1 /* 2 * Copyright (c) 1997, 2011, Oracle and/or its affiliates. All rights reserved. 3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. 4 * 5 * This code is free software; you can redistribute it and/or modify it 6 * under the terms of the GNU General Public License version 2 only, as 7 * published by the Free Software Foundation. Oracle designates this 8 * particular file as subject to the "Classpath" exception as provided 9 * by Oracle in the LICENSE file that accompanied this code. 10 * 11 * This code is distributed in the hope that it will be useful, but WITHOUT 12 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 13 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 14 * version 2 for more details (a copy is included in the LICENSE file that 15 * accompanied this code). 16 * 17 * You should have received a copy of the GNU General Public License version 18 * 2 along with this work; if not, write to the Free Software Foundation, 19 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. 20 * 21 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA 22 * or visit www.oracle.com if you need additional information or have any 23 * questions. 24 */ 25 26 package java.security; 27 28 import java.io.*; 29 30 /** 31 * <p> SignedObject is a class for the purpose of creating authentic 32 * runtime objects whose integrity cannot be compromised without being 33 * detected. 34 * 35 * <p> More specifically, a SignedObject contains another Serializable 36 * object, the (to-be-)signed object and its signature. 37 * 38 * <p> The signed object is a "deep copy" (in serialized form) of an 39 * original object. Once the copy is made, further manipulation of 40 * the original object has no side effect on the copy. 41 * 42 * <p> The underlying signing algorithm is designated by the Signature 43 * object passed to the constructor and the <code>verify</code> method. 44 * A typical usage for signing is the following: 45 * 46 * <p> <code> <pre> 47 * Signature signingEngine = Signature.getInstance(algorithm, 48 * provider); 49 * SignedObject so = new SignedObject(myobject, signingKey, 50 * signingEngine); 51 * </pre> </code> 52 * 53 * <p> A typical usage for verification is the following (having 54 * received SignedObject <code>so</code>): 55 * 56 * <p> <code> <pre> 57 * Signature verificationEngine = 58 * Signature.getInstance(algorithm, provider); 59 * if (so.verify(publickey, verificationEngine)) 60 * try { 61 * Object myobj = so.getObject(); 62 * } catch (java.lang.ClassNotFoundException e) {}; 63 * </pre> </code> 64 * 65 * <p> Several points are worth noting. First, there is no need to 66 * initialize the signing or verification engine, as it will be 67 * re-initialized inside the constructor and the <code>verify</code> 68 * method. Secondly, for verification to succeed, the specified 69 * public key must be the public key corresponding to the private key 70 * used to generate the SignedObject. 71 * 72 * <p> More importantly, for flexibility reasons, the 73 * constructor and <code>verify</code> method allow for 74 * customized signature engines, which can implement signature 75 * algorithms that are not installed formally as part of a crypto 76 * provider. However, it is crucial that the programmer writing the 77 * verifier code be aware what <code>Signature</code> engine is being 78 * used, as its own implementation of the <code>verify</code> method 79 * is invoked to verify a signature. In other words, a malicious 80 * <code>Signature</code> may choose to always return true on 81 * verification in an attempt to bypass a security check. 82 * 83 * <p> The signature algorithm can be, among others, the NIST standard 84 * DSA, using DSA and SHA-1. The algorithm is specified using the 85 * same convention as that for signatures. The DSA algorithm using the 86 * SHA-1 message digest algorithm can be specified, for example, as 87 * "SHA/DSA" or "SHA-1/DSA" (they are equivalent). In the case of 88 * RSA, there are multiple choices for the message digest algorithm, 89 * so the signing algorithm could be specified as, for example, 90 * "MD2/RSA", "MD5/RSA" or "SHA-1/RSA". The algorithm name must be 91 * specified, as there is no default. 92 * 93 * <p> The name of the Cryptography Package Provider is designated 94 * also by the Signature parameter to the constructor and the 95 * <code>verify</code> method. If the provider is not 96 * specified, the default provider is used. Each installation can 97 * be configured to use a particular provider as default. 98 * 99 * <p> Potential applications of SignedObject include: 100 * <ul> 101 * <li> It can be used 102 * internally to any Java runtime as an unforgeable authorization 103 * token -- one that can be passed around without the fear that the 104 * token can be maliciously modified without being detected. 105 * <li> It 106 * can be used to sign and serialize data/object for storage outside 107 * the Java runtime (e.g., storing critical access control data on 108 * disk). 109 * <li> Nested SignedObjects can be used to construct a logical 110 * sequence of signatures, resembling a chain of authorization and 111 * delegation. 112 * </ul> 113 * 114 * @see Signature 115 * 197 /** 198 * Retrieves the name of the signature algorithm. 199 * 200 * @return the signature algorithm name. 201 */ 202 public String getAlgorithm() { 203 return this.thealgorithm; 204 } 205 206 /** 207 * Verifies that the signature in this SignedObject is the valid 208 * signature for the object stored inside, with the given 209 * verification key, using the designated verification engine. 210 * 211 * @param verificationKey the public key for verification. 212 * @param verificationEngine the signature verification engine. 213 * 214 * @exception SignatureException if signature verification failed. 215 * @exception InvalidKeyException if the verification key is invalid. 216 * 217 * @return <tt>true</tt> if the signature 218 * is valid, <tt>false</tt> otherwise 219 */ 220 public boolean verify(PublicKey verificationKey, 221 Signature verificationEngine) 222 throws InvalidKeyException, SignatureException { 223 verificationEngine.initVerify(verificationKey); 224 verificationEngine.update(this.content.clone()); 225 return verificationEngine.verify(this.signature.clone()); 226 } 227 228 /* 229 * Signs the encapsulated object with the given signing key, using the 230 * designated signature engine. 231 * 232 * @param signingKey the private key for signing. 233 * @param signingEngine the signature signing engine. 234 * 235 * @exception InvalidKeyException if the key is invalid. 236 * @exception SignatureException if signing fails. 237 */ 238 private void sign(PrivateKey signingKey, Signature signingEngine) | 1 /* 2 * Copyright (c) 1997, 2013, Oracle and/or its affiliates. All rights reserved. 3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. 4 * 5 * This code is free software; you can redistribute it and/or modify it 6 * under the terms of the GNU General Public License version 2 only, as 7 * published by the Free Software Foundation. Oracle designates this 8 * particular file as subject to the "Classpath" exception as provided 9 * by Oracle in the LICENSE file that accompanied this code. 10 * 11 * This code is distributed in the hope that it will be useful, but WITHOUT 12 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 13 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 14 * version 2 for more details (a copy is included in the LICENSE file that 15 * accompanied this code). 16 * 17 * You should have received a copy of the GNU General Public License version 18 * 2 along with this work; if not, write to the Free Software Foundation, 19 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. 20 * 21 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA 22 * or visit www.oracle.com if you need additional information or have any 23 * questions. 24 */ 25 26 package java.security; 27 28 import java.io.*; 29 30 /** 31 * <p> SignedObject is a class for the purpose of creating authentic 32 * runtime objects whose integrity cannot be compromised without being 33 * detected. 34 * 35 * <p> More specifically, a SignedObject contains another Serializable 36 * object, the (to-be-)signed object and its signature. 37 * 38 * <p> The signed object is a "deep copy" (in serialized form) of an 39 * original object. Once the copy is made, further manipulation of 40 * the original object has no side effect on the copy. 41 * 42 * <p> The underlying signing algorithm is designated by the Signature 43 * object passed to the constructor and the {@code verify} method. 44 * A typical usage for signing is the following: 45 * 46 * <p> <pre>{@code 47 * Signature signingEngine = Signature.getInstance(algorithm, 48 * provider); 49 * SignedObject so = new SignedObject(myobject, signingKey, 50 * signingEngine); 51 * }</pre> 52 * 53 * <p> A typical usage for verification is the following (having 54 * received SignedObject {@code so}): 55 * 56 * <p> <pre>{@code 57 * Signature verificationEngine = 58 * Signature.getInstance(algorithm, provider); 59 * if (so.verify(publickey, verificationEngine)) 60 * try { 61 * Object myobj = so.getObject(); 62 * } catch (java.lang.ClassNotFoundException e) {}; 63 * }</pre> 64 * 65 * <p> Several points are worth noting. First, there is no need to 66 * initialize the signing or verification engine, as it will be 67 * re-initialized inside the constructor and the {@code verify} 68 * method. Secondly, for verification to succeed, the specified 69 * public key must be the public key corresponding to the private key 70 * used to generate the SignedObject. 71 * 72 * <p> More importantly, for flexibility reasons, the 73 * constructor and {@code verify} method allow for 74 * customized signature engines, which can implement signature 75 * algorithms that are not installed formally as part of a crypto 76 * provider. However, it is crucial that the programmer writing the 77 * verifier code be aware what {@code Signature} engine is being 78 * used, as its own implementation of the {@code verify} method 79 * is invoked to verify a signature. In other words, a malicious 80 * {@code Signature} may choose to always return true on 81 * verification in an attempt to bypass a security check. 82 * 83 * <p> The signature algorithm can be, among others, the NIST standard 84 * DSA, using DSA and SHA-1. The algorithm is specified using the 85 * same convention as that for signatures. The DSA algorithm using the 86 * SHA-1 message digest algorithm can be specified, for example, as 87 * "SHA/DSA" or "SHA-1/DSA" (they are equivalent). In the case of 88 * RSA, there are multiple choices for the message digest algorithm, 89 * so the signing algorithm could be specified as, for example, 90 * "MD2/RSA", "MD5/RSA" or "SHA-1/RSA". The algorithm name must be 91 * specified, as there is no default. 92 * 93 * <p> The name of the Cryptography Package Provider is designated 94 * also by the Signature parameter to the constructor and the 95 * {@code verify} method. If the provider is not 96 * specified, the default provider is used. Each installation can 97 * be configured to use a particular provider as default. 98 * 99 * <p> Potential applications of SignedObject include: 100 * <ul> 101 * <li> It can be used 102 * internally to any Java runtime as an unforgeable authorization 103 * token -- one that can be passed around without the fear that the 104 * token can be maliciously modified without being detected. 105 * <li> It 106 * can be used to sign and serialize data/object for storage outside 107 * the Java runtime (e.g., storing critical access control data on 108 * disk). 109 * <li> Nested SignedObjects can be used to construct a logical 110 * sequence of signatures, resembling a chain of authorization and 111 * delegation. 112 * </ul> 113 * 114 * @see Signature 115 * 197 /** 198 * Retrieves the name of the signature algorithm. 199 * 200 * @return the signature algorithm name. 201 */ 202 public String getAlgorithm() { 203 return this.thealgorithm; 204 } 205 206 /** 207 * Verifies that the signature in this SignedObject is the valid 208 * signature for the object stored inside, with the given 209 * verification key, using the designated verification engine. 210 * 211 * @param verificationKey the public key for verification. 212 * @param verificationEngine the signature verification engine. 213 * 214 * @exception SignatureException if signature verification failed. 215 * @exception InvalidKeyException if the verification key is invalid. 216 * 217 * @return {@code true} if the signature 218 * is valid, {@code false} otherwise 219 */ 220 public boolean verify(PublicKey verificationKey, 221 Signature verificationEngine) 222 throws InvalidKeyException, SignatureException { 223 verificationEngine.initVerify(verificationKey); 224 verificationEngine.update(this.content.clone()); 225 return verificationEngine.verify(this.signature.clone()); 226 } 227 228 /* 229 * Signs the encapsulated object with the given signing key, using the 230 * designated signature engine. 231 * 232 * @param signingKey the private key for signing. 233 * @param signingEngine the signature signing engine. 234 * 235 * @exception InvalidKeyException if the key is invalid. 236 * @exception SignatureException if signing fails. 237 */ 238 private void sign(PrivateKey signingKey, Signature signingEngine) |