1 /*
2  * Copyright (c) 1997, 2021, Oracle and/or its affiliates. All rights reserved.
3  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
4  *
5  * This code is free software; you can redistribute it and/or modify it
6  * under the terms of the GNU General Public License version 2 only, as
7  * published by the Free Software Foundation.  Oracle designates this
8  * particular file as subject to the "Classpath" exception as provided
9  * by Oracle in the LICENSE file that accompanied this code.
10  *
11  * This code is distributed in the hope that it will be useful, but WITHOUT
12  * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
13  * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
14  * version 2 for more details (a copy is included in the LICENSE file that
15  * accompanied this code).
16  *
17  * You should have received a copy of the GNU General Public License version
18  * 2 along with this work; if not, write to the Free Software Foundation,
19  * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
20  *
21  * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
22  * or visit www.oracle.com if you need additional information or have any
23  * questions.
24  */
25 
26 package java.security;
27 
28 import java.io.*;
29 
30 /**
31  * <p> SignedObject is a class for the purpose of creating authentic
32  * runtime objects whose integrity cannot be compromised without being
33  * detected.
34  *
35  * <p> More specifically, a SignedObject contains another Serializable
36  * object, the (to-be-)signed object and its signature.
37  *
38  * <p> The signed object is a "deep copy" (in serialized form) of an
39  * original object.  Once the copy is made, further manipulation of
40  * the original object has no side effect on the copy.
41  *
42  * <p> The underlying signing algorithm is designated by the Signature
43  * object passed to the constructor and the {@code verify} method.
44  * A typical usage for signing is the following:
45  *
46  * <pre>{@code
47  * Signature signingEngine = Signature.getInstance(algorithm,
48  *                                                 provider);
49  * SignedObject so = new SignedObject(myobject, signingKey,
50  *                                    signingEngine);
51  * }</pre>
52  *
53  * <p> A typical usage for verification is the following (having
54  * received SignedObject {@code so}):
55  *
56  * <pre>{@code
57  * Signature verificationEngine =
58  *     Signature.getInstance(algorithm, provider);
59  * if (so.verify(publickey, verificationEngine))
60  *     try {
61  *         Object myobj = so.getObject();
62  *     } catch (java.lang.ClassNotFoundException e) {};
63  * }</pre>
64  *
65  * <p> Several points are worth noting.  First, there is no need to
66  * initialize the signing or verification engine, as it will be
67  * re-initialized inside the constructor and the {@code verify}
68  * method. Secondly, for verification to succeed, the specified
69  * public key must be the public key corresponding to the private key
70  * used to generate the SignedObject.
71  *
72  * <p> More importantly, for flexibility reasons, the
73  * constructor and {@code verify} method allow for
74  * customized signature engines, which can implement signature
75  * algorithms that are not installed formally as part of a crypto
76  * provider.  However, it is crucial that the programmer writing the
77  * verifier code be aware what {@code Signature} engine is being
78  * used, as its own implementation of the {@code verify} method
79  * is invoked to verify a signature.  In other words, a malicious
80  * {@code Signature} may choose to always return true on
81  * verification in an attempt to bypass a security check.
82  *
83  * <p> The signature algorithm can be, among others, the NIST standard
84  * DSA, using DSA and SHA-256.  The algorithm is specified using the
85  * same convention as that for signatures. The DSA algorithm using the
86  * SHA-256 message digest algorithm can be specified, for example, as
87  * "SHA256withDSA".  In the case of
88  * RSA the signing algorithm could be specified as, for example,
89  * "SHA256withRSA".  The algorithm name must be
90  * specified, as there is no default.
91  *
92  * <p> The name of the Cryptography Package Provider is designated
93  * also by the Signature parameter to the constructor and the
94  * {@code verify} method.  If the provider is not
95  * specified, the default provider is used.  Each installation can
96  * be configured to use a particular provider as default.
97  *
98  * <p> Potential applications of SignedObject include:
99  * <ul>
100  * <li> It can be used
101  * internally to any Java runtime as an unforgeable authorization
102  * token -- one that can be passed around without the fear that the
103  * token can be maliciously modified without being detected.
104  * <li> It
105  * can be used to sign and serialize data/object for storage outside
106  * the Java runtime (e.g., storing critical access control data on
107  * disk).
108  * <li> Nested SignedObjects can be used to construct a logical
109  * sequence of signatures, resembling a chain of authorization and
110  * delegation.
111  * </ul>
112  *
113  * @see Signature
114  *
115  * @author Li Gong
116  * @since 1.2
117  */
118 
119 public final class SignedObject implements Serializable {
120 
121     @Serial
122     private static final long serialVersionUID = 720502720485447167L;
123 
124     /**
125      * The original content is "deep copied" in its serialized format
126      * and stored in a byte array.
127      */
128     private byte[] content;
129 
130     /**
131      * The signature field is stored as a byte array.
132      */
133     private byte[] signature;
134 
135     /**
136      * The algorithm used to sign the object.
137      */
138     private String thealgorithm;
139 
140     /**
141      * Constructs a SignedObject from any Serializable object.
142      * The given object is signed with the given signing key, using the
143      * designated signature engine.
144      *
145      * @param object the object to be signed.
146      * @param signingKey the private key for signing.
147      * @param signingEngine the signature signing engine.
148      *
149      * @throws    IOException if an error occurs during serialization
150      * @throws    InvalidKeyException if the key is invalid.
151      * @throws    SignatureException if signing fails.
152      */
SignedObject(Serializable object, PrivateKey signingKey, Signature signingEngine)153     public SignedObject(Serializable object, PrivateKey signingKey,
154                         Signature signingEngine)
155         throws IOException, InvalidKeyException, SignatureException {
156             // creating a stream pipe-line, from a to b
157             ByteArrayOutputStream b = new ByteArrayOutputStream();
158             ObjectOutput a = new ObjectOutputStream(b);
159 
160             // write and flush the object content to byte array
161             a.writeObject(object);
162             a.flush();
163             a.close();
164             this.content = b.toByteArray();
165             b.close();
166 
167             // now sign the encapsulated object
168             this.sign(signingKey, signingEngine);
169     }
170 
171     /**
172      * Retrieves the encapsulated object.
173      * The encapsulated object is de-serialized before it is returned.
174      *
175      * @return the encapsulated object.
176      *
177      * @throws    IOException if an error occurs during de-serialization
178      * @throws    ClassNotFoundException if an error occurs during
179      * de-serialization
180      */
getObject()181     public Object getObject()
182         throws IOException, ClassNotFoundException
183     {
184         // creating a stream pipe-line, from b to a
185         ByteArrayInputStream b = new ByteArrayInputStream(this.content);
186         ObjectInput a = new ObjectInputStream(b);
187         Object obj = a.readObject();
188         b.close();
189         a.close();
190         return obj;
191     }
192 
193     /**
194      * Retrieves the signature on the signed object, in the form of a
195      * byte array.
196      *
197      * @return the signature. Returns a new array each time this
198      * method is called.
199      */
getSignature()200     public byte[] getSignature() {
201         return this.signature.clone();
202     }
203 
204     /**
205      * Retrieves the name of the signature algorithm.
206      *
207      * @return the signature algorithm name.
208      */
getAlgorithm()209     public String getAlgorithm() {
210         return this.thealgorithm;
211     }
212 
213     /**
214      * Verifies that the signature in this SignedObject is the valid
215      * signature for the object stored inside, with the given
216      * verification key, using the designated verification engine.
217      *
218      * @param verificationKey the public key for verification.
219      * @param verificationEngine the signature verification engine.
220      *
221      * @throws    SignatureException if signature verification failed (an
222      *     exception prevented the signature verification engine from completing
223      *     normally).
224      * @throws    InvalidKeyException if the verification key is invalid.
225      *
226      * @return {@code true} if the signature
227      * is valid, {@code false} otherwise
228      */
verify(PublicKey verificationKey, Signature verificationEngine)229     public boolean verify(PublicKey verificationKey,
230                           Signature verificationEngine)
231          throws InvalidKeyException, SignatureException {
232              verificationEngine.initVerify(verificationKey);
233              verificationEngine.update(this.content.clone());
234              return verificationEngine.verify(this.signature.clone());
235     }
236 
237     /*
238      * Signs the encapsulated object with the given signing key, using the
239      * designated signature engine.
240      *
241      * @param signingKey the private key for signing.
242      * @param signingEngine the signature signing engine.
243      *
244      * @throws    InvalidKeyException if the key is invalid.
245      * @throws    SignatureException if signing fails.
246      */
sign(PrivateKey signingKey, Signature signingEngine)247     private void sign(PrivateKey signingKey, Signature signingEngine)
248         throws InvalidKeyException, SignatureException {
249             // initialize the signing engine
250             signingEngine.initSign(signingKey);
251             signingEngine.update(this.content.clone());
252             this.signature = signingEngine.sign().clone();
253             this.thealgorithm = signingEngine.getAlgorithm();
254     }
255 
256     /**
257      * readObject is called to restore the state of the SignedObject from
258      * a stream.
259      *
260      * @param  s the {@code ObjectInputStream} from which data is read
261      * @throws IOException if an I/O error occurs
262      * @throws ClassNotFoundException if a serialized class cannot be loaded
263      */
264     @Serial
readObject(ObjectInputStream s)265     private void readObject(ObjectInputStream s)
266         throws IOException, ClassNotFoundException {
267             ObjectInputStream.GetField fields = s.readFields();
268             content = ((byte[])fields.get("content", null)).clone();
269             signature = ((byte[])fields.get("signature", null)).clone();
270             thealgorithm = (String)fields.get("thealgorithm", null);
271     }
272 }
273