ostore.security
Class SignedQS

java.lang.Object
  |
  +--ostore.security.SignedQS

All Implemented Interfaces:

QuickSerializable

Direct Known Subclasses:

SignedQSTree, SignedQSTreePath, ThresholdSignedQS

public class SignedQS

extends Object

implements QuickSerializable

A class to provide the same basic functionality as java.security.SignedObject, but using OceanStore's QuickSerializable class rather than the Java serialization mechanism.

This class serves two purposes. It encapsulates the code for generating and serializing digital certificates and the signatures over them, and it handles the encoding of the particular algorithm used to sign them so that they can be verified after decoding. This latter functionality is accomplished with the aid of a helper class, QSSignature, which encodes sufficient information about an object of type Signature to allow an equivalent object to be reproduced on decode.

Note that the decoding operation of this class does not verify the signature, since the receiving node may not recognize the algorithm used to create the signature. Instead, the functions verify(java.security.PublicKey, java.security.Signature) and user_data() are separated. The former should be called before trusting the data from the latter, although in some cases the data may be useful even if the signature cannot be verified. Alternatively, since the verification operation is expensive, it may be worth first checking the relevance of the data before bothering to verify its integrity or source.

Finally, the user of this class should take care to include the public key of the pair used sign this message in the signed data, either in full or as a digest, as otherwise certain attacks are possible.

Version:

$Id: SignedQS.java,v 1.35 2002/08/16 00:00:09 srhea Exp $

Author:

Sean C. Rhea

Nested Class Summary

class

SignedQS.SignatureBuffer

Field Summary

protected QSSignature	_qs_signature
protected long	_qs_signature_type
protected byte[]	_signature
protected QuickSerializable	_user_data

Constructor Summary

protected	SignedQS()
	SignedQS(InputBuffer buffer)
	SignedQS(QuickSerializable user_data, QSSignature qs_signature, PrivateKey privkey, SecureRandom random, Signature engine) The standard constructor.
	SignedQS(QuickSerializable user_data, SecureHash user_data_digest, PrivateKey privkey, RawNativeRSASignature_PKCS1_SHA1 engine)

Method Summary

protected void	init(QuickSerializable user_data, QSSignature qs_signature, PrivateKey privkey, SecureRandom random, Signature engine)
protected void	init(QuickSerializable user_data, SecureHash user_data_digest, PrivateKey privkey, RawNativeRSASignature_PKCS1_SHA1 engine)
static void	main(String[] args) Test harness for SignedQS.
QSSignature	qs_signature() The type of signature over this object.
void	serialize(OutputBuffer buffer) Add the object to the buffer.
String	toString()
QuickSerializable	user_data() The data which this object signs.
boolean	verify(PublicKey pubkey, RawNativeRSASignature_PKCS1_SHA1 engine, SecureHash digest) A verify function that can take advantage of the RawNativeRSASignature_PKCS1_SHA1 class.
boolean	verify(PublicKey pubkey, Signature engine) Verify that the signature over user_data() is valid.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait

Field Detail

_user_data

protected QuickSerializable _user_data

_signature

protected byte[] _signature

_qs_signature

protected QSSignature _qs_signature

_qs_signature_type

protected long _qs_signature_type

Constructor Detail

SignedQS

protected SignedQS()

SignedQS

public SignedQS(QuickSerializable user_data,
                QSSignature qs_signature,
                PrivateKey privkey,
                SecureRandom random,
                Signature engine)
         throws InvalidKeyException,
                SignatureException

The standard constructor. This constructor actually produces a signature, so if user_data is changed after this object is constructed, those changes will not be reflected in the signed message.

Parameters:

user_data - the message to sign

privkey - the private key to sign the message with

random - a random number generator. If this parameter is null, the default random number generator will be used.

engine - a signature generating engine such that

provider  ().equals (engine.getProvider ().getName ())

and

algorithm ().equals (engine.getAlgorithm ())

These can be obtained through the function Signature.getInstance(String) or Signature.getInstance(String, String).

SignedQS

public SignedQS(QuickSerializable user_data,
                SecureHash user_data_digest,
                PrivateKey privkey,
                RawNativeRSASignature_PKCS1_SHA1 engine)
         throws InvalidKeyException,
                SignatureException

SignedQS

public SignedQS(InputBuffer buffer)
         throws QSException

Method Detail

init

protected final void init(QuickSerializable user_data,
                          QSSignature qs_signature,
                          PrivateKey privkey,
                          SecureRandom random,
                          Signature engine)
                   throws InvalidKeyException,
                          SignatureException

InvalidKeyException

SignatureException

init

protected final void init(QuickSerializable user_data,
                          SecureHash user_data_digest,
                          PrivateKey privkey,
                          RawNativeRSASignature_PKCS1_SHA1 engine)
                   throws InvalidKeyException,
                          SignatureException

InvalidKeyException

SignatureException

user_data

public QuickSerializable user_data()

The data which this object signs. Please see the note about this in (QuickSerializable, KeyPair, SecureRandom, Signature). Also, note that verify(java.security.PublicKey, java.security.Signature) should be called to verify that the signature is correct.

Returns:

the data which is signed

qs_signature

public QSSignature qs_signature()
                         throws TypeTable.NoSuchTypeCode

The type of signature over this object.

Returns:

a subtype QSSignature such that if an object of type Signature is generated where with a matching algorithm and provider, that engine can be safely passed to the verify function without fear of the latter throwing an exception.

Throws:

TypeTable.NoSuchTypeCode - if the type code included in the encoding of this message does not correspond to a known type on this host. In other words, if the message was signed with an unknown algorithm.

serialize

public void serialize(OutputBuffer buffer)

Description copied from interface: QuickSerializable

Add the object to the buffer.

Specified by:

serialize in interface QuickSerializable

Parameters:

buffer - the output buffer to add the object to

verify

public boolean verify(PublicKey pubkey,
                      Signature engine)
               throws InvalidKeyException,
                      SignatureException,
                      TypeTable.NoSuchTypeCode

Verify that the signature over user_data() is valid.

Parameters:

pubkey - The public key of the alleged signer of this message.

engine - a signature generating engine such that

provider  ().equals (engine.getProvider ().getName ())

and

algorithm ().equals (engine.getAlgorithm ())

These can be obtained through the function Signature.getInstance(String) or Signature.getInstance(String, String).

Returns:

true if the signature is valid, false otherwise

Throws:

TypeTable.NoSuchTypeCode - if the type code included in the encoding of this message does not correspond to a known type on this host. In other words, if the message was signed with an unknown algorithm.

InvalidKeyException

SignatureException

verify

public boolean verify(PublicKey pubkey,
                      RawNativeRSASignature_PKCS1_SHA1 engine,
                      SecureHash digest)
               throws InvalidKeyException,
                      SignatureException,
                      TypeTable.NoSuchTypeCode

A verify function that can take advantage of the RawNativeRSASignature_PKCS1_SHA1 class.

InvalidKeyException

SignatureException

TypeTable.NoSuchTypeCode

toString

public String toString()

Overrides:

toString in class Object

main

public static void main(String[] args)
                 throws Exception

Test harness for SignedQS.

Exception