FileDocCategorySizeDatePackage
SignedObject.javaAPI DocAndroid 1.5 API5747Wed May 06 22:41:06 BST 2009java.security

SignedObject

public final class SignedObject extends Object implements Serializable
A {@code SignedObject} instance acts as a container for another object. The {@code SignedObject} contains the target in serialized form along with a digital signature of the serialized data.
since
Android 1.0

Fields Summary
private static final long
serialVersionUID
private byte[]
content
private byte[]
signature
private String
thealgorithm
Constructors Summary
public SignedObject(Serializable object, PrivateKey signingKey, Signature signingEngine)
Constructs a new instance of {@code SignedObject} with the target object, the private key and the engine to compute the signature. The given {@code object} is signed with the specified key and engine.

param
object the object to bes signed.
param
signingKey the private key, used to sign the {@code object}.
param
signingEngine the engine that performs the signature generation.
throws
IOException if a serialization error occurs.
throws
InvalidKeyException if the private key is not valid.
throws
SignatureException if signature generation failed.
since
Android 1.0


        ByteArrayOutputStream baos = new ByteArrayOutputStream();
        ObjectOutputStream oos = new ObjectOutputStream(baos);
        try {
            // Serialize
            oos.writeObject(object);
            oos.flush();
        } finally {
            oos.close();
        }
        content = baos.toByteArray();
        signingEngine.initSign(signingKey);
        thealgorithm = signingEngine.getAlgorithm();
        signingEngine.update(content);
        signature = signingEngine.sign();
Methods Summary
public java.lang.StringgetAlgorithm()
Returns the name of the algorithm of this {@code SignedObject}.

return
the name of the algorithm of this {@code SignedObject}.
since
Android 1.0

        return thealgorithm;
public java.lang.ObjectgetObject()
Returns the encapsulated object. Each time this method is invoked, the encapsulated object is deserialized before it is returned.

return
the encapsulated object.
throws
IOException if deserialization failed.
throws
ClassNotFoundException if the class of the encapsulated object can not be found.
since
Android 1.0

        // deserialize our object
        ObjectInputStream ois = new ObjectInputStream(new ByteArrayInputStream(
                content));
        try {
            return ois.readObject();
        } finally {
            ois.close();
        }
public byte[]getSignature()
Returns the signature data of the encapsulated serialized object.

return
the signature data of the encapsulated serialized object.
since
Android 1.0

        byte[] sig = new byte[signature.length];
        System.arraycopy(signature, 0, sig, 0, signature.length);
        return sig;
private voidreadObject(java.io.ObjectInputStream s)


         
             

        s.defaultReadObject();
        byte[] tmp = new byte[content.length];
        System.arraycopy(content, 0, tmp, 0, content.length);
        content = tmp;
        tmp = new byte[signature.length];
        System.arraycopy(signature, 0, tmp, 0, signature.length);
        signature = tmp;
public booleanverify(java.security.PublicKey verificationKey, java.security.Signature verificationEngine)
Indicates whether the contained signature for the encapsulated object is valid.

param
verificationKey the public key to verify the signature.
param
verificationEngine the signature engine.
return
{@code true} if the contained signature for the encapsulated object is valid, {@code false} otherwise.
throws
InvalidKeyException if the public key is invalid.
throws
SignatureException if signature verification failed.
since
Android 1.0


        verificationEngine.initVerify(verificationKey);
        verificationEngine.update(content);
        return verificationEngine.verify(signature);