jdk-sandbox: src/java.base/share/classes/java/security/SignedObject.java@56aaa6cb3693 (annotated)

2 90ce3da70b43 Initial load duke parents: diff changeset	1	/*
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	2	* Copyright (c) 1997, 2018, Oracle and/or its affiliates. All rights reserved.
2 90ce3da70b43 Initial load duke parents: diff changeset	3	* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
90ce3da70b43 Initial load duke parents: diff changeset	4	*
90ce3da70b43 Initial load duke parents: diff changeset	5	* This code is free software; you can redistribute it and/or modify it
90ce3da70b43 Initial load duke parents: diff changeset	6	* under the terms of the GNU General Public License version 2 only, as
5506 202f599c92aa 6943119: Rebrand source copyright notices ohair parents: 2 diff changeset	7	* published by the Free Software Foundation. Oracle designates this
2 90ce3da70b43 Initial load duke parents: diff changeset	8	* particular file as subject to the "Classpath" exception as provided
5506 202f599c92aa 6943119: Rebrand source copyright notices ohair parents: 2 diff changeset	9	* by Oracle in the LICENSE file that accompanied this code.
2 90ce3da70b43 Initial load duke parents: diff changeset	10	*
90ce3da70b43 Initial load duke parents: diff changeset	11	* This code is distributed in the hope that it will be useful, but WITHOUT
90ce3da70b43 Initial load duke parents: diff changeset	12	* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
90ce3da70b43 Initial load duke parents: diff changeset	13	* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
90ce3da70b43 Initial load duke parents: diff changeset	14	* version 2 for more details (a copy is included in the LICENSE file that
90ce3da70b43 Initial load duke parents: diff changeset	15	* accompanied this code).
90ce3da70b43 Initial load duke parents: diff changeset	16	*
90ce3da70b43 Initial load duke parents: diff changeset	17	* You should have received a copy of the GNU General Public License version
90ce3da70b43 Initial load duke parents: diff changeset	18	* 2 along with this work; if not, write to the Free Software Foundation,
90ce3da70b43 Initial load duke parents: diff changeset	19	* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
90ce3da70b43 Initial load duke parents: diff changeset	20	*
5506 202f599c92aa 6943119: Rebrand source copyright notices ohair parents: 2 diff changeset	21	* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
202f599c92aa 6943119: Rebrand source copyright notices ohair parents: 2 diff changeset	22	* or visit www.oracle.com if you need additional information or have any
202f599c92aa 6943119: Rebrand source copyright notices ohair parents: 2 diff changeset	23	* questions.
2 90ce3da70b43 Initial load duke parents: diff changeset	24	*/
90ce3da70b43 Initial load duke parents: diff changeset	25
90ce3da70b43 Initial load duke parents: diff changeset	26	package java.security;
90ce3da70b43 Initial load duke parents: diff changeset	27
90ce3da70b43 Initial load duke parents: diff changeset	28	import java.io.*;
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	29	import java.security.spec.AlgorithmParameterSpec;
2 90ce3da70b43 Initial load duke parents: diff changeset	30
90ce3da70b43 Initial load duke parents: diff changeset	31	/**
90ce3da70b43 Initial load duke parents: diff changeset	32	* <p> SignedObject is a class for the purpose of creating authentic
90ce3da70b43 Initial load duke parents: diff changeset	33	* runtime objects whose integrity cannot be compromised without being
90ce3da70b43 Initial load duke parents: diff changeset	34	* detected.
90ce3da70b43 Initial load duke parents: diff changeset	35	*
90ce3da70b43 Initial load duke parents: diff changeset	36	* <p> More specifically, a SignedObject contains another Serializable
90ce3da70b43 Initial load duke parents: diff changeset	37	* object, the (to-be-)signed object and its signature.
90ce3da70b43 Initial load duke parents: diff changeset	38	*
90ce3da70b43 Initial load duke parents: diff changeset	39	* <p> The signed object is a "deep copy" (in serialized form) of an
90ce3da70b43 Initial load duke parents: diff changeset	40	* original object. Once the copy is made, further manipulation of
90ce3da70b43 Initial load duke parents: diff changeset	41	* the original object has no side effect on the copy.
90ce3da70b43 Initial load duke parents: diff changeset	42	*
90ce3da70b43 Initial load duke parents: diff changeset	43	* <p> The underlying signing algorithm is designated by the Signature
18579 b678846778ad 8019360: Cleanup of the javadoc <code> tag in java.security.* juh parents: 9826 diff changeset	44	* object passed to the constructor and the {@code verify} method.
2 90ce3da70b43 Initial load duke parents: diff changeset	45	* A typical usage for signing is the following:
90ce3da70b43 Initial load duke parents: diff changeset	46	*
21334 c60dfce46a77 8026982: javadoc errors in core libs rriggs parents: 18579 diff changeset	47	* <pre>{@code
2 90ce3da70b43 Initial load duke parents: diff changeset	48	* Signature signingEngine = Signature.getInstance(algorithm,
90ce3da70b43 Initial load duke parents: diff changeset	49	* provider);
90ce3da70b43 Initial load duke parents: diff changeset	50	* SignedObject so = new SignedObject(myobject, signingKey,
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	51	* signingParams, signingEngine);
18579 b678846778ad 8019360: Cleanup of the javadoc <code> tag in java.security.* juh parents: 9826 diff changeset	52	* }</pre>
2 90ce3da70b43 Initial load duke parents: diff changeset	53	*
90ce3da70b43 Initial load duke parents: diff changeset	54	* <p> A typical usage for verification is the following (having
18579 b678846778ad 8019360: Cleanup of the javadoc <code> tag in java.security.* juh parents: 9826 diff changeset	55	* received SignedObject {@code so}):
2 90ce3da70b43 Initial load duke parents: diff changeset	56	*
21334 c60dfce46a77 8026982: javadoc errors in core libs rriggs parents: 18579 diff changeset	57	* <pre>{@code
2 90ce3da70b43 Initial load duke parents: diff changeset	58	* Signature verificationEngine =
90ce3da70b43 Initial load duke parents: diff changeset	59	* Signature.getInstance(algorithm, provider);
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	60	* if (so.verify(verificationKey, verificationParams, verificationEngine))
2 90ce3da70b43 Initial load duke parents: diff changeset	61	* try {
90ce3da70b43 Initial load duke parents: diff changeset	62	* Object myobj = so.getObject();
90ce3da70b43 Initial load duke parents: diff changeset	63	* } catch (java.lang.ClassNotFoundException e) {};
18579 b678846778ad 8019360: Cleanup of the javadoc <code> tag in java.security.* juh parents: 9826 diff changeset	64	* }</pre>
2 90ce3da70b43 Initial load duke parents: diff changeset	65	*
90ce3da70b43 Initial load duke parents: diff changeset	66	* <p> Several points are worth noting. First, there is no need to
90ce3da70b43 Initial load duke parents: diff changeset	67	* initialize the signing or verification engine, as it will be
18579 b678846778ad 8019360: Cleanup of the javadoc <code> tag in java.security.* juh parents: 9826 diff changeset	68	* re-initialized inside the constructor and the {@code verify}
2 90ce3da70b43 Initial load duke parents: diff changeset	69	* method. Secondly, for verification to succeed, the specified
90ce3da70b43 Initial load duke parents: diff changeset	70	* public key must be the public key corresponding to the private key
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	71	* used to generate the SignedObject. If signing parameters are used,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	72	* the same parameters must be specified when calling {@code verify}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	73	* method for verification to succeed.
2 90ce3da70b43 Initial load duke parents: diff changeset	74	*
90ce3da70b43 Initial load duke parents: diff changeset	75	* <p> More importantly, for flexibility reasons, the
18579 b678846778ad 8019360: Cleanup of the javadoc <code> tag in java.security.* juh parents: 9826 diff changeset	76	* constructor and {@code verify} method allow for
2 90ce3da70b43 Initial load duke parents: diff changeset	77	* customized signature engines, which can implement signature
90ce3da70b43 Initial load duke parents: diff changeset	78	* algorithms that are not installed formally as part of a crypto
90ce3da70b43 Initial load duke parents: diff changeset	79	* provider. However, it is crucial that the programmer writing the
18579 b678846778ad 8019360: Cleanup of the javadoc <code> tag in java.security.* juh parents: 9826 diff changeset	80	* verifier code be aware what {@code Signature} engine is being
b678846778ad 8019360: Cleanup of the javadoc <code> tag in java.security.* juh parents: 9826 diff changeset	81	* used, as its own implementation of the {@code verify} method
2 90ce3da70b43 Initial load duke parents: diff changeset	82	* is invoked to verify a signature. In other words, a malicious
18579 b678846778ad 8019360: Cleanup of the javadoc <code> tag in java.security.* juh parents: 9826 diff changeset	83	* {@code Signature} may choose to always return true on
2 90ce3da70b43 Initial load duke parents: diff changeset	84	* verification in an attempt to bypass a security check.
90ce3da70b43 Initial load duke parents: diff changeset	85	*
90ce3da70b43 Initial load duke parents: diff changeset	86	* <p> The signature algorithm can be, among others, the NIST standard
46053 6f7e93cb432a 8169080: Improve documentation examples for crypto applications wetmore parents: 45434 diff changeset	87	* DSA, using DSA and SHA-256. The algorithm is specified using the
2 90ce3da70b43 Initial load duke parents: diff changeset	88	* same convention as that for signatures. The DSA algorithm using the
46053 6f7e93cb432a 8169080: Improve documentation examples for crypto applications wetmore parents: 45434 diff changeset	89	* SHA-256 message digest algorithm can be specified, for example, as
6f7e93cb432a 8169080: Improve documentation examples for crypto applications wetmore parents: 45434 diff changeset	90	* "SHA256withDSA". In the case of
6f7e93cb432a 8169080: Improve documentation examples for crypto applications wetmore parents: 45434 diff changeset	91	* RSA the signing algorithm could be specified as, for example,
6f7e93cb432a 8169080: Improve documentation examples for crypto applications wetmore parents: 45434 diff changeset	92	* "SHA256withRSA". The algorithm name must be
2 90ce3da70b43 Initial load duke parents: diff changeset	93	* specified, as there is no default.
90ce3da70b43 Initial load duke parents: diff changeset	94	*
90ce3da70b43 Initial load duke parents: diff changeset	95	* <p> The name of the Cryptography Package Provider is designated
90ce3da70b43 Initial load duke parents: diff changeset	96	* also by the Signature parameter to the constructor and the
18579 b678846778ad 8019360: Cleanup of the javadoc <code> tag in java.security.* juh parents: 9826 diff changeset	97	* {@code verify} method. If the provider is not
2 90ce3da70b43 Initial load duke parents: diff changeset	98	* specified, the default provider is used. Each installation can
90ce3da70b43 Initial load duke parents: diff changeset	99	* be configured to use a particular provider as default.
90ce3da70b43 Initial load duke parents: diff changeset	100	*
90ce3da70b43 Initial load duke parents: diff changeset	101	* <p> Potential applications of SignedObject include:
90ce3da70b43 Initial load duke parents: diff changeset	102	* <ul>
90ce3da70b43 Initial load duke parents: diff changeset	103	* <li> It can be used
90ce3da70b43 Initial load duke parents: diff changeset	104	* internally to any Java runtime as an unforgeable authorization
90ce3da70b43 Initial load duke parents: diff changeset	105	* token -- one that can be passed around without the fear that the
90ce3da70b43 Initial load duke parents: diff changeset	106	* token can be maliciously modified without being detected.
90ce3da70b43 Initial load duke parents: diff changeset	107	* <li> It
90ce3da70b43 Initial load duke parents: diff changeset	108	* can be used to sign and serialize data/object for storage outside
90ce3da70b43 Initial load duke parents: diff changeset	109	* the Java runtime (e.g., storing critical access control data on
90ce3da70b43 Initial load duke parents: diff changeset	110	* disk).
90ce3da70b43 Initial load duke parents: diff changeset	111	* <li> Nested SignedObjects can be used to construct a logical
90ce3da70b43 Initial load duke parents: diff changeset	112	* sequence of signatures, resembling a chain of authorization and
90ce3da70b43 Initial load duke parents: diff changeset	113	* delegation.
90ce3da70b43 Initial load duke parents: diff changeset	114	* </ul>
90ce3da70b43 Initial load duke parents: diff changeset	115	*
90ce3da70b43 Initial load duke parents: diff changeset	116	* @see Signature
90ce3da70b43 Initial load duke parents: diff changeset	117	*
90ce3da70b43 Initial load duke parents: diff changeset	118	* @author Li Gong
45434 4582657c7260 8181082: class-level since tag issues in java.base & java.datatransfer module mli parents: 25859 diff changeset	119	* @since 1.2
2 90ce3da70b43 Initial load duke parents: diff changeset	120	*/
90ce3da70b43 Initial load duke parents: diff changeset	121
90ce3da70b43 Initial load duke parents: diff changeset	122	public final class SignedObject implements Serializable {
90ce3da70b43 Initial load duke parents: diff changeset	123
90ce3da70b43 Initial load duke parents: diff changeset	124	private static final long serialVersionUID = 720502720485447167L;
90ce3da70b43 Initial load duke parents: diff changeset	125
90ce3da70b43 Initial load duke parents: diff changeset	126	/*
90ce3da70b43 Initial load duke parents: diff changeset	127	* The original content is "deep copied" in its serialized format
90ce3da70b43 Initial load duke parents: diff changeset	128	* and stored in a byte array. The signature field is also in the
90ce3da70b43 Initial load duke parents: diff changeset	129	* form of byte array.
90ce3da70b43 Initial load duke parents: diff changeset	130	*/
90ce3da70b43 Initial load duke parents: diff changeset	131
90ce3da70b43 Initial load duke parents: diff changeset	132	private byte[] content;
90ce3da70b43 Initial load duke parents: diff changeset	133	private byte[] signature;
90ce3da70b43 Initial load duke parents: diff changeset	134	private String thealgorithm;
90ce3da70b43 Initial load duke parents: diff changeset	135
90ce3da70b43 Initial load duke parents: diff changeset	136	/**
90ce3da70b43 Initial load duke parents: diff changeset	137	* Constructs a SignedObject from any Serializable object.
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	138	* The given object is signed with the given signing key with
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	139	* no signature parameters, using the designated signature engine.
2 90ce3da70b43 Initial load duke parents: diff changeset	140	*
90ce3da70b43 Initial load duke parents: diff changeset	141	* @param object the object to be signed.
90ce3da70b43 Initial load duke parents: diff changeset	142	* @param signingKey the private key for signing.
90ce3da70b43 Initial load duke parents: diff changeset	143	* @param signingEngine the signature signing engine.
90ce3da70b43 Initial load duke parents: diff changeset	144	*
90ce3da70b43 Initial load duke parents: diff changeset	145	* @exception IOException if an error occurs during serialization
90ce3da70b43 Initial load duke parents: diff changeset	146	* @exception InvalidKeyException if the key is invalid.
90ce3da70b43 Initial load duke parents: diff changeset	147	* @exception SignatureException if signing fails.
90ce3da70b43 Initial load duke parents: diff changeset	148	*/
90ce3da70b43 Initial load duke parents: diff changeset	149	public SignedObject(Serializable object, PrivateKey signingKey,
90ce3da70b43 Initial load duke parents: diff changeset	150	Signature signingEngine)
90ce3da70b43 Initial load duke parents: diff changeset	151	throws IOException, InvalidKeyException, SignatureException {
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	152	// creating a stream pipe-line, from a to b
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	153	ByteArrayOutputStream b = new ByteArrayOutputStream();
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	154	ObjectOutput a = new ObjectOutputStream(b);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	155
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	156	// write and flush the object content to byte array
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	157	a.writeObject(object);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	158	a.flush();
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	159	a.close();
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	160	this.content = b.toByteArray();
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	161	b.close();
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	162
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	163	// now sign the encapsulated object
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	164	try {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	165	this.sign(signingKey, null, signingEngine);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	166	} catch (InvalidAlgorithmParameterException e) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	167	// should not happen, re-throw just in case
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	168	throw new SignatureException(e);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	169	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	170	}
2 90ce3da70b43 Initial load duke parents: diff changeset	171
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	172	/**
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	173	* Constructs a SignedObject from any Serializable object.
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	174	* The given object is signed with the given signing key and
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	175	* signature parameters, using the designated signature engine.
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	176	* If the signature algorithm does not use any signature parameters,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	177	* {@code signingParams} should be null.
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	178	*
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	179	* @param object the object to be signed.
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	180	* @param signingKey the private key for signing.
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	181	* @param signingParams the signature parameters used for signing,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	182	* may be null.
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	183	* @param signingEngine the signature signing engine.
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	184	*
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	185	* @exception IOException if an error occurs during serialization
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	186	* @exception InvalidKeyException if the key is invalid.
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	187	* @exception InvalidAlgorithmParameterException if the given signature
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	188	* parameters is invalid.
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	189	* @exception SignatureException if signing fails.
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	190	* @since 11
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	191	*/
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	192	public SignedObject(Serializable object, PrivateKey signingKey,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	193	AlgorithmParameterSpec signingParams,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	194	Signature signingEngine)
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	195	throws IOException, InvalidKeyException,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	196	InvalidAlgorithmParameterException, SignatureException {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	197	// creating a stream pipe-line, from a to b
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	198	ByteArrayOutputStream b = new ByteArrayOutputStream();
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	199	ObjectOutput a = new ObjectOutputStream(b);
2 90ce3da70b43 Initial load duke parents: diff changeset	200
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	201	// write and flush the object content to byte array
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	202	a.writeObject(object);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	203	a.flush();
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	204	a.close();
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	205	this.content = b.toByteArray();
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	206	b.close();
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	207
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	208	// now sign the encapsulated object
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	209	this.sign(signingKey, signingParams, signingEngine);
2 90ce3da70b43 Initial load duke parents: diff changeset	210	}
90ce3da70b43 Initial load duke parents: diff changeset	211
90ce3da70b43 Initial load duke parents: diff changeset	212	/**
90ce3da70b43 Initial load duke parents: diff changeset	213	* Retrieves the encapsulated object.
90ce3da70b43 Initial load duke parents: diff changeset	214	* The encapsulated object is de-serialized before it is returned.
90ce3da70b43 Initial load duke parents: diff changeset	215	*
90ce3da70b43 Initial load duke parents: diff changeset	216	* @return the encapsulated object.
90ce3da70b43 Initial load duke parents: diff changeset	217	*
90ce3da70b43 Initial load duke parents: diff changeset	218	* @exception IOException if an error occurs during de-serialization
90ce3da70b43 Initial load duke parents: diff changeset	219	* @exception ClassNotFoundException if an error occurs during
90ce3da70b43 Initial load duke parents: diff changeset	220	* de-serialization
90ce3da70b43 Initial load duke parents: diff changeset	221	*/
90ce3da70b43 Initial load duke parents: diff changeset	222	public Object getObject()
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	223	throws IOException, ClassNotFoundException {
2 90ce3da70b43 Initial load duke parents: diff changeset	224	// creating a stream pipe-line, from b to a
90ce3da70b43 Initial load duke parents: diff changeset	225	ByteArrayInputStream b = new ByteArrayInputStream(this.content);
90ce3da70b43 Initial load duke parents: diff changeset	226	ObjectInput a = new ObjectInputStream(b);
90ce3da70b43 Initial load duke parents: diff changeset	227	Object obj = a.readObject();
90ce3da70b43 Initial load duke parents: diff changeset	228	b.close();
90ce3da70b43 Initial load duke parents: diff changeset	229	a.close();
90ce3da70b43 Initial load duke parents: diff changeset	230	return obj;
90ce3da70b43 Initial load duke parents: diff changeset	231	}
90ce3da70b43 Initial load duke parents: diff changeset	232
90ce3da70b43 Initial load duke parents: diff changeset	233	/**
90ce3da70b43 Initial load duke parents: diff changeset	234	* Retrieves the signature on the signed object, in the form of a
90ce3da70b43 Initial load duke parents: diff changeset	235	* byte array.
90ce3da70b43 Initial load duke parents: diff changeset	236	*
90ce3da70b43 Initial load duke parents: diff changeset	237	* @return the signature. Returns a new array each time this
90ce3da70b43 Initial load duke parents: diff changeset	238	* method is called.
90ce3da70b43 Initial load duke parents: diff changeset	239	*/
90ce3da70b43 Initial load duke parents: diff changeset	240	public byte[] getSignature() {
90ce3da70b43 Initial load duke parents: diff changeset	241	return this.signature.clone();
90ce3da70b43 Initial load duke parents: diff changeset	242	}
90ce3da70b43 Initial load duke parents: diff changeset	243
90ce3da70b43 Initial load duke parents: diff changeset	244	/**
90ce3da70b43 Initial load duke parents: diff changeset	245	* Retrieves the name of the signature algorithm.
90ce3da70b43 Initial load duke parents: diff changeset	246	*
90ce3da70b43 Initial load duke parents: diff changeset	247	* @return the signature algorithm name.
90ce3da70b43 Initial load duke parents: diff changeset	248	*/
90ce3da70b43 Initial load duke parents: diff changeset	249	public String getAlgorithm() {
90ce3da70b43 Initial load duke parents: diff changeset	250	return this.thealgorithm;
90ce3da70b43 Initial load duke parents: diff changeset	251	}
90ce3da70b43 Initial load duke parents: diff changeset	252
90ce3da70b43 Initial load duke parents: diff changeset	253	/**
90ce3da70b43 Initial load duke parents: diff changeset	254	* Verifies that the signature in this SignedObject is the valid
90ce3da70b43 Initial load duke parents: diff changeset	255	* signature for the object stored inside, with the given
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	256	* verification key with no signature parameters, using the designated
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	257	* verification engine.
2 90ce3da70b43 Initial load duke parents: diff changeset	258	*
90ce3da70b43 Initial load duke parents: diff changeset	259	* @param verificationKey the public key for verification.
90ce3da70b43 Initial load duke parents: diff changeset	260	* @param verificationEngine the signature verification engine.
90ce3da70b43 Initial load duke parents: diff changeset	261	*
25524 e623ca817d50 4867890: Clarify the return value/exception for java.security.SignedObject.verify mullan parents: 21334 diff changeset	262	* @exception SignatureException if signature verification failed (an
e623ca817d50 4867890: Clarify the return value/exception for java.security.SignedObject.verify mullan parents: 21334 diff changeset	263	* exception prevented the signature verification engine from completing
e623ca817d50 4867890: Clarify the return value/exception for java.security.SignedObject.verify mullan parents: 21334 diff changeset	264	* normally).
2 90ce3da70b43 Initial load duke parents: diff changeset	265	* @exception InvalidKeyException if the verification key is invalid.
90ce3da70b43 Initial load duke parents: diff changeset	266	*
18579 b678846778ad 8019360: Cleanup of the javadoc <code> tag in java.security.* juh parents: 9826 diff changeset	267	* @return {@code true} if the signature
b678846778ad 8019360: Cleanup of the javadoc <code> tag in java.security.* juh parents: 9826 diff changeset	268	* is valid, {@code false} otherwise
2 90ce3da70b43 Initial load duke parents: diff changeset	269	*/
90ce3da70b43 Initial load duke parents: diff changeset	270	public boolean verify(PublicKey verificationKey,
90ce3da70b43 Initial load duke parents: diff changeset	271	Signature verificationEngine)
90ce3da70b43 Initial load duke parents: diff changeset	272	throws InvalidKeyException, SignatureException {
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	273	try {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	274	return verify(verificationKey, null, verificationEngine);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	275	} catch (InvalidAlgorithmParameterException e) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	276	// should not happen, re-throw just in case
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	277	throw new SignatureException(e);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	278	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	279	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	280
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	281	/**
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	282	* Verifies that the signature in this SignedObject is the valid
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	283	* signature for the object stored inside, with the given
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	284	* verification key and signature parameters, using the designated
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	285	* verification engine. If the signature algorithm does not use any
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	286	* signature parameters, {@code verificationParams} should be null.
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	287	* When signature parameters are used in signing, the same parameters
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	288	* must be specified when calling {@code verify} method for the
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	289	* verification to succeed.
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	290	*
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	291	* @param verificationKey the public key for verification.
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	292	* @param verificationParams the signature parameters for verification.
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	293	* @param verificationEngine the signature verification engine.
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	294	*
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	295	* @exception SignatureException if signature verification failed (an
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	296	* exception prevented the signature verification engine from completing
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	297	* normally).
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	298	* @exception InvalidKeyException if the verification key is invalid.
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	299	* @exception InvalidAlgorithmParameterException if the given signature
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	300	* parameters is invalid
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	301	* @return {@code true} if the signature is valid, {@code false} otherwise
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	302	* @since 11
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	303	*/
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	304	public boolean verify(PublicKey verificationKey,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	305	AlgorithmParameterSpec verificationParams,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	306	Signature verificationEngine)
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	307	throws InvalidKeyException, InvalidAlgorithmParameterException,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	308	SignatureException {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	309	// set parameteres before Signature.initSign/initVerify call,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	310	// so key can be checked when it's set
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	311	try {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	312	verificationEngine.setParameter(verificationParams);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	313	} catch (UnsupportedOperationException e) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	314	// for backward compatibility, only re-throw when
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	315	// parameters is not null
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	316	if (verificationParams != null) throw e;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	317	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	318	verificationEngine.initVerify(verificationKey);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	319	verificationEngine.update(this.content.clone());
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	320	return verificationEngine.verify(this.signature.clone());
2 90ce3da70b43 Initial load duke parents: diff changeset	321	}
90ce3da70b43 Initial load duke parents: diff changeset	322
90ce3da70b43 Initial load duke parents: diff changeset	323	/*
90ce3da70b43 Initial load duke parents: diff changeset	324	* Signs the encapsulated object with the given signing key, using the
90ce3da70b43 Initial load duke parents: diff changeset	325	* designated signature engine.
90ce3da70b43 Initial load duke parents: diff changeset	326	*
90ce3da70b43 Initial load duke parents: diff changeset	327	* @param signingKey the private key for signing.
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	328	* @param signingParams the signature parameters for signing.
2 90ce3da70b43 Initial load duke parents: diff changeset	329	* @param signingEngine the signature signing engine.
90ce3da70b43 Initial load duke parents: diff changeset	330	*
90ce3da70b43 Initial load duke parents: diff changeset	331	* @exception InvalidKeyException if the key is invalid.
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	332	* @exception InvalidAlgorithmParameterException if the given signature
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	333	* parameters is invalid
2 90ce3da70b43 Initial load duke parents: diff changeset	334	* @exception SignatureException if signing fails.
90ce3da70b43 Initial load duke parents: diff changeset	335	*/
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	336	private void sign(PrivateKey signingKey,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	337	AlgorithmParameterSpec signingParams,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	338	Signature signingEngine)
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	339	throws InvalidKeyException, InvalidAlgorithmParameterException,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	340	SignatureException {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	341	// set parameteres before Signature.initSign/initVerify call,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	342	// so key can be checked when it's set
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	343	try {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	344	signingEngine.setParameter(signingParams);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	345	} catch (UnsupportedOperationException e) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	346	// for backward compatibility, only re-throw when
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	347	// parameters is not null
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	348	if (signingParams != null) throw e;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	349	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	350	signingEngine.initSign(signingKey);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	351	signingEngine.update(this.content.clone());
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	352	this.signature = signingEngine.sign().clone();
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	353	this.thealgorithm = signingEngine.getAlgorithm();
2 90ce3da70b43 Initial load duke parents: diff changeset	354	}
90ce3da70b43 Initial load duke parents: diff changeset	355
90ce3da70b43 Initial load duke parents: diff changeset	356	/**
90ce3da70b43 Initial load duke parents: diff changeset	357	* readObject is called to restore the state of the SignedObject from
90ce3da70b43 Initial load duke parents: diff changeset	358	* a stream.
90ce3da70b43 Initial load duke parents: diff changeset	359	*/
90ce3da70b43 Initial load duke parents: diff changeset	360	private void readObject(java.io.ObjectInputStream s)
9826 0f553990ca93 6618658: Deserialization allows creation of mutable SignedObject weijun parents: 5506 diff changeset	361	throws java.io.IOException, ClassNotFoundException {
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	362	java.io.ObjectInputStream.GetField fields = s.readFields();
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	363	content = ((byte[])fields.get("content", null)).clone();
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	364	signature = ((byte[])fields.get("signature", null)).clone();
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	365	thealgorithm = (String)fields.get("thealgorithm", null);
2 90ce3da70b43 Initial load duke parents: diff changeset	366	}
90ce3da70b43 Initial load duke parents: diff changeset	367	}

author	wetmore
	Fri, 11 May 2018 15:53:12 -0700
branch	JDK-8145252-TLS13-branch
changeset 56542	56aaa6cb3693
parent 47216	71c04702a3d5
child 56548	208b4e9365cd
permissions	-rw-r--r--