From 3f0ac9ff1c5ee8e74638815f744c8a8507c0e10f Mon Sep 17 00:00:00 2001 From: bryce Date: Wed, 25 Apr 2001 15:45:15 +0000 Subject: gcc/java: 2001-04-25 Bryce McKinlay * decl.c (init_decl_processing): Add new class "protectionDomain" field. * class.c (make_class_data): Set initial value for "protectionDomain". libjava: 2001-04-25 Bryce McKinlay java.security merge and ClassLoader compliance fixes. * java/lang/Class.h (Class): Include ProtectionDomain.h. New protectionDomain field. (forName): Add initialize parameter. Fixes declaration to comply with JDK spec. * java/lang/natClass.cc (forName): Correct declaration of the three-arg variant. Honour "initialize" flag. (getProtectionDomain0): New method. * java/lang/Class.java: Fix forName() declaration. (getPackage): New method based on Classpath implementation. (getProtectionDomain0): New native method decl. (getProtectionDomain): New method. * java/lang/ClassLoader.java (getParent): Now final. (definedPackages): New field. (getPackage): New. (defineClass): New variant with protectionDomain argument. (definePackage): New. (getPackages): New. (findSystemClass): Now final. (getSystemResourceAsStream): Remove redundant "final" modifier. (getSystemResource): Remove redundant "final" modifier. (getResources): Now final. (protectionDomainPermission): New static field. (unknownProtectionDomain): Ditto. (defaultProtectionDomain): Ditto. (getSystemClassLoader): Now non-native. * java/util/ResourceBundle.java (tryGetSomeBundle): Use the correct arguments for Class.forName(). * java/lang/Package.java: New file. * gnu/gcj/runtime/VMClassLoader.java (getVMClassLoader): Removed. (instance): Static initialize singleton. (findClass): Override this, not findSystemClass. * java/lang/natClassLoader.cc (defineClass0): Set class's protectionDomain field as specified. (getSystemClassLoader): Removed. (findClass): Renamed from findSystemClass. Call the interpreter via URLClassLoader.findClass if loading class via dlopen fails. * java/security/*.java: java.security import/merge with Classpath. * java/security/acl/*.java: Likewise. * java/security/interfaces/*.java: Likewise. * java/security/spec/*.java: Likewise. * java/net/NetPermission.java: Likewise. * java/net/SocketPermission.java: Likewise. * gnu/java/security/provider/DefaultPolicy.java: Likewise. * Makefile.am: Add new classes. * Makefile.in: Rebuilt. * gcj/javaprims.h: CNI namespace rebuild. git-svn-id: svn+ssh://gcc.gnu.org/svn/gcc/trunk@41543 138bc75d-0d04-0410-961f-82ee72b054a4 --- libjava/java/security/SignedObject.java | 166 ++++++++++++++++++++++++++++++++ 1 file changed, 166 insertions(+) create mode 100644 libjava/java/security/SignedObject.java (limited to 'libjava/java/security/SignedObject.java') diff --git a/libjava/java/security/SignedObject.java b/libjava/java/security/SignedObject.java new file mode 100644 index 00000000000..34f80e96706 --- /dev/null +++ b/libjava/java/security/SignedObject.java @@ -0,0 +1,166 @@ +/* SignedObject.java --- Signed Object Class + Copyright (C) 1999 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA +02111-1307 USA. + +As a special exception, if you link this library with other files to +produce an executable, this library does not by itself cause the +resulting executable to be covered by the GNU General Public License. +This exception does not however invalidate any other reasons why the +executable file might be covered by the GNU General Public License. */ + +package java.security; +import java.io.ByteArrayInputStream; +import java.io.ByteArrayOutputStream; +import java.io.IOException; +import java.io.ObjectInputStream; +import java.io.ObjectOutputStream; +import java.io.Serializable; + +/** + SignedObject is used for storing rutime objects whose integrity + cannot be compromised without being detected. + + SignedObject contains a Serializable object which is yet to be + signed and its signature. + + The signed copy is a "deep copy" (in serialized form) of the + original object. Any changes to the original will not affect + the original. + + Several things to note are that, first there is no need to + initialize the signature engine as this class will handle that + automatically. Second, verification will only succeed if the + public key corresponds to the private key used to generate + the SignedObject. + + For fexibility, the signature engine can be specified in the + constructor or the verify method. The programmer who writes + code that verifies the SignedObject has not changed should be + aware of the Signature engine they use. A malicious Signature + may choose to always return true on verification and + bypass the secrity check. + + The GNU provider provides the NIST standard DSA which uses DSA + and SHA-1. It can be specified by SHA/DSA, SHA-1/DSA or its + OID. If the RSA signature algorithm is provided then + it could be MD2/RSA. MD5/RSA, or SHA-1/RSA. The algorithm must + be specified because there is no default. + + @author Mark Benvenuto + + @since JDK 1.2 + */ +public final class SignedObject implements Serializable +{ + private byte[] content; + private byte[] signature; + private String thealgorithm; + + /** + Constructs a new SignedObject from a Serializeable object. The + object is signed with private key and signature engine + + @param object the object to sign + @param signingKey the key to sign with + @param signingEngine the signature engine to use + + @throws IOException serialization error occured + @throws InvalidKeyException invalid key + @throws SignatureException signing error + */ + public SignedObject(Serializable object, PrivateKey signingKey, + Signature signingEngine) throws IOException, + InvalidKeyException, SignatureException + { + thealgorithm = signingEngine.getAlgorithm(); + + ByteArrayOutputStream ostream = new ByteArrayOutputStream(); + ObjectOutputStream p = new ObjectOutputStream(ostream); + p.writeObject(object); + p.flush(); + + content = ostream.toByteArray(); + + signingEngine.initSign(signingKey); + signingEngine.update(content); + signature = signingEngine.sign(); + } + + /** + Returns the encapsulated object. The object is + de-serialized before being returned. + + @return the encapsulated object + + @throws IOException de-serialization error occured + @throws ClassNotFoundException de-serialization error occured + */ + public Object getObject() throws IOException, ClassNotFoundException + { + ByteArrayInputStream istream = new ByteArrayInputStream(content); + + return new ObjectInputStream(istream).readObject(); + } + + /** + Returns the signature of the encapsulated object. + + @return a byte array containing the signature + */ + public byte[] getSignature() + { + return signature; + } + + /** + Returns the name of the signature algorithm. + + @return the name of the signature algorithm. + */ + public String getAlgorithm() + { + return thealgorithm; + } + + /** + Verifies the SignedObject by checking that the signature that + this class contains for the encapsulated object. + + @param verificationKey the public key to use + @param verificationEngine the signature engine to use + + @return true if signature is correct, false otherwise + + @throws InvalidKeyException invalid key + @throws SignatureException signature verification failed + */ + public boolean verify(PublicKey verificationKey, + Signature verificationEngine) throws + InvalidKeyException, SignatureException + { + verificationEngine.initVerify(verificationKey); + verificationEngine.update(content); + return verificationEngine.verify(signature); + } + + // readObject is called to restore the state of the SignedObject from a + // stream. + //private void readObject(ObjectInputStream s) + // throws IOException, ClassNotFoundException +} -- cgit v1.2.1