sdk/sources/android-25/java/security/SignedObject.java - android_tools - Git at Google

 /*
  * Copyright (c) 1997, 2011, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License version 2 only, as
  * published by the Free Software Foundation.  Oracle designates this
  * particular file as subject to the "Classpath" exception as provided
  * by Oracle in the LICENSE file that accompanied this code.
  *
  * This code is distributed in the hope that it will be useful, but WITHOUT
  * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
  * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
  * version 2 for more details (a copy is included in the LICENSE file that
  * accompanied this code).
  *
  * You should have received a copy of the GNU General Public License version
  * 2 along with this work; if not, write to the Free Software Foundation,
  * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
  *
  * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
  * or visit www.oracle.com if you need additional information or have any
  * questions.
  */

 package java.security;

 import java.io.*;

 /**
  * <p> SignedObject is a class for the purpose of creating authentic
  * runtime objects whose integrity cannot be compromised without being
  * detected.
  *
  * <p> More specifically, a SignedObject contains another Serializable
  * object, the (to-be-)signed object and its signature.
  *
  * <p> The signed object is a "deep copy" (in serialized form) of an
  * original object.  Once the copy is made, further manipulation of
  * the original object has no side effect on the copy.
  *
  * <p> The underlying signing algorithm is designated by the Signature
  * object passed to the constructor and the <code>verify</code> method.
  * A typical usage for signing is the following:
  *
  * <p> <code> <pre>
  * Signature signingEngine = Signature.getInstance(algorithm,
  *                                                 provider);
  * SignedObject so = new SignedObject(myobject, signingKey,
  *                                    signingEngine);
  * </pre> </code>
  *
  * <p> A typical usage for verification is the following (having
  * received SignedObject <code>so</code>):
  *
  * <p> <code> <pre>
  * Signature verificationEngine =
  *     Signature.getInstance(algorithm, provider);
  * if (so.verify(publickey, verificationEngine))
  *     try {
  *         Object myobj = so.getObject();
  *     } catch (java.lang.ClassNotFoundException e) {};
  * </pre> </code>
  *
  * <p> Several points are worth noting.  First, there is no need to
  * initialize the signing or verification engine, as it will be
  * re-initialized inside the constructor and the <code>verify</code>
  * method. Secondly, for verification to succeed, the specified
  * public key must be the public key corresponding to the private key
  * used to generate the SignedObject.
  *
  * <p> More importantly, for flexibility reasons, the
  * constructor and <code>verify</code> method allow for
  * customized signature engines, which can implement signature
  * algorithms that are not installed formally as part of a crypto
  * provider.  However, it is crucial that the programmer writing the
  * verifier code be aware what <code>Signature</code> engine is being
  * used, as its own implementation of the <code>verify</code> method
  * is invoked to verify a signature.  In other words, a malicious
  * <code>Signature</code> may choose to always return true on
  * verification in an attempt to bypass a security check.
  *
  * <p> The signature algorithm can be, among others, the NIST standard
  * DSA, using DSA and SHA-1.  The algorithm is specified using the
  * same convention as that for signatures. The DSA algorithm using the
  * SHA-1 message digest algorithm can be specified, for example, as
  * "SHA/DSA" or "SHA-1/DSA" (they are equivalent).  In the case of
  * RSA, there are multiple choices for the message digest algorithm,
  * so the signing algorithm could be specified as, for example,
  * "MD2/RSA", "MD5/RSA" or "SHA-1/RSA".  The algorithm name must be
  * specified, as there is no default.
  *
  * <p> The name of the Cryptography Package Provider is designated
  * also by the Signature parameter to the constructor and the
  * <code>verify</code> method.  If the provider is not
  * specified, the default provider is used.  Each installation can
  * be configured to use a particular provider as default.
  *
  * <p> Potential applications of SignedObject include:
  * <ul>
  * <li> It can be used
  * internally to any Java runtime as an unforgeable authorization
  * token -- one that can be passed around without the fear that the
  * token can be maliciously modified without being detected.
  * <li> It
  * can be used to sign and serialize data/object for storage outside
  * the Java runtime (e.g., storing critical access control data on
  * disk).
  * <li> Nested SignedObjects can be used to construct a logical
  * sequence of signatures, resembling a chain of authorization and
  * delegation.
  * </ul>
  *
  * @see Signature
  *
  * @author Li Gong
  */

 public final class SignedObject implements Serializable {

     private static final long serialVersionUID = 720502720485447167L;

     /*
      * The original content is "deep copied" in its serialized format
      * and stored in a byte array.  The signature field is also in the
      * form of byte array.
      */

     private byte[] content;
     private byte[] signature;
     private String thealgorithm;

     /**
      * Constructs a SignedObject from any Serializable object.
      * The given object is signed with the given signing key, using the
      * designated signature engine.
      *
      * @param object the object to be signed.
      * @param signingKey the private key for signing.
      * @param signingEngine the signature signing engine.
      *
      * @exception IOException if an error occurs during serialization
      * @exception InvalidKeyException if the key is invalid.
      * @exception SignatureException if signing fails.
      */
     public SignedObject(Serializable object, PrivateKey signingKey,
                         Signature signingEngine)
         throws IOException, InvalidKeyException, SignatureException {
             // creating a stream pipe-line, from a to b
             ByteArrayOutputStream b = new ByteArrayOutputStream();
             ObjectOutput a = new ObjectOutputStream(b);

             // write and flush the object content to byte array
             a.writeObject(object);
             a.flush();
             a.close();
             this.content = b.toByteArray();
             b.close();

             // now sign the encapsulated object
             this.sign(signingKey, signingEngine);
     }

     /**
      * Retrieves the encapsulated object.
      * The encapsulated object is de-serialized before it is returned.
      *
      * @return the encapsulated object.
      *
      * @exception IOException if an error occurs during de-serialization
      * @exception ClassNotFoundException if an error occurs during
      * de-serialization
      */
     public Object getObject()
         throws IOException, ClassNotFoundException
     {
         // creating a stream pipe-line, from b to a
         ByteArrayInputStream b = new ByteArrayInputStream(this.content);
         ObjectInput a = new ObjectInputStream(b);
         Object obj = a.readObject();
         b.close();
         a.close();
         return obj;
     }

     /**
      * Retrieves the signature on the signed object, in the form of a
      * byte array.
      *
      * @return the signature. Returns a new array each time this
      * method is called.
      */
     public byte[] getSignature() {
         return this.signature.clone();
     }

     /**
      * Retrieves the name of the signature algorithm.
      *
      * @return the signature algorithm name.
      */
     public String getAlgorithm() {
         return this.thealgorithm;
     }

     /**
      * Verifies that the signature in this SignedObject is the valid
      * signature for the object stored inside, with the given
      * verification key, using the designated verification engine.
      *
      * @param verificationKey the public key for verification.
      * @param verificationEngine the signature verification engine.
      *
      * @exception SignatureException if signature verification failed.
      * @exception InvalidKeyException if the verification key is invalid.
      *
      * @return <tt>true</tt> if the signature
      * is valid, <tt>false</tt> otherwise
      */
     public boolean verify(PublicKey verificationKey,
                           Signature verificationEngine)
          throws InvalidKeyException, SignatureException {
              verificationEngine.initVerify(verificationKey);
              verificationEngine.update(this.content.clone());
              return verificationEngine.verify(this.signature.clone());
     }

     /*
      * Signs the encapsulated object with the given signing key, using the
      * designated signature engine.
      *
      * @param signingKey the private key for signing.
      * @param signingEngine the signature signing engine.
      *
      * @exception InvalidKeyException if the key is invalid.
      * @exception SignatureException if signing fails.
      */
     private void sign(PrivateKey signingKey, Signature signingEngine)
         throws InvalidKeyException, SignatureException {
             // initialize the signing engine
             signingEngine.initSign(signingKey);
             signingEngine.update(this.content.clone());
             this.signature = signingEngine.sign().clone();
             this.thealgorithm = signingEngine.getAlgorithm();
     }

     /**
      * readObject is called to restore the state of the SignedObject from
      * a stream.
      */
     private void readObject(java.io.ObjectInputStream s)
         throws java.io.IOException, ClassNotFoundException {
             java.io.ObjectInputStream.GetField fields = s.readFields();
             content = ((byte[])fields.get("content", null)).clone();
             signature = ((byte[])fields.get("signature", null)).clone();
             thealgorithm = (String)fields.get("thealgorithm", null);
     }
 }
	/*
	* Copyright (c) 1997, 2011, Oracle and/or its affiliates. All rights reserved.
	* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
	*
	* This code is free software; you can redistribute it and/or modify it
	* under the terms of the GNU General Public License version 2 only, as
	* published by the Free Software Foundation. Oracle designates this
	* particular file as subject to the "Classpath" exception as provided
	* by Oracle in the LICENSE file that accompanied this code.
	*
	* This code is distributed in the hope that it will be useful, but WITHOUT
	* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
	* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
	* version 2 for more details (a copy is included in the LICENSE file that
	* accompanied this code).
	*
	* You should have received a copy of the GNU General Public License version
	* 2 along with this work; if not, write to the Free Software Foundation,
	* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
	*
	* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
	* or visit www.oracle.com if you need additional information or have any
	* questions.
	*/

	package java.security;

	import java.io.*;

	/**
	* <p> SignedObject is a class for the purpose of creating authentic
	* runtime objects whose integrity cannot be compromised without being
	* detected.
	*
	* <p> More specifically, a SignedObject contains another Serializable
	* object, the (to-be-)signed object and its signature.
	*
	* <p> The signed object is a "deep copy" (in serialized form) of an
	* original object. Once the copy is made, further manipulation of
	* the original object has no side effect on the copy.
	*
	* <p> The underlying signing algorithm is designated by the Signature
	* object passed to the constructor and the <code>verify</code> method.
	* A typical usage for signing is the following:
	*
	* <p> <code> <pre>
	* Signature signingEngine = Signature.getInstance(algorithm,
	* provider);
	* SignedObject so = new SignedObject(myobject, signingKey,
	* signingEngine);
	* </pre> </code>
	*
	* <p> A typical usage for verification is the following (having
	* received SignedObject <code>so</code>):
	*
	* <p> <code> <pre>
	* Signature verificationEngine =
	* Signature.getInstance(algorithm, provider);
	* if (so.verify(publickey, verificationEngine))
	* try {
	* Object myobj = so.getObject();
	* } catch (java.lang.ClassNotFoundException e) {};
	* </pre> </code>
	*
	* <p> Several points are worth noting. First, there is no need to
	* initialize the signing or verification engine, as it will be
	* re-initialized inside the constructor and the <code>verify</code>
	* method. Secondly, for verification to succeed, the specified
	* public key must be the public key corresponding to the private key
	* used to generate the SignedObject.
	*
	* <p> More importantly, for flexibility reasons, the
	* constructor and <code>verify</code> method allow for
	* customized signature engines, which can implement signature
	* algorithms that are not installed formally as part of a crypto
	* provider. However, it is crucial that the programmer writing the
	* verifier code be aware what <code>Signature</code> engine is being
	* used, as its own implementation of the <code>verify</code> method
	* is invoked to verify a signature. In other words, a malicious
	* <code>Signature</code> may choose to always return true on
	* verification in an attempt to bypass a security check.
	*
	* <p> The signature algorithm can be, among others, the NIST standard
	* DSA, using DSA and SHA-1. The algorithm is specified using the
	* same convention as that for signatures. The DSA algorithm using the
	* SHA-1 message digest algorithm can be specified, for example, as
	* "SHA/DSA" or "SHA-1/DSA" (they are equivalent). In the case of
	* RSA, there are multiple choices for the message digest algorithm,
	* so the signing algorithm could be specified as, for example,
	* "MD2/RSA", "MD5/RSA" or "SHA-1/RSA". The algorithm name must be
	* specified, as there is no default.
	*
	* <p> The name of the Cryptography Package Provider is designated
	* also by the Signature parameter to the constructor and the
	* <code>verify</code> method. If the provider is not
	* specified, the default provider is used. Each installation can
	* be configured to use a particular provider as default.
	*
	* <p> Potential applications of SignedObject include:
	* <ul>
	* <li> It can be used
	* internally to any Java runtime as an unforgeable authorization
	* token -- one that can be passed around without the fear that the
	* token can be maliciously modified without being detected.
	* <li> It
	* can be used to sign and serialize data/object for storage outside
	* the Java runtime (e.g., storing critical access control data on
	* disk).
	* <li> Nested SignedObjects can be used to construct a logical
	* sequence of signatures, resembling a chain of authorization and
	* delegation.
	* </ul>
	*
	* @see Signature
	*
	* @author Li Gong
	*/

	public final class SignedObject implements Serializable {

	private static final long serialVersionUID = 720502720485447167L;

	/*
	* The original content is "deep copied" in its serialized format
	* and stored in a byte array. The signature field is also in the
	* form of byte array.
	*/

	private byte[] content;
	private byte[] signature;
	private String thealgorithm;

	/**
	* Constructs a SignedObject from any Serializable object.
	* The given object is signed with the given signing key, using the
	* designated signature engine.
	*
	* @param object the object to be signed.
	* @param signingKey the private key for signing.
	* @param signingEngine the signature signing engine.
	*
	* @exception IOException if an error occurs during serialization
	* @exception InvalidKeyException if the key is invalid.
	* @exception SignatureException if signing fails.
	*/
	public SignedObject(Serializable object, PrivateKey signingKey,
	Signature signingEngine)
	throws IOException, InvalidKeyException, SignatureException {
	// creating a stream pipe-line, from a to b
	ByteArrayOutputStream b = new ByteArrayOutputStream();
	ObjectOutput a = new ObjectOutputStream(b);

	// write and flush the object content to byte array
	a.writeObject(object);
	a.flush();
	a.close();
	this.content = b.toByteArray();
	b.close();

	// now sign the encapsulated object
	this.sign(signingKey, signingEngine);
	}

	/**
	* Retrieves the encapsulated object.
	* The encapsulated object is de-serialized before it is returned.
	*
	* @return the encapsulated object.
	*
	* @exception IOException if an error occurs during de-serialization
	* @exception ClassNotFoundException if an error occurs during
	* de-serialization
	*/
	public Object getObject()
	throws IOException, ClassNotFoundException
	{
	// creating a stream pipe-line, from b to a
	ByteArrayInputStream b = new ByteArrayInputStream(this.content);
	ObjectInput a = new ObjectInputStream(b);
	Object obj = a.readObject();
	b.close();
	a.close();
	return obj;
	}

	/**
	* Retrieves the signature on the signed object, in the form of a
	* byte array.
	*
	* @return the signature. Returns a new array each time this
	* method is called.
	*/
	public byte[] getSignature() {
	return this.signature.clone();
	}

	/**
	* Retrieves the name of the signature algorithm.
	*
	* @return the signature algorithm name.
	*/
	public String getAlgorithm() {
	return this.thealgorithm;
	}

	/**
	* Verifies that the signature in this SignedObject is the valid
	* signature for the object stored inside, with the given
	* verification key, using the designated verification engine.
	*
	* @param verificationKey the public key for verification.
	* @param verificationEngine the signature verification engine.
	*
	* @exception SignatureException if signature verification failed.
	* @exception InvalidKeyException if the verification key is invalid.
	*
	* @return <tt>true</tt> if the signature
	* is valid, <tt>false</tt> otherwise
	*/
	public boolean verify(PublicKey verificationKey,
	Signature verificationEngine)
	throws InvalidKeyException, SignatureException {
	verificationEngine.initVerify(verificationKey);
	verificationEngine.update(this.content.clone());
	return verificationEngine.verify(this.signature.clone());
	}

	/*
	* Signs the encapsulated object with the given signing key, using the
	* designated signature engine.
	*
	* @param signingKey the private key for signing.
	* @param signingEngine the signature signing engine.
	*
	* @exception InvalidKeyException if the key is invalid.
	* @exception SignatureException if signing fails.
	*/
	private void sign(PrivateKey signingKey, Signature signingEngine)
	throws InvalidKeyException, SignatureException {
	// initialize the signing engine
	signingEngine.initSign(signingKey);
	signingEngine.update(this.content.clone());
	this.signature = signingEngine.sign().clone();
	this.thealgorithm = signingEngine.getAlgorithm();
	}

	/**
	* readObject is called to restore the state of the SignedObject from
	* a stream.
	*/
	private void readObject(java.io.ObjectInputStream s)
	throws java.io.IOException, ClassNotFoundException {
	java.io.ObjectInputStream.GetField fields = s.readFields();
	content = ((byte[])fields.get("content", null)).clone();
	signature = ((byte[])fields.get("signature", null)).clone();
	thealgorithm = (String)fields.get("thealgorithm", null);
	}
	}