securedobject.java

面向应用的智能安全代理平台和工具包是一个综合网络应用的安全共性需求而设计和实现的一个通用性的网络信息安全应用支撑平台

package au.net.aba.crypto;

/*
 * $Id: SecuredObject.java,v 1.8 1999/01/11 06:05:15 leachbj Exp $
 * $Author: leachbj $
 *
 * Copyright (C) 1996-1998 Australian Business Access Pty Ltd.
 * All rights reserved.
 * 
 * Use, modification, copying and distribution of this software is subject the
 * terms and conditions of the ABA Public Licence. See the file
 * "PUBLIC_LICENCE" for additional information.
 *
 * $Source: /aba/CVSROOT/jdk1.1/src/au.net.aba/crypto/SecuredObject.java,v $
 * $Revision: 1.8 $
 * $Date: 1999/01/11 06:05:15 $
 * $State: Exp $
 */
import java.io.*;
import java.security.*;

import javax.crypto.*;
import javax.crypto.spec.*;

import java.security.*;

/**
 * a holding class for encrypted objects which have a verification hash
 * attached.
 */
public class SecuredObject implements Externalizable
{
	public final static String ident = "$Id: SecuredObject.java,v 1.8 1999/01/11 06:05:15 leachbj Exp $";

	static final long serialVersionUID = 1L;

	MessageDigest		digest;

	byte[]			objBlock;
	byte[]			ivBlock;

	/**
	 * base constructor needed for serialisation to work.
	 */
	public SecuredObject()
	{
	}
	/**
	 * create a secret key secured object. The object is appended with
	 * a SHA-1 digest, and the system time is written at the front of
	 * the stream to remove the likelihood of two objects encrypting to
	 * the same or similar streams.
	 *
	 * @param obj		the object to be encrypted.
	 * @param cipher	the cipher to be used to encrypt the object.
	 * @exception IOException if the object is not serialisable or some
	 *	other error occurs.
	 */
	public SecuredObject(
		Object	obj,
		Cipher	cipher)
		throws IOException
	{
		ByteArrayOutputStream	bOut;
		DataOutputStream	dOut;	// for JDK 1.0 compatibility
		DigestOutputStream	hOut;
		ObjectOutputStream	oOut;

		try
		{
			digest = MessageDigest.getInstance("SHA", "ABA");
		}
		catch (Exception e)
		{
			throw new IOException(e.toString());
		}

		bOut = new ByteArrayOutputStream();
		dOut = new DataOutputStream(bOut);
		hOut = new DigestOutputStream(dOut, digest);

		/*
		 * generate a variable long so we always encrypt differently.
		 */
		long	hdr;

		hdr = System.currentTimeMillis();
		hdr ^= (hdr << 56);
		hdr ^= (hdr << 48);
		hdr ^= (hdr << 40);
		hdr ^= (hdr << 32);
		hdr ^= (hdr << 24);

		/*
		 * we have to use dOut here as the 1.0 serialiser won't do
		 * the following correctly. Note also that the oOut must be
		 * opened after the write from dOut (it writes header info).
		 */
		dOut.writeLong(hdr);

		oOut = new ObjectOutputStream(hOut);
		oOut.writeObject(obj);
		dOut.write(hOut.getMessageDigest().digest());

		try
		{
			objBlock = cipher.doFinal(bOut.toByteArray());
		}
		catch (Exception e)
		{
			throw new IOException(e.toString());
		}

		ivBlock = cipher.getIV();
	}
	/**
	 * returns a copy of the initialisation vector.
	 *
	 * @return the IV vector for the cipher used to encrypt the object.
	 */
	public byte[] getIV()
	{
		if (ivBlock != null)
		{
			byte[]	tmp;

			tmp = new byte[ivBlock.length];
			System.arraycopy(ivBlock, 0, tmp, 0, ivBlock.length);

			return tmp;
		}

		return null;
	}
	/**
	 * Return the plain text object.
	 *
	 * @param cipher	The cipher to be used to decrypt the object.
	 * @return The object that was encrypted.
	 * @exception ClassNotFoundException   The object class could not be
	 * 	loaded.
	 */
	public Object getObject(
		Cipher	cipher)
		throws IOException, ClassNotFoundException
	{
		ByteArrayInputStream	bIn;
		DigestInputStream	hIn;
		ObjectInputStream	oIn;
		Object			obj;
		byte[]			data, hash, oldHash;

		try
		{
			data = cipher.doFinal(objBlock);
			digest = MessageDigest.getInstance("SHA", "ABA");
		}
		catch (Exception e)
		{
			throw new IOException(e.toString());
		}

		/*
		 * the first 8 bytes are random
		 */
		bIn = new ByteArrayInputStream(data, 8, data.length - 8);
		hIn = new DigestInputStream(bIn, digest);
		oIn = new ObjectInputStream(hIn);

		obj = oIn.readObject();

		hash = hIn.getMessageDigest().digest();

		oldHash = new byte[hash.length];
		bIn.read(oldHash);

		if (!MessageDigest.isEqual(hash, oldHash))
		{
			throw new IOException(
					"object corrupted in SecuredObject.");
		}

		return obj;
	}
	/**
	 * serialisation support using Externalizable.
	 *
	 * @param in the object input stream.
	 * @exception ClassNotFoundException - the class definition of
	 * 	the serialised object could not be loaded.
	 */
	public void readExternal(
		ObjectInput     in)
	throws IOException, ClassNotFoundException
	{
		int		length;

		length = in.readShort();
		if (length != 0)
		{
			ivBlock = new byte[length];
			in.readFully(ivBlock, 0, ivBlock.length);
		}
		else
		{
			ivBlock = null;
		}

		length = in.readInt();
		if (length != 0)
		{
			objBlock = new byte[length];
			in.readFully(objBlock, 0, objBlock.length);
		}
		else
		{
			objBlock = null;
		}
	}
	/**
	 * serialisation support using Externalizable.
	 *
	 * @param out the object output stream.
	 */
	public void writeExternal(
		ObjectOutput    out)
	throws IOException
	{
		if (ivBlock != null)
		{
			out.writeShort(ivBlock.length);
			out.write(ivBlock, 0, ivBlock.length);
		}
		else
		{
			out.writeShort(0);
		}

		if (objBlock != null)
		{
			out.writeInt(objBlock.length);
			out.write(objBlock, 0, objBlock.length);
		}
		else
		{
			out.writeInt(0);
		}
	}
}