signedobject.html

API資料大全

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Frameset//EN""http://www.w3.org/TR/REC-html40/frameset.dtd">
<!--NewPage-->
<HTML>
<HEAD>
<!-- Generated by javadoc on Thu Apr 27 23:36:05 PDT 2000 -->
<TITLE>
Java 2 Platform SE v1.3: Class  SignedObject
</TITLE>
<LINK REL ="stylesheet" TYPE="text/css" HREF="../../stylesheet.css" TITLE="Style">
</HEAD>
<BODY BGCOLOR="white">

<!-- ========== START OF NAVBAR ========== -->
<A NAME="navbar_top"><!-- --></A>
<TABLE BORDER="0" WIDTH="100%" CELLPADDING="1" CELLSPACING="0">
<TR>
<TD COLSPAN=2 BGCOLOR="#EEEEFF" CLASS="NavBarCell1">
<A NAME="navbar_top_firstrow"><!-- --></A>
<TABLE BORDER="0" CELLPADDING="0" CELLSPACING="3">
  <TR ALIGN="center" VALIGN="top">
  <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1">    <A HREF="../../overview-summary.html"><FONT CLASS="NavBarFont1"><B>Overview</B></FONT></A>&nbsp;</TD>
  <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1">    <A HREF="package-summary.html"><FONT CLASS="NavBarFont1"><B>Package</B></FONT></A>&nbsp;</TD>
  <TD BGCOLOR="#FFFFFF" CLASS="NavBarCell1Rev"> &nbsp;<FONT CLASS="NavBarFont1Rev"><B>Class</B></FONT>&nbsp;</TD>
  <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1">    <A HREF="class-use/SignedObject.html"><FONT CLASS="NavBarFont1"><B>Use</B></FONT></A>&nbsp;</TD>
  <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1">    <A HREF="package-tree.html"><FONT CLASS="NavBarFont1"><B>Tree</B></FONT></A>&nbsp;</TD>
  <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1">    <A HREF="../../deprecated-list.html"><FONT CLASS="NavBarFont1"><B>Deprecated</B></FONT></A>&nbsp;</TD>
  <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1">    <A HREF="../../index-files/index-1.html"><FONT CLASS="NavBarFont1"><B>Index</B></FONT></A>&nbsp;</TD>
  <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1">    <A HREF="../../help-doc.html"><FONT CLASS="NavBarFont1"><B>Help</B></FONT></A>&nbsp;</TD>
  </TR>
</TABLE>
</TD>
<TD ALIGN="right" VALIGN="top" ROWSPAN=3><EM>
<b>Java<sup><font size=-2>TM</font></sup>&nbsp;2&nbsp;Platform<br>Std.&nbsp;Ed. v1.3</b></EM>
</TD>
</TR>

<TR>
<TD BGCOLOR="white" CLASS="NavBarCell2"><FONT SIZE="-2">
&nbsp;<A HREF="../../java/security/SignatureSpi.html"><B>PREV CLASS</B></A>&nbsp;
&nbsp;<A HREF="../../java/security/Signer.html"><B>NEXT CLASS</B></A></FONT></TD>
<TD BGCOLOR="white" CLASS="NavBarCell2"><FONT SIZE="-2">
  <A HREF="../../index.html" TARGET="_top"><B>FRAMES</B></A>  &nbsp;
&nbsp;<A HREF="SignedObject.html" TARGET="_top"><B>NO FRAMES</B></A></FONT></TD>
</TR>
<TR>
<TD VALIGN="top" CLASS="NavBarCell3"><FONT SIZE="-2">
  SUMMARY: &nbsp;INNER&nbsp;|&nbsp;FIELD&nbsp;|&nbsp;<A HREF="#constructor_summary">CONSTR</A>&nbsp;|&nbsp;<A HREF="#method_summary">METHOD</A></FONT></TD>
<TD VALIGN="top" CLASS="NavBarCell3"><FONT SIZE="-2">
DETAIL: &nbsp;FIELD&nbsp;|&nbsp;<A HREF="#constructor_detail">CONSTR</A>&nbsp;|&nbsp;<A HREF="#method_detail">METHOD</A></FONT></TD>
</TR>
</TABLE>
<!-- =========== END OF NAVBAR =========== -->

<HR>
<!-- ======== START OF CLASS DATA ======== -->
<H2>
<FONT SIZE="-1">
java.security</FONT>
<BR>
Class  SignedObject</H2>
<PRE>
<A HREF="../../java/lang/Object.html">java.lang.Object</A>
  |
  +--<B>java.security.SignedObject</B>
</PRE>
<DL>
<DT><B>All Implemented Interfaces:</B> <DD><A HREF="../../java/io/Serializable.html">Serializable</A></DD>
</DL>
<HR>
<DL>
<DT>public final class <B>SignedObject</B><DT>extends <A HREF="../../java/lang/Object.html">Object</A><DT>implements <A HREF="../../java/io/Serializable.html">Serializable</A></DL>

<P>
<p> SignedObject is a class for the purpose of creating authentic
 runtime objects whose integrity cannot be compromised without being
 detected.

 <p> More specifically, a SignedObject contains another Serializable
 object, the (to-be-)signed object and its signature.

 <p> The signed object is a "deep copy" (in serialized form) of an
 original object.  Once the copy is made, further manipulation of
 the original object has no side effect on the copy.

 <p> The underlying signing algorithm is designated by the Signature
 object passed to the constructor and the <code>verify</code> method.
 A typical usage for signing is the following:

 <p> <code> <pre>
 Signature signingEngine = Signature.getInstance(algorithm,
                                                 provider);
 SignedObject so = new SignedObject(myobject, signingKey,
                                    signingEngine);
 </pre> </code>

 <p> A typical usage for verification is the following (having
 received SignedObject <code>so</code>):

 <p> <code> <pre>
 Signature verificationEngine =
     Signature.getInstance(algorithm, provider);
 if (so.verify(publickey, verificationEngine))
     try {
         Object myobj = so.getObject();
     } catch (java.lang.ClassNotFoundException e) {};
 </pre> </code>

 <p> Several points are worth noting.  First, there is no need to
 initialize the signing or verification engine, as it will be
 re-initialized inside the constructor and the <code>verify</code>
 method. Secondly, for verification to succeed, the specified
 public key must be the public key corresponding to the private key
 used to generate the SignedObject.

 <p> More importantly, for flexibility reasons, the
 constructor and <code>verify</code> method allow for
 customized signature engines, which can implement signature
 algorithms that are not installed formally as part of a crypto
 provider.  However, it is crucial that the programmer writing the
 verifier code be aware what <code>Signature</code> engine is being
 used, as its own implementation of the <code>verify</code> method
 is invoked to verify a signature.  In other words, a malicious
 <code>Signature</code> may choose to always return true on
 verification in an attempt to bypass a security check.

 <p> The signature algorithm can be, among others, the NIST standard
 DSA, using DSA and SHA-1.  The algorithm is specified using the
 same convention as that for signatures. The DSA algorithm using the
 SHA-1 message digest algorithm can be specified, for example, as
 "SHA/DSA" or "SHA-1/DSA" (they are equivalent).  In the case of
 RSA, there are multiple choices for the message digest algorithm,
 so the signing algorithm could be specified as, for example,
 "MD2/RSA", "MD5/RSA" or "SHA-1/RSA".  The algorithm name must be
 specified, as there is no default.

 <p> The name of the Cryptography Package Provider is designated
 also by the Signature parameter to the constructor and the
 <code>verify</code> method.  If the provider is not
 specified, the default provider is used.  Each installation can
 be configured to use a particular provider as default.

 <p> Potential applications of SignedObject include: 
 <ul>
 <li> It can be used
 internally to any Java runtime as an unforgeable authorization
 token -- one that can be passed around without the fear that the
 token can be maliciously modified without being detected. 
 <li> It
 can be used to sign and serialize data/object for storage outside
 the Java runtime (e.g., storing critical access control data on
 disk). 
 <li> Nested SignedObjects can be used to construct a logical
 sequence of signatures, resembling a chain of authorization and
 delegation.
 </ul>
<P>
<DL>
<DT><B>See Also: </B><DD><A HREF="../../java/security/Signature.html"><CODE>Signature</CODE></A>, <A HREF="../../serialized-form.html#java.security.SignedObject">Serialized Form</A></DL>
<HR>

<P>
<!-- ======== INNER CLASS SUMMARY ======== -->


<!-- =========== FIELD SUMMARY =========== -->


<!-- ======== CONSTRUCTOR SUMMARY ======== -->

<A NAME="constructor_summary"><!-- --></A>
<TABLE BORDER="1" CELLPADDING="3" CELLSPACING="0" WIDTH="100%">
<TR BGCOLOR="#CCCCFF" CLASS="TableHeadingColor">
<TD COLSPAN=2><FONT SIZE="+2">
<B>Constructor Summary</B></FONT></TD>
</TR>
<TR BGCOLOR="white" CLASS="TableRowColor">
<TD><CODE><B><A HREF="../../java/security/SignedObject.html#SignedObject(java.io.Serializable, java.security.PrivateKey, java.security.Signature)">SignedObject</A></B>(<A HREF="../../java/io/Serializable.html">Serializable</A>&nbsp;object,
             <A HREF="../../java/security/PrivateKey.html">PrivateKey</A>&nbsp;signingKey,
             <A HREF="../../java/security/Signature.html">Signature</A>&nbsp;signingEngine)</CODE>

<BR>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Constructs a SignedObject from any Serializable object.</TD>
</TR>
</TABLE>
&nbsp;
<!-- ========== METHOD SUMMARY =========== -->

<A NAME="method_summary"><!-- --></A>
<TABLE BORDER="1" CELLPADDING="3" CELLSPACING="0" WIDTH="100%">
<TR BGCOLOR="#CCCCFF" CLASS="TableHeadingColor">
<TD COLSPAN=2><FONT SIZE="+2">
<B>Method Summary</B></FONT></TD>
</TR>
<TR BGCOLOR="white" CLASS="TableRowColor">
<TD ALIGN="right" VALIGN="top" WIDTH="1%"><FONT SIZE="-1">
<CODE>&nbsp;<A HREF="../../java/lang/String.html">String</A></CODE></FONT></TD>
<TD><CODE><B><A HREF="../../java/security/SignedObject.html#getAlgorithm()">getAlgorithm</A></B>()</CODE>