * original object. Once the copy is made, further manipulation of the original - * object has no side effect on the copy.

- * - *

The underlying signing algorithm is designated by the {@link Signature} - * object passed to the constructor and the verify() method. A - * typical usage for signing is the following:

- * - * 
- * Signature signingEngine = Signature.getInstance(algorithm, provider);
- * SignedObject so = new SignedObject(myobject, signingKey, signingEngine);
- *
- * - *

A typical usage for verification is the following (having received - * SignedObject so):

- * - * 
- * Signature verificationEngine = Signature.getInstance(algorithm, provider);
- * if (so.verify(publickey, verificationEngine))
- *   try
- *     {
- *       Object myobj = so.getObject();
- *     }
- *   catch (ClassNotFoundException ignored) {};
- *
- * - *

Several points are worth noting. First, there is no need to initialize the - * signing or verification engine, as it will be re-initialized inside the - * constructor and the verify() method. Secondly, for verification - * to succeed, the specified public key must be the public key corresponding to - * the private key used to generate the SignedObject.

- * - *

More importantly, for flexibility reasons, the constructor - * and verify() method allow for customized signature engines, - * which can implement signature algorithms that are not installed formally as - * part of a crypto provider. However, it is crucial that the programmer writing - * the verifier code be aware what {@link Signature} engine is being used, as - * its own implementation of the verify() method is invoked to - * verify a signature. In other words, a malicious {@link Signature} may choose - * to always return true on verification in an attempt to bypass a - * security check.

- * - *

The signature algorithm can be, among others, the NIST standard DSS, - * using DSA and SHA-1. The algorithm is specified using the same - * convention as that for signatures. The DSA algorithm using the - * SHA-1 message digest algorithm can be specified, for example, as - * "SHA/DSA" or "SHA-1/DSA" (they are equivalent). In - * the case of RSA, there are multiple choices for the message digest - * algorithm, so the signing algorithm could be specified as, for example, - * "MD2/RSA", "MD5/RSA" or "SHA-1/RSA". - * The algorithm name must be specified, as there is no default.

- * - *

The name of the Cryptography Package Provider is designated also by the - * {@link Signature} parameter to the constructor and the - * verify() method. If the provider is not specified, the default - * provider is used. Each installation can be configured to use a particular - * provider as default.

- * - *

Potential applications of SignedObject include:

- * - * + * SignedObject is used for storing runtime objects whose + * integrity cannot be compromised without being detected. + * + *

SignedObject contains a {@link Serializable} object which is + * yet to be signed and a digital signature of that object.

+ * + *

The signed copy is a "deep copy" (in serialized form) of an original + * object. Any changes to that original instance are not reflected in the + * enclosed copy inside this SignedObject.

+ * + *

Several things to note are that, first there is no need to initialize the + * signature engine as this class will handle that automatically. Second, + * verification will only succeed if the public key corresponds to the private + * key used to generate the digital signature inside this + * SignedObject.

+ * + *

For fexibility, the signature engine can be specified in the constructor + * or the verify() method. Programmers wishing to verify + * SignedObjects should be aware of the {@link Signature} engine + * they use. A malicious or flawed {@link Signature} implementation may always + * return true on verification thus circumventing the intended secrity check + * provided by the SignedObject.

+ * + *

The GNU security provider offers an implementation of the standard NIST + * DSA which uses "DSA" and "SHA-1". It can be specified by "SHA/DSA", + * "SHA-1/DSA" or its OID. If the RSA signature algorithm is provided then it + * could be "MD2/RSA". "MD5/RSA", or "SHA-1/RSA". The algorithm must be + * specified because there is no default.

* * @author Mark Benvenuto (ivymccough@worldnet.att.net) * @since 1.2 @@ -139,16 +91,22 @@ public final class SignedObject implements Serializable private String thealgorithm; /** - * Constructs a SignedObject from any {@link Serializable} - * object. The given object is signed with the given signing key, using the - * designated signature engine. - * - * @param object the object to be signed. - * @param signingKey the private key for signing. - * @param signingEngine the signature signing engine. - * @throws IOException if an error occurs during serialization. - * @throws InvalidKeyException if the key is invalid. - * @throws SignatureException if signing fails. + * Constructs a new instance of SignedObject from a + * {@link Serializable} object. The object is signed with a designated + * private key and a signature engine. + * + * @param object + * the object to sign. + * @param signingKey + * the key to use. + * @param signingEngine + * the signature engine to use. + * @throws IOException + * if a serialization error occurred. + * @throws InvalidKeyException + * if the key is invalid. + * @throws SignatureException + * if a signing error occurs. */ public SignedObject(Serializable object, PrivateKey signingKey, Signature signingEngine) @@ -170,12 +128,14 @@ public final class SignedObject implements Serializable } /** - * Retrieves the encapsulated object. The encapsulated object is de-serialized - * before it is returned. - * + * Returns the encapsulated object. The object is de-serialized before being + * returned. + * * @return the encapsulated object. - * @throws IOException if an error occurs during de-serialization. - * @throws ClassNotFoundException if an error occurs during de-serialization. + * @throws IOException + * if a de-serialization error occurs. + * @throws ClassNotFoundException + * if the encapsulated object's class was not found. */ public Object getObject() throws IOException, ClassNotFoundException { @@ -189,9 +149,9 @@ public final class SignedObject implements Serializable } /** - * Retrieves the signature on the signed object, in the form of a byte array. - * - * @return a copy of the signature. + * Returns the signature bytes of the encapsulated object. + * + * @return the signature bytes of the encapsulated object. */ public byte[] getSignature() { @@ -200,9 +160,9 @@ public final class SignedObject implements Serializable } /** - * Retrieves the name of the signature algorithm. - * - * @return the signature algorithm name. + * Returns the name of the signature algorithm. + * + * @return the name of the signature algorithm. */ public String getAlgorithm() { @@ -210,16 +170,19 @@ public final class SignedObject implements Serializable } /** - * Verifies that the signature in this SignedObject is the valid - * signature for the object stored inside, with the given verification key, - * using the designated verification engine. - * - * @param verificationKey the public key for verification. - * @param verificationEngine the signature verification engine. - * @return true if the signature is valid, false - * otherwise. - * @throws SignatureException if signature verification failed. - * @throws InvalidKeyException if the verification key is invalid. + * Verifies the encapsulated digital signature by checking that it was + * generated by the owner of a designated public key. + * + * @param verificationKey + * the public key to use. + * @param verificationEngine + * the signature engine to use. + * @return true if signature is correct, false + * otherwise. + * @throws InvalidKeyException + * if the key is invalid. + * @throws SignatureException + * if verification fails. */ public boolean verify(PublicKey verificationKey, Signature verificationEngine) throws InvalidKeyException, SignatureException -- cgit v1.2.3