151b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski/* 219b88cdf6c245d9a7d1e4996d494be4e14f546a6Sergio Giro * Copyright (c) 1997, 2013, Oracle and/or its affiliates. All rights reserved. 351b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. 451b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * 551b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * This code is free software; you can redistribute it and/or modify it 651b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * under the terms of the GNU General Public License version 2 only, as 751b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * published by the Free Software Foundation. Oracle designates this 851b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * particular file as subject to the "Classpath" exception as provided 951b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * by Oracle in the LICENSE file that accompanied this code. 1051b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * 1151b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * This code is distributed in the hope that it will be useful, but WITHOUT 1251b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 1351b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 1451b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * version 2 for more details (a copy is included in the LICENSE file that 1551b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * accompanied this code). 1651b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * 1751b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * You should have received a copy of the GNU General Public License version 1851b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * 2 along with this work; if not, write to the Free Software Foundation, 1951b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. 2051b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * 2151b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA 2251b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * or visit www.oracle.com if you need additional information or have any 2351b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * questions. 2451b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski */ 2551b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski 2651b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebskipackage java.security; 2751b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski 2851b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebskiimport java.io.*; 2951b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski 3051b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski/** 3151b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * <p> SignedObject is a class for the purpose of creating authentic 3251b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * runtime objects whose integrity cannot be compromised without being 3351b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * detected. 3451b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * 3551b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * <p> More specifically, a SignedObject contains another Serializable 3651b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * object, the (to-be-)signed object and its signature. 3751b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * 3851b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * <p> The signed object is a "deep copy" (in serialized form) of an 3951b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * original object. Once the copy is made, further manipulation of 4051b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * the original object has no side effect on the copy. 4151b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * 4251b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * <p> The underlying signing algorithm is designated by the Signature 4319b88cdf6c245d9a7d1e4996d494be4e14f546a6Sergio Giro * object passed to the constructor and the {@code verify} method. 4451b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * A typical usage for signing is the following: 4551b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * 4619b88cdf6c245d9a7d1e4996d494be4e14f546a6Sergio Giro * <pre>{@code 4751b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * Signature signingEngine = Signature.getInstance(algorithm, 4851b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * provider); 4951b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * SignedObject so = new SignedObject(myobject, signingKey, 5051b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * signingEngine); 5119b88cdf6c245d9a7d1e4996d494be4e14f546a6Sergio Giro * }</pre> 5251b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * 5351b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * <p> A typical usage for verification is the following (having 5419b88cdf6c245d9a7d1e4996d494be4e14f546a6Sergio Giro * received SignedObject {@code so}): 5551b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * 5619b88cdf6c245d9a7d1e4996d494be4e14f546a6Sergio Giro * <pre>{@code 5751b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * Signature verificationEngine = 5851b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * Signature.getInstance(algorithm, provider); 5951b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * if (so.verify(publickey, verificationEngine)) 6051b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * try { 6151b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * Object myobj = so.getObject(); 6251b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * } catch (java.lang.ClassNotFoundException e) {}; 6319b88cdf6c245d9a7d1e4996d494be4e14f546a6Sergio Giro * }</pre> 6451b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * 6551b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * <p> Several points are worth noting. First, there is no need to 6651b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * initialize the signing or verification engine, as it will be 6719b88cdf6c245d9a7d1e4996d494be4e14f546a6Sergio Giro * re-initialized inside the constructor and the {@code verify} 6851b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * method. Secondly, for verification to succeed, the specified 6951b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * public key must be the public key corresponding to the private key 7051b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * used to generate the SignedObject. 7151b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * 7251b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * <p> More importantly, for flexibility reasons, the 7319b88cdf6c245d9a7d1e4996d494be4e14f546a6Sergio Giro * constructor and {@code verify} method allow for 7451b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * customized signature engines, which can implement signature 7551b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * algorithms that are not installed formally as part of a crypto 7651b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * provider. However, it is crucial that the programmer writing the 7719b88cdf6c245d9a7d1e4996d494be4e14f546a6Sergio Giro * verifier code be aware what {@code Signature} engine is being 7819b88cdf6c245d9a7d1e4996d494be4e14f546a6Sergio Giro * used, as its own implementation of the {@code verify} method 7951b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * is invoked to verify a signature. In other words, a malicious 8019b88cdf6c245d9a7d1e4996d494be4e14f546a6Sergio Giro * {@code Signature} may choose to always return true on 8151b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * verification in an attempt to bypass a security check. 8251b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * 8351b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * <p> The signature algorithm can be, among others, the NIST standard 8451b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * DSA, using DSA and SHA-1. The algorithm is specified using the 8551b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * same convention as that for signatures. The DSA algorithm using the 8651b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * SHA-1 message digest algorithm can be specified, for example, as 8751b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * "SHA/DSA" or "SHA-1/DSA" (they are equivalent). In the case of 8851b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * RSA, there are multiple choices for the message digest algorithm, 8951b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * so the signing algorithm could be specified as, for example, 9051b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * "MD2/RSA", "MD5/RSA" or "SHA-1/RSA". The algorithm name must be 9151b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * specified, as there is no default. 9251b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * 9351b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * <p> The name of the Cryptography Package Provider is designated 9451b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * also by the Signature parameter to the constructor and the 9519b88cdf6c245d9a7d1e4996d494be4e14f546a6Sergio Giro * {@code verify} method. If the provider is not 9651b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * specified, the default provider is used. Each installation can 9751b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * be configured to use a particular provider as default. 9851b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * 9951b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * <p> Potential applications of SignedObject include: 10051b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * <ul> 10151b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * <li> It can be used 10251b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * internally to any Java runtime as an unforgeable authorization 10351b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * token -- one that can be passed around without the fear that the 10451b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * token can be maliciously modified without being detected. 10551b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * <li> It 10651b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * can be used to sign and serialize data/object for storage outside 10751b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * the Java runtime (e.g., storing critical access control data on 10851b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * disk). 10951b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * <li> Nested SignedObjects can be used to construct a logical 11051b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * sequence of signatures, resembling a chain of authorization and 11151b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * delegation. 11251b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * </ul> 11351b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * 11451b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * @see Signature 11551b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * 11651b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * @author Li Gong 11751b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski */ 11851b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski 11951b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebskipublic final class SignedObject implements Serializable { 12051b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski 12151b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski private static final long serialVersionUID = 720502720485447167L; 12251b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski 12351b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski /* 12451b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * The original content is "deep copied" in its serialized format 12551b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * and stored in a byte array. The signature field is also in the 12651b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * form of byte array. 12751b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski */ 12851b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski 12951b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski private byte[] content; 13051b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski private byte[] signature; 13151b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski private String thealgorithm; 13251b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski 13351b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski /** 13451b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * Constructs a SignedObject from any Serializable object. 13551b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * The given object is signed with the given signing key, using the 13651b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * designated signature engine. 13751b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * 13851b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * @param object the object to be signed. 13951b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * @param signingKey the private key for signing. 14051b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * @param signingEngine the signature signing engine. 14151b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * 14251b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * @exception IOException if an error occurs during serialization 14351b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * @exception InvalidKeyException if the key is invalid. 14451b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * @exception SignatureException if signing fails. 14551b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski */ 14651b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski public SignedObject(Serializable object, PrivateKey signingKey, 14751b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski Signature signingEngine) 14851b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski throws IOException, InvalidKeyException, SignatureException { 14951b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski // creating a stream pipe-line, from a to b 15051b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski ByteArrayOutputStream b = new ByteArrayOutputStream(); 15151b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski ObjectOutput a = new ObjectOutputStream(b); 15251b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski 15351b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski // write and flush the object content to byte array 15451b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski a.writeObject(object); 15551b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski a.flush(); 15651b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski a.close(); 15751b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski this.content = b.toByteArray(); 15851b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski b.close(); 15951b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski 16051b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski // now sign the encapsulated object 16151b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski this.sign(signingKey, signingEngine); 16251b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski } 16351b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski 16451b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski /** 16551b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * Retrieves the encapsulated object. 16651b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * The encapsulated object is de-serialized before it is returned. 16751b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * 16851b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * @return the encapsulated object. 16951b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * 17051b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * @exception IOException if an error occurs during de-serialization 17151b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * @exception ClassNotFoundException if an error occurs during 17251b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * de-serialization 17351b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski */ 17451b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski public Object getObject() 17551b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski throws IOException, ClassNotFoundException 17651b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski { 17751b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski // creating a stream pipe-line, from b to a 17851b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski ByteArrayInputStream b = new ByteArrayInputStream(this.content); 17951b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski ObjectInput a = new ObjectInputStream(b); 18051b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski Object obj = a.readObject(); 18151b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski b.close(); 18251b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski a.close(); 18351b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski return obj; 18451b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski } 18551b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski 18651b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski /** 18751b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * Retrieves the signature on the signed object, in the form of a 18851b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * byte array. 18951b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * 19051b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * @return the signature. Returns a new array each time this 19151b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * method is called. 19251b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski */ 19351b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski public byte[] getSignature() { 19451b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski return this.signature.clone(); 19551b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski } 19651b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski 19751b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski /** 19851b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * Retrieves the name of the signature algorithm. 19951b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * 20051b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * @return the signature algorithm name. 20151b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski */ 20251b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski public String getAlgorithm() { 20351b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski return this.thealgorithm; 20451b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski } 20551b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski 20651b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski /** 20751b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * Verifies that the signature in this SignedObject is the valid 20851b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * signature for the object stored inside, with the given 20951b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * verification key, using the designated verification engine. 21051b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * 21151b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * @param verificationKey the public key for verification. 21251b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * @param verificationEngine the signature verification engine. 21351b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * 21451b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * @exception SignatureException if signature verification failed. 21551b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * @exception InvalidKeyException if the verification key is invalid. 21651b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * 21719b88cdf6c245d9a7d1e4996d494be4e14f546a6Sergio Giro * @return {@code true} if the signature 21819b88cdf6c245d9a7d1e4996d494be4e14f546a6Sergio Giro * is valid, {@code false} otherwise 21951b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski */ 22051b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski public boolean verify(PublicKey verificationKey, 22151b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski Signature verificationEngine) 22251b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski throws InvalidKeyException, SignatureException { 22351b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski verificationEngine.initVerify(verificationKey); 22451b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski verificationEngine.update(this.content.clone()); 22551b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski return verificationEngine.verify(this.signature.clone()); 22651b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski } 22751b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski 22851b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski /* 22951b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * Signs the encapsulated object with the given signing key, using the 23051b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * designated signature engine. 23151b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * 23251b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * @param signingKey the private key for signing. 23351b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * @param signingEngine the signature signing engine. 23451b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * 23551b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * @exception InvalidKeyException if the key is invalid. 23651b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * @exception SignatureException if signing fails. 23751b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski */ 23851b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski private void sign(PrivateKey signingKey, Signature signingEngine) 23951b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski throws InvalidKeyException, SignatureException { 24051b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski // initialize the signing engine 24151b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski signingEngine.initSign(signingKey); 24251b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski signingEngine.update(this.content.clone()); 24351b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski this.signature = signingEngine.sign().clone(); 24451b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski this.thealgorithm = signingEngine.getAlgorithm(); 24551b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski } 24651b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski 24751b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski /** 24851b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * readObject is called to restore the state of the SignedObject from 24951b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * a stream. 25051b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski */ 25151b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski private void readObject(java.io.ObjectInputStream s) 25251b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski throws java.io.IOException, ClassNotFoundException { 25351b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski java.io.ObjectInputStream.GetField fields = s.readFields(); 25451b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski content = ((byte[])fields.get("content", null)).clone(); 25551b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski signature = ((byte[])fields.get("signature", null)).clone(); 25651b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski thealgorithm = (String)fields.get("thealgorithm", null); 25751b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski } 25851b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski} 259