1. /*

  2.  * @(#)SignedObject.java	1.37 00/02/02

  3.  *

  4.  * Copyright 1997-2000 Sun Microsystems, Inc. All Rights Reserved.

  5.  * 

  6.  * This software is the proprietary information of Sun Microsystems, Inc.  

  7.  * Use is subject to license terms.

  8.  * 

  9.  */

  10.  

  11. package java.security;

  12. 

  13. import java.io.*;

  14. 

  15. /**

  16.  * <p> SignedObject is a class for the purpose of creating authentic

  17.  * runtime objects whose integrity cannot be compromised without being

  18.  * detected.

  19.  *

  20.  * <p> More specifically, a SignedObject contains another Serializable

  21.  * object, the (to-be-)signed object and its signature.

  22.  *

  23.  * <p> The signed object is a "deep copy" (in serialized form) of an

  24.  * original object.  Once the copy is made, further manipulation of

  25.  * the original object has no side effect on the copy.

  26.  *

  27.  * <p> The underlying signing algorithm is designated by the Signature

  28.  * object passed to the constructor and the <code>verify</code> method.

  29.  * A typical usage for signing is the following:

  30.  *

  31.  * <p> <code> <pre>

  32.  * Signature signingEngine = Signature.getInstance(algorithm,

  33.  *                                                 provider);

  34.  * SignedObject so = new SignedObject(myobject, signingKey,

  35.  *                                    signingEngine);

  36.  * </pre> </code>

  37.  *

  38.  * <p> A typical usage for verification is the following (having

  39.  * received SignedObject <code>so</code>):

  40.  *

  41.  * <p> <code> <pre>

  42.  * Signature verificationEngine =

  43.  *     Signature.getInstance(algorithm, provider);

  44.  * if (so.verify(publickey, verificationEngine))

  45.  *     try {

  46.  *         Object myobj = so.getObject();

  47.  *     } catch (java.lang.ClassNotFoundException e) {};

  48.  * </pre> </code>

  49.  *

  50.  * <p> Several points are worth noting.  First, there is no need to

  51.  * initialize the signing or verification engine, as it will be

  52.  * re-initialized inside the constructor and the <code>verify</code>

  53.  * method. Secondly, for verification to succeed, the specified

  54.  * public key must be the public key corresponding to the private key

  55.  * used to generate the SignedObject.

  56.  *

  57.  * <p> More importantly, for flexibility reasons, the

  58.  * constructor and <code>verify</code> method allow for

  59.  * customized signature engines, which can implement signature

  60.  * algorithms that are not installed formally as part of a crypto

  61.  * provider.  However, it is crucial that the programmer writing the

  62.  * verifier code be aware what <code>Signature</code> engine is being

  63.  * used, as its own implementation of the <code>verify</code> method

  64.  * is invoked to verify a signature.  In other words, a malicious

  65.  * <code>Signature</code> may choose to always return true on

  66.  * verification in an attempt to bypass a security check.

  67.  *

  68.  * <p> The signature algorithm can be, among others, the NIST standard

  69.  * DSA, using DSA and SHA-1.  The algorithm is specified using the

  70.  * same convention as that for signatures. The DSA algorithm using the

  71.  * SHA-1 message digest algorithm can be specified, for example, as

  72.  * "SHA/DSA" or "SHA-1/DSA" (they are equivalent).  In the case of

  73.  * RSA, there are multiple choices for the message digest algorithm,

  74.  * so the signing algorithm could be specified as, for example,

  75.  * "MD2/RSA", "MD5/RSA" or "SHA-1/RSA".  The algorithm name must be

  76.  * specified, as there is no default.

  77.  *

  78.  * <p> The name of the Cryptography Package Provider is designated

  79.  * also by the Signature parameter to the constructor and the

  80.  * <code>verify</code> method.  If the provider is not

  81.  * specified, the default provider is used.  Each installation can

  82.  * be configured to use a particular provider as default.

  83.  *

  84.  * <p> Potential applications of SignedObject include: 

  85.  * <ul>

  86.  * <li> It can be used

  87.  * internally to any Java runtime as an unforgeable authorization

  88.  * token -- one that can be passed around without the fear that the

  89.  * token can be maliciously modified without being detected. 

  90.  * <li> It

  91.  * can be used to sign and serialize data/object for storage outside

  92.  * the Java runtime (e.g., storing critical access control data on

  93.  * disk). 

  94.  * <li> Nested SignedObjects can be used to construct a logical

  95.  * sequence of signatures, resembling a chain of authorization and

  96.  * delegation.

  97.  * </ul>

  98.  *

  99.  * @see Signature

  100.  *

  101.  * @version 	1.37, 02/02/00

  102.  * @author Li Gong

  103.  */

  104. 

  105. public final class SignedObject implements Serializable {

  106. 

  107.     /*

  108.      * The original content is "deep copied" in its serialized format

  109.      * and stored in a byte array.  The signature field is also in the

  110.      * form of byte array.

  111.      */

  112. 

  113.     private byte[] content;

  114.     private byte[] signature;

  115.     private String thealgorithm;

  116. 

  117.     /**

  118.      * Constructs a SignedObject from any Serializable object.

  119.      * The given object is signed with the given signing key, using the

  120.      * designated signature engine.

  121.      *

  122.      * @param object the object to be signed. 

  123.      * @param signingKey the private key for signing.

  124.      * @param signingEngine the signature signing engine.

  125.      *

  126.      * @exception IOException if an error occurs during serialization

  127.      * @exception InvalidKeyException if the key is invalid.

  128.      * @exception SignatureException if signing fails.

  129.      */

  130.     public SignedObject(Serializable object, PrivateKey signingKey,

  131. 			Signature signingEngine)

  132. 	throws IOException, InvalidKeyException, SignatureException {

  133. 	    // creating a stream pipe-line, from a to b

  134. 	    ByteArrayOutputStream b = new ByteArrayOutputStream();

  135. 	    ObjectOutput a = new ObjectOutputStream(b);

  136. 	    

  137. 	    // write and flush the object content to byte array

  138. 	    a.writeObject(object);

  139. 	    a.flush();

  140. 	    a.close();

  141. 	    this.content = b.toByteArray();

  142. 	    b.close();

  143. 	    

  144. 	    // now sign the encapsulated object

  145. 	    this.sign(signingKey, signingEngine);

  146.     }

  147. 

  148.     /**

  149.      * Retrieves the encapsulated object.

  150.      * The encapsulated object is de-serialized before it is returned.

  151.      * 

  152.      * @return the encapsulated object.

  153.      *

  154.      * @exception IOException if an error occurs during de-serialization

  155.      * @exception ClassNotFoundException if an error occurs during 

  156.      * de-serialization

  157.      */

  158.     public Object getObject() 

  159. 	throws IOException, ClassNotFoundException

  160.     {

  161. 	// creating a stream pipe-line, from b to a

  162. 	ByteArrayInputStream b = new ByteArrayInputStream(this.content);

  163. 	ObjectInput a = new ObjectInputStream(b);

  164. 	Object obj = a.readObject();

  165. 	b.close();

  166. 	a.close();

  167. 	return obj;

  168.     }

  169. 

  170.     /**

  171.      * Retrieves the signature on the signed object, in the form of a

  172.      * byte array.

  173.      * 

  174.      * @return the signature.

  175.      */

  176.     public byte[] getSignature() {

  177. 	// return only a clone, for integrity reasons

  178. 	byte[] sig = (byte[])this.signature.clone();

  179. 	return sig;

  180.     }

  181. 

  182.     /**

  183.      * Retrieves the name of the signature algorithm.

  184.      *

  185.      * @return the signature algorithm name.

  186.      */

  187.     public String getAlgorithm() {

  188. 	return this.thealgorithm;

  189.     }

  190. 

  191.     /** 

  192.      * Verifies that the signature in this SignedObject is the valid

  193.      * signature for the object stored inside, with the given

  194.      * verification key, using the designated verification engine.

  195.      * 

  196.      * @param verificationKey the public key for verification.

  197.      * @param verificationEngine the signature verification engine.

  198.      *

  199.      * @exception SignatureException if signature verification failed.

  200.      * @exception InvalidKeyException if the verification key is invalid.

  201.      *

  202.      * @return <tt>true</tt> if the signature 

  203.      * is valid, <tt>false</tt> otherwise

  204.      */

  205.     public boolean verify(PublicKey verificationKey,

  206. 			  Signature verificationEngine)

  207. 	 throws InvalidKeyException, SignatureException {

  208. 	     verificationEngine.initVerify(verificationKey);

  209. 	     verificationEngine.update(this.content);

  210. 	     return verificationEngine.verify(this.signature);

  211.     }

  212. 

  213.     /*

  214.      * Signs the encapsulated object with the given signing key, using the

  215.      * designated signature engine.

  216.      * 

  217.      * @param signingKey the private key for signing.

  218.      * @param signingEngine the signature signing engine.

  219.      *

  220.      * @exception InvalidKeyException if the key is invalid.

  221.      * @exception SignatureException if signing fails.

  222.      */

  223.     private void sign(PrivateKey signingKey, Signature signingEngine)

  224. 	throws InvalidKeyException, SignatureException {

  225. 	    // initialize the signing engine

  226. 	    signingEngine.initSign(signingKey);

  227. 	    signingEngine.update(this.content);

  228. 	    this.signature = signingEngine.sign();

  229. 	    this.thealgorithm = signingEngine.getAlgorithm();

  230.     }

  231. 

  232.     /**

  233.      * readObject is called to restore the state of the SignedObject from

  234.      * a stream.

  235.      */

  236.     private void readObject(java.io.ObjectInputStream s)

  237.          throws java.io.IOException, ClassNotFoundException

  238.     {

  239. 	s.defaultReadObject();

  240. 	content = (byte[])content.clone();

  241. 	signature = (byte[])signature.clone();

  242.     }

  243. }