Index (Frames) | Index (No Frames) | Package | Package Tree | Tree
java.security

Class SignedObject

java.lang.Object
|
+--java.security.SignedObject

All Implemented Interfaces:

Serializable


public final class SignedObject

extends Object

implements Serializable

SignedObject is used for storing rutime objects whose integrity cannot be compromised without being detected. SignedObject contains a Serializable object which is yet to be signed and its signature. The signed copy is a "deep copy" (in serialized form) of the original object. Any changes to the original will not affect the original. Several things to note are that, first there is no need to initialize the signature engine as this class will handle that automatically. Second, verification will only succeed if the public key corresponds to the private key used to generate the SignedObject. For fexibility, the signature engine can be specified in the constructor or the verify method. The programmer who writes code that verifies the SignedObject has not changed should be aware of the Signature engine they use. A malicious Signature may choose to always return true on verification and bypass the secrity check. The GNU provider provides the NIST standard DSA which uses DSA and SHA-1. It can be specified by SHA/DSA, SHA-1/DSA or its OID. If the RSA signature algorithm is provided then it could be MD2/RSA. MD5/RSA, or SHA-1/RSA. The algorithm must be specified because there is no default.

Since:Author:

Constructor Summary

SignedObject(java.io.Serializable object, java.security.PrivateKey signingKey, java.security.Signature signingEngine)

Constructs a new SignedObject from a Serializeable object.

Method Summary

java.lang.StringgetAlgorithm()

Returns the name of the signature algorithm.
java.lang.ObjectgetObject()

Returns the encapsulated object.
byte[]getSignature()

Returns the signature of the encapsulated object.
booleanverify(java.security.PublicKey verificationKey, java.security.Signature verificationEngine)

Verifies the SignedObject by checking that the signature that this class contains for the encapsulated object.

Constructor Details

SignedObject

public SignedObject(java.io.Serializable object, java.security.PrivateKey signingKey, java.security.Signature signingEngine)

Constructs a new SignedObject from a Serializeable object. The object is signed with private key and signature engine

Parameters:

Throws:


Method Details

getAlgorithm

public String getAlgorithm()

Returns the name of the signature algorithm.

Returns:


getObject

public Object getObject()

Returns the encapsulated object. The object is de-serialized before being returned.

Returns:

Throws:


getSignature

public byte[] getSignature()

Returns the signature of the encapsulated object.

Returns:


verify

public boolean verify(java.security.PublicKey verificationKey, java.security.Signature verificationEngine)

Verifies the SignedObject by checking that the signature that this class contains for the encapsulated object.

Parameters:

Returns:

Throws: