From 7451c1559ef877317965306543fd792944044b2c Mon Sep 17 00:00:00 2001 From: Tom Tromey Date: Sat, 19 Apr 2003 20:54:55 +0000 Subject: Makefile.in: Rebuilt. * Makefile.in: Rebuilt. * Makefile.am (ordinary_java_source_files): Added new files. * java/security/AlgorithmParameterGenerator.java, java/security/AlgorithmParameters.java, java/security/Engine.java, java/security/Identity.java, java/security/IdentityScope.java, java/security/KeyFactory.java, java/security/KeyPairGenerator.java, java/security/KeyStore.java, java/security/MessageDigest.java, java/security/Policy.java, java/security/ProtectionDomain.java, java/security/SecureRandom.java, java/security/Security.java, java/security/Signature.java, java/security/SignatureSpi.java, java/security/SignedObject.java, java/security/Signer.java, java/security/interfaces/RSAMultiPrimePrivateCrtKey.java, java/security/spec/PSSParameterSpec.java, java/security/spec/RSAMultiPrimePrivateCrtKeySpec.java, java/security/spec/RSAOtherPrimeInfo.java: New versions from Classpath. From-SVN: r65829 --- libjava/java/security/SignedObject.java | 217 ++++++++++++++++++++------------ 1 file changed, 139 insertions(+), 78 deletions(-) (limited to 'libjava/java/security/SignedObject.java') diff --git a/libjava/java/security/SignedObject.java b/libjava/java/security/SignedObject.java index 78684e57e73..6a8d612b7fc 100644 --- a/libjava/java/security/SignedObject.java +++ b/libjava/java/security/SignedObject.java @@ -1,5 +1,5 @@ /* SignedObject.java --- Signed Object Class - Copyright (C) 1999 Free Software Foundation, Inc. + Copyright (C) 1999, 2003, Free Software Foundation, Inc. This file is part of GNU Classpath. @@ -36,70 +36,123 @@ obligated to do so. If you do not wish to do so, delete this exception statement from your version. */ package java.security; + import java.io.ByteArrayInputStream; import java.io.ByteArrayOutputStream; import java.io.IOException; +import java.io.ObjectInput; import java.io.ObjectInputStream; import java.io.ObjectOutputStream; import java.io.Serializable; /** - SignedObject is used for storing rutime objects whose integrity - cannot be compromised without being detected. - - SignedObject contains a Serializable object which is yet to be - signed and its signature. - - The signed copy is a "deep copy" (in serialized form) of the - original object. Any changes to the original will not affect - the original. - - Several things to note are that, first there is no need to - initialize the signature engine as this class will handle that - automatically. Second, verification will only succeed if the - public key corresponds to the private key used to generate - the SignedObject. - - For fexibility, the signature engine can be specified in the - constructor or the verify method. The programmer who writes - code that verifies the SignedObject has not changed should be - aware of the Signature engine they use. A malicious Signature - may choose to always return true on verification and - bypass the secrity check. - - The GNU provider provides the NIST standard DSA which uses DSA - and SHA-1. It can be specified by SHA/DSA, SHA-1/DSA or its - OID. If the RSA signature algorithm is provided then - it could be MD2/RSA. MD5/RSA, or SHA-1/RSA. The algorithm must - be specified because there is no default. - - @author Mark Benvenuto - - @since JDK 1.2 + *

SignedObject is a class for the purpose of creating authentic + * runtime objects whose integrity cannot be compromised without being detected. + *

+ * + *

More specifically, a SignedObject contains another + * {@link Serializable} object, the (to-be-)signed object and its signature.

+ * + *

The signed object is a "deep copy" (in serialized form) of an + * original object. Once the copy is made, further manipulation of the original + * object has no side effect on the copy.

+ * + *

The underlying signing algorithm is designated by the {@link Signature} + * object passed to the constructor and the verify() method. A + * typical usage for signing is the following:

+ * + * 
+ * Signature signingEngine = Signature.getInstance(algorithm, provider);
+ * SignedObject so = new SignedObject(myobject, signingKey, signingEngine);
+ *
+ * + *

A typical usage for verification is the following (having received + * SignedObject so):

+ * + * 
+ * Signature verificationEngine = Signature.getInstance(algorithm, provider);
+ * if (so.verify(publickey, verificationEngine))
+ *   try
+ *     {
+ *       Object myobj = so.getObject();
+ *     }
+ *   catch (ClassNotFoundException ignored) {};
+ *
+ * + *

Several points are worth noting. First, there is no need to initialize the + * signing or verification engine, as it will be re-initialized inside the + * constructor and the verify() method. Secondly, for verification + * to succeed, the specified public key must be the public key corresponding to + * the private key used to generate the SignedObject.

+ * + *

More importantly, for flexibility reasons, the constructor + * and verify() method allow for customized signature engines, + * which can implement signature algorithms that are not installed formally as + * part of a crypto provider. However, it is crucial that the programmer writing + * the verifier code be aware what {@link Signature} engine is being used, as + * its own implementation of the verify() method is invoked to + * verify a signature. In other words, a malicious {@link Signature} may choose + * to always return true on verification in an attempt to bypass a + * security check.

+ * + *

The signature algorithm can be, among others, the NIST standard DSS, + * using DSA and SHA-1. The algorithm is specified using the same + * convention as that for signatures. The DSA algorithm using the + * SHA-1 message digest algorithm can be specified, for example, as + * "SHA/DSA" or "SHA-1/DSA" (they are equivalent). In + * the case of RSA, there are multiple choices for the message digest + * algorithm, so the signing algorithm could be specified as, for example, + * "MD2/RSA", "MD5/RSA" or "SHA-1/RSA". + * The algorithm name must be specified, as there is no default.

+ * + *

The name of the Cryptography Package Provider is designated also by the + * {@link Signature} parameter to the constructor and the + * verify() method. If the provider is not specified, the default + * provider is used. Each installation can be configured to use a particular + * provider as default.

+ * + *

Potential applications of SignedObject include:

+ * + * + * + * @author Mark Benvenuto + * @since 1.2 + * @see Signature */ public final class SignedObject implements Serializable { static final long serialVersionUID = 720502720485447167L; + /** @serial */ private byte[] content; + /** @serial */ private byte[] signature; + /** @serial */ private String thealgorithm; /** - Constructs a new SignedObject from a Serializeable object. The - object is signed with private key and signature engine - - @param object the object to sign - @param signingKey the key to sign with - @param signingEngine the signature engine to use - - @throws IOException serialization error occurred - @throws InvalidKeyException invalid key - @throws SignatureException signing error + * Constructs a SignedObject from any {@link Serializable} + * object. The given object is signed with the given signing key, using the + * designated signature engine. + * + * @param object the object to be signed. + * @param signingKey the private key for signing. + * @param signingEngine the signature signing engine. + * @throws IOException if an error occurs during serialization. + * @throws InvalidKeyException if the key is invalid. + * @throws SignatureException if signing fails. */ public SignedObject(Serializable object, PrivateKey signingKey, - Signature signingEngine) throws IOException, - InvalidKeyException, SignatureException + Signature signingEngine) + throws IOException, InvalidKeyException, SignatureException { thealgorithm = signingEngine.getAlgorithm(); @@ -107,6 +160,7 @@ public final class SignedObject implements Serializable ObjectOutputStream p = new ObjectOutputStream(ostream); p.writeObject(object); p.flush(); + p.close(); content = ostream.toByteArray(); @@ -116,35 +170,39 @@ public final class SignedObject implements Serializable } /** - Returns the encapsulated object. The object is - de-serialized before being returned. - - @return the encapsulated object - - @throws IOException de-serialization error occurred - @throws ClassNotFoundException de-serialization error occurred + * Retrieves the encapsulated object. The encapsulated object is de-serialized + * before it is returned. + * + * @return the encapsulated object. + * @throws IOException if an error occurs during de-serialization. + * @throws ClassNotFoundException if an error occurs during de-serialization. */ public Object getObject() throws IOException, ClassNotFoundException { - ByteArrayInputStream istream = new ByteArrayInputStream(content); + ByteArrayInputStream bais = new ByteArrayInputStream(content); + ObjectInput oi = new ObjectInputStream(bais); + Object obj = oi.readObject(); + oi.close(); + bais.close(); - return new ObjectInputStream(istream).readObject(); + return obj; } /** - Returns the signature of the encapsulated object. - - @return a byte array containing the signature + * Retrieves the signature on the signed object, in the form of a byte array. + * + * @return a copy of the signature. */ public byte[] getSignature() { - return signature; + return (byte[]) signature.clone(); + } /** - Returns the name of the signature algorithm. - - @return the name of the signature algorithm. + * Retrieves the name of the signature algorithm. + * + * @return the signature algorithm name. */ public String getAlgorithm() { @@ -152,28 +210,31 @@ public final class SignedObject implements Serializable } /** - Verifies the SignedObject by checking that the signature that - this class contains for the encapsulated object. - - @param verificationKey the public key to use - @param verificationEngine the signature engine to use - - @return true if signature is correct, false otherwise - - @throws InvalidKeyException invalid key - @throws SignatureException signature verification failed + * Verifies that the signature in this SignedObject is the valid + * signature for the object stored inside, with the given verification key, + * using the designated verification engine. + * + * @param verificationKey the public key for verification. + * @param verificationEngine the signature verification engine. + * @return true if the signature is valid, false + * otherwise. + * @throws SignatureException if signature verification failed. + * @throws InvalidKeyException if the verification key is invalid. */ - public boolean verify(PublicKey verificationKey, - Signature verificationEngine) throws - InvalidKeyException, SignatureException + public boolean verify(PublicKey verificationKey, Signature verificationEngine) + throws InvalidKeyException, SignatureException { verificationEngine.initVerify(verificationKey); verificationEngine.update(content); return verificationEngine.verify(signature); } - // readObject is called to restore the state of the SignedObject from a - // stream. - //private void readObject(ObjectInputStream s) - // throws IOException, ClassNotFoundException + /** Called to restore the state of the SignedObject from a stream. */ + private void readObject(ObjectInputStream s) + throws IOException, ClassNotFoundException + { + s.defaultReadObject(); + content = (byte[]) content.clone(); + signature = (byte[]) signature.clone(); + } } -- cgit v1.2.3