|
|||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||
SUMMARY: INNER | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
java.lang.Object | +--ostore.security.SignedQS
A class to provide the same basic functionality as java.security.SignedObject, but using OceanStore's QuickSerializable class rather than the Java serialization mechanism.
This class serves two purposes. It encapsulates the code for generating
and serializing digital certificates and the signatures over them, and
it handles the encoding of the particular algorithm used to sign them so
that they can be verified after decoding. This latter functionality is
accomplished with the aid of a helper class, QSSignature
, which
encodes sufficient information about an object of type
Signature
to allow an equivalent object to be
reproduced on decode.
Note that the decoding operation of this class does not verify
the signature, since the receiving node may not recognize the algorithm
used to create the signature. Instead, the functions
verify(java.security.PublicKey, java.security.Signature)
and user_data()
are separated. The former should be called before
trusting the data from the latter, although in some cases the data may
be useful even if the signature cannot be verified. Alternatively,
since the verification operation is expensive, it may be worth first
checking the relevance of the data before bothering to verify its
integrity or source.
Finally, the user of this class should take care to include the public key of the pair used sign this message in the signed data, either in full or as a digest, as otherwise certain attacks are possible.
Field Summary | |
protected byte[] |
_bytes
|
protected QSSignature |
_qs_signature
|
protected long |
_qs_signature_type
|
protected byte[] |
_signature
|
protected QuickSerializable |
_user_data
|
Constructor Summary | |
protected |
SignedQS()
|
|
SignedQS(byte[] data,
int[] offset)
The deserialization constructor. |
|
SignedQS(QuickSerializable user_data,
QSSignature qs_signature,
PrivateKey privkey,
SecureRandom random,
Signature engine)
The standard constructor. |
Method Summary | |
void |
add_to_digest(SecureHashBuffer buffer)
Adds this object's state to the specified SecureHashBuffer using the various add
methods. |
QSSignature |
qs_signature()
The type of signature over this object. |
void |
to_bytes(byte[] data,
int[] offset)
Store the object in its "on the wire" form in the byte array data , starting at index offset [0] , and
increment offset [0] by the number of bytes written;
if data == null , increment offset [0] by
the number of bytes that would have been written otherwise. |
String |
toString()
|
int |
type_code()
Returns the unique integer associated with this class in the TypeTable . |
QuickSerializable |
user_data()
The data which this object signs. |
boolean |
verify(PublicKey pubkey,
Signature engine)
Verify that the signature over user_data() is valid. |
Methods inherited from class java.lang.Object |
clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait |
Field Detail |
protected QuickSerializable _user_data
protected byte[] _bytes
protected byte[] _signature
protected QSSignature _qs_signature
protected long _qs_signature_type
Constructor Detail |
protected SignedQS()
public SignedQS(QuickSerializable user_data, QSSignature qs_signature, PrivateKey privkey, SecureRandom random, Signature engine) throws InvalidKeyException, SignatureException
user_data
is changed after this object
is constructed, those changes will not be reflected in the
signed message.user_data
- the message to signprivkey
- the private key to sign the message withrandom
- a random number generator. If this parameter is
null
, the default random number
generator will be used.engine
- a signature generating engine such that
provider ().equals (engine.getProvider ().getName ())and
algorithm ().equals (engine.getAlgorithm ())These can be obtained through the function
Signature.getInstance(String)
or
Signature.getInstance(String,
String)
.public SignedQS(byte[] data, int[] offset) throws QSException
QuickSerializable
for details.Method Detail |
public String toString()
toString
in class Object
public QuickSerializable user_data()
(QuickSerializable, KeyPair, SecureRandom,
Signature)
. Also, note that
verify(java.security.PublicKey, java.security.Signature)
should be called to verify that the signature is correct.public QSSignature qs_signature() throws TypeTable.NoSuchTypeCode
Signature
is generated where with a
matching algorithm and provider, that engine can be safely
passed to the verify function without fear of the latter
throwing an exception.TypeTable.NoSuchTypeCode
- if the type code included in the
encoding of this message does not correspond to a known
type on this host. In other words, if the message was
signed with an unknown algorithm.public void to_bytes(byte[] data, int[] offset)
QuickSerializable
data
, starting at index offset [0]
, and
increment offset [0]
by the number of bytes written;
if data == null
, increment offset [0]
by
the number of bytes that would have been written otherwise.to_bytes
in interface QuickSerializable
ostore.util.QuickSerializable
data
- The byte array to store into, or null
.offset
- A single element array whose first
element is the index in data to begin writing at on
function entry, and which on function exit has been
incremented by the number of bytes written.public void add_to_digest(SecureHashBuffer buffer)
Digestible
SecureHashBuffer
using the various add
methods.add_to_digest
in interface Digestible
ostore.util.Digestible
SecureHashBuffer.add( byte )
,
SecureHashBuffer.add( byte[] )
,
SecureHashBuffer.add( byte[], int, int )
,
SecureHashBuffer.add( Digestible )
public int type_code()
QuickSerializable
TypeTable
.type_code
in interface QuickSerializable
ostore.util.QuickSerializable
public boolean verify(PublicKey pubkey, Signature engine) throws InvalidKeyException, SignatureException, TypeTable.NoSuchTypeCode
user_data()
is valid.pubkey
- The public key of the alleged signer of this message.engine
- a signature generating engine such that
provider ().equals (engine.getProvider ().getName ())and
algorithm ().equals (engine.getAlgorithm ())These can be obtained through the function
Signature.getInstance(String)
or
Signature.getInstance(String,
String)
.true
if the signature is valid,
false
otherwiseTypeTable.NoSuchTypeCode
- if the type code included in the
encoding of this message does not correspond to a known
type on this host. In other words, if the message was
signed with an unknown algorithm.
|
|||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||
SUMMARY: INNER | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |