SealedObject.java revision 0
2362N/A * Copyright 1997-2007 Sun Microsystems, Inc. All Rights Reserved. 0N/A * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. 0N/A * This code is free software; you can redistribute it and/or modify it 0N/A * under the terms of the GNU General Public License version 2 only, as 2362N/A * published by the Free Software Foundation. Sun designates this 0N/A * particular file as subject to the "Classpath" exception as provided 2362N/A * by Sun in the LICENSE file that accompanied this code. 0N/A * This code is distributed in the hope that it will be useful, but WITHOUT 0N/A * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 0N/A * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 0N/A * version 2 for more details (a copy is included in the LICENSE file that 0N/A * accompanied this code). 0N/A * You should have received a copy of the GNU General Public License version 0N/A * 2 along with this work; if not, write to the Free Software Foundation, 0N/A * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. 2362N/A * Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa Clara, 2362N/A * CA 95054 USA or visit www.sun.com if you need additional information or 0N/A * This class enables a programmer to create an object and protect its 0N/A * confidentiality with a cryptographic algorithm. 0N/A * <p> Given any Serializable object, one can create a SealedObject 0N/A * that encapsulates the original object, in serialized 0N/A * format (i.e., a "deep copy"), and seals (encrypts) its serialized contents, 0N/A * using a cryptographic algorithm such as DES, to protect its 0N/A * confidentiality. The encrypted content can later be decrypted (with 0N/A * the corresponding algorithm using the correct decryption key) and 0N/A * de-serialized, yielding the original object. 0N/A * <p> Note that the Cipher object must be fully initialized with the 0N/A * correct algorithm, key, padding scheme, etc., before being applied 0N/A * to a SealedObject. 0N/A * <p> The original object that was sealed can be recovered in two different 0N/A * <li>by using the {@link #getObject(javax.crypto.Cipher) getObject} 0N/A * method that takes a <code>Cipher</code> object. 0N/A * <p> This method requires a fully initialized <code>Cipher</code> object, 0N/A * initialized with the 0N/A * exact same algorithm, key, padding scheme, etc., that were used to seal the 0N/A * <p> This approach has the advantage that the party who unseals the 0N/A * sealed object does not require knowledge of the decryption key. For example, 0N/A * after one party has initialized the cipher object with the required 0N/A * decryption key, it could hand over the cipher object to 0N/A * another party who then unseals the sealed object. 0N/A * <li>by using one of the 0N/A * {@link #getObject(java.security.Key) getObject} methods 0N/A * that take a <code>Key</code> object. 0N/A * <p> In this approach, the <code>getObject</code> method creates a cipher 0N/A * object for the appropriate decryption algorithm and initializes it with the 0N/A * given decryption key and the algorithm parameters (if any) that were stored 0N/A * in the sealed object. 0N/A * <p> This approach has the advantage that the party who 0N/A * unseals the object does not need to keep track of the parameters (e.g., an 0N/A * IV) that were used to seal the object. 0N/A * The serialized object contents in encrypted format. 0N/A * The algorithm that was used to seal this object. 0N/A * The algorithm of the parameters used. 0N/A * The cryptographic parameters used by the sealing Cipher, 0N/A * encoded in the default format. 0N/A * That is, <code>cipher.getParameters().getEncoded()</code>. 0N/A * Constructs a SealedObject from any Serializable object. 0N/A * <p>The given object is serialized, and its serialized contents are 0N/A * encrypted using the given Cipher, which must be fully initialized. 0N/A * <p>Any algorithm parameters that may be used in the encryption 0N/A * operation are stored inside of the new <code>SealedObject</code>. 0N/A * @param object the object to be sealed; can be null. * @param c the cipher used to seal the object. * @exception NullPointerException if the given cipher is null. * @exception IOException if an error occurs during serialization * @exception IllegalBlockSizeException if the given cipher is a block * cipher, no padding has been requested, and the total input length * (i.e., the length of the serialized object contents) is not a multiple * of the cipher's block size // creating a stream pipe-line, from a to b // write and flush the object content to byte array // if sealing is encryption only // Save the encryption algorithm * Constructs a SealedObject object from the passed-in SealedObject. * @param so a SealedObject object * @exception NullPointerException if the given sealed object is null. * Returns the algorithm that was used to seal this object. * @return the algorithm that was used to seal this object. * Retrieves the original (encapsulated) object. * <p>This method creates a cipher for the algorithm that had been used in * If the default provider package provides an implementation of that * algorithm, an instance of Cipher containing that implementation is used. * If the algorithm is not available in the default package, other * The Cipher object is initialized for decryption, using the given * <code>key</code> and the parameters (if any) that had been used in the * <p>The encapsulated object is unsealed and de-serialized, before it is * @param key the key used to unseal the object. * @return the original object. * @exception IOException if an error occurs during de-serialiazation. * @exception ClassNotFoundException if an error occurs during * @exception NoSuchAlgorithmException if the algorithm to unseal the * object is not available. * @exception InvalidKeyException if the given key cannot be used to unseal * the object (e.g., it has the wrong algorithm). * @exception NullPointerException if <code>key</code> is null. // we've already caught NoSuchProviderException's and converted // them into NoSuchAlgorithmException's with details about * Retrieves the original (encapsulated) object. * <p>The encapsulated object is unsealed (using the given Cipher, * assuming that the Cipher is already properly initialized) and * de-serialized, before it is returned. * @param c the cipher used to unseal the object * @return the original object. * @exception NullPointerException if the given cipher is null. * @exception IOException if an error occurs during de-serialiazation * @exception ClassNotFoundException if an error occurs during * @exception IllegalBlockSizeException if the given cipher is a block * cipher, no padding has been requested, and the total input length is * not a multiple of the cipher's block size * @exception BadPaddingException if the given cipher has been * initialized for decryption, and padding has been specified, but * the input data does not have proper expected padding bytes // creating a stream pipe-line, from b to a * Retrieves the original (encapsulated) object. * <p>This method creates a cipher for the algorithm that had been used in * the sealing operation, using an implementation of that algorithm from * the given <code>provider</code>. * The Cipher object is initialized for decryption, using the given * <code>key</code> and the parameters (if any) that had been used in the * <p>The encapsulated object is unsealed and de-serialized, before it is * @param key the key used to unseal the object. * @param provider the name of the provider of the algorithm to unseal * @return the original object. * @exception IllegalArgumentException if the given provider is null * @exception IOException if an error occurs during de-serialiazation. * @exception ClassNotFoundException if an error occurs during * @exception NoSuchAlgorithmException if the algorithm to unseal the * object is not available. * @exception NoSuchProviderException if the given provider is not * @exception InvalidKeyException if the given key cannot be used to unseal * the object (e.g., it has the wrong algorithm). * @exception NullPointerException if <code>key</code> is null. * Create the parameter object. * Create and initialize the cipher. +
"sealing operation not " // this should never happen, because we use the exact same // parameters that were used in the sealing operation // creating a stream pipe-line, from b to a * Restores the state of the SealedObject from a stream. * @param s the object input stream. * @exception NullPointerException if s is null. * Calling the super.resolveClass() first * will let us pick up bug fixes in the super * This is a workaround for bug 4224921.