1 files changed, 139 insertions, 78 deletions
diff --git a/libjava/java/security/SignedObject.java b/libjava/java/security/SignedObject.java
index 78684e5..6a8d612 100644
--- a/libjava/java/security/SignedObject.java
+++ b/libjava/java/security/SignedObject.java
@@ -1,5 +1,5 @@
 /* SignedObject.java --- Signed Object Class
-   Copyright (C) 1999 Free Software Foundation, Inc.
+   Copyright (C) 1999, 2003, Free Software Foundation, Inc.
 
 This file is part of GNU Classpath.
 
@@ -36,70 +36,123 @@ obligated to do so.  If you do not wish to do so, delete this
 exception statement from your version. */
 
 package java.security;
+
 import java.io.ByteArrayInputStream;
 import java.io.ByteArrayOutputStream;
 import java.io.IOException;
+import java.io.ObjectInput;
 import java.io.ObjectInputStream;
 import java.io.ObjectOutputStream;
 import java.io.Serializable;
 
 /**
-   SignedObject is used for storing rutime objects whose integrity
-   cannot be compromised without being detected.
-
-   SignedObject contains a Serializable object which is yet to be 
-   signed and its signature.
-
-   The signed copy is a "deep copy" (in serialized form) of the 
-   original object. Any changes to the original will not affect 
-   the original.
-
-   Several things to note are that, first there is no need to 
-   initialize the signature engine as this class will handle that 
-   automatically. Second, verification will only succeed if the
-   public key corresponds to the private key used to generate 
-   the SignedObject.
-
-   For fexibility, the signature engine can be specified in the 
-   constructor or the verify method. The programmer who writes 
-   code that verifies the SignedObject has not changed should be 
-   aware of the Signature engine they use. A malicious Signature 
-   may choose to always return true on verification and 
-   bypass the secrity check.
-
-   The GNU provider provides the NIST standard DSA which uses DSA 
-   and SHA-1. It can be specified by SHA/DSA, SHA-1/DSA or its 
-   OID. If the RSA signature algorithm is provided then
-   it could be MD2/RSA. MD5/RSA, or SHA-1/RSA. The algorithm must
-   be specified because there is no default.
-
-   @author Mark Benvenuto <ivymccough@worldnet.att.net>
-
-   @since JDK 1.2
+ * <p><code>SignedObject</code> is a class for the purpose of creating authentic
+ * runtime objects whose integrity cannot be compromised without being detected.
+ * </p>
+ *
+ * <p>More specifically, a <code>SignedObject</code> contains another
+ * {@link Serializable} object, the (to-be-)signed object and its signature.</p>
+ *
+ * <p>The signed object is a <i>"deep copy"</i> (in serialized form) of an
+ * original object. Once the copy is made, further manipulation of the original
+ * object has no side effect on the copy.</p>
+ *
+ * <p>The underlying signing algorithm is designated by the {@link Signature}
+ * object passed to the constructor and the <code>verify()</code> method. A
+ * typical usage for signing is the following:</p>
+ *
+ * <pre>
+ * Signature signingEngine = Signature.getInstance(algorithm, provider);
+ * SignedObject so = new SignedObject(myobject, signingKey, signingEngine);
+ * </pre>
+ *
+ * <p>A typical usage for verification is the following (having received
+ * <code>SignedObject</code> so):</p>
+ *
+ * <pre>
+ * Signature verificationEngine = Signature.getInstance(algorithm, provider);
+ * if (so.verify(publickey, verificationEngine))
+ *   try
+ *     {
+ *       Object myobj = so.getObject();
+ *     }
+ *   catch (ClassNotFoundException ignored) {};
+ * </pre>
+ *
+ * <p>Several points are worth noting. First, there is no need to initialize the
+ * signing or verification engine, as it will be re-initialized inside the
+ * constructor and the <code>verify()</code> method. Secondly, for verification
+ * to succeed, the specified public key must be the public key corresponding to
+ * the private key used to generate the <code>SignedObject</code>.</p>
+ *
+ * <p>More importantly, for flexibility reasons, the <code>constructor</code>
+ * and <code>verify()</code> method allow for customized signature engines,
+ * which can implement signature algorithms that are not installed formally as
+ * part of a crypto provider. However, it is crucial that the programmer writing
+ * the verifier code be aware what {@link Signature} engine is being used, as
+ * its own implementation of the <code>verify()</code> method is invoked to
+ * verify a signature. In other words, a malicious {@link Signature} may choose
+ * to always return <code>true</code> on verification in an attempt to bypass a
+ * security check.</p>
+ *
+ * <p>The signature algorithm can be, among others, the NIST standard <i>DSS</i>,
+ * using <i>DSA</i> and <i>SHA-1</i>. The algorithm is specified using the same
+ * convention as that for signatures. The <i>DSA</i> algorithm using the
+ * </i>SHA-1</i> message digest algorithm can be specified, for example, as
+ * <code>"SHA/DSA"</code> or <code>"SHA-1/DSA"</code> (they are equivalent). In
+ * the case of <i>RSA</i>, there are multiple choices for the message digest
+ * algorithm, so the signing algorithm could be specified as, for example,
+ * <code>"MD2/RSA"</code>, <code>"MD5/RSA"</code> or <code>"SHA-1/RSA"</code>.
+ * The algorithm name must be specified, as there is no default.</p>
+ *
+ * <p>The name of the Cryptography Package Provider is designated also by the
+ * {@link Signature} parameter to the <code>constructor</code> and the <code>
+ * verify()</code> method. If the provider is not specified, the default
+ * provider is used. Each installation can be configured to use a particular
+ * provider as default.</p>
+ *
+ * <p>Potential applications of <code>SignedObject</code> include:</p>
+ *
+ * <ul>
+ *  <li>It can be used internally to any Java runtime as an unforgeable
+ *  authorization token -- one that can be passed around without the fear that
+ *  the token can be maliciously modified without being detected.</li>
+ *  <li>It can be used to sign and serialize data/object for storage outside the
+ *  Java runtime (e.g., storing critical access control data on disk).</li>
+ *  <li>Nested <i>SignedObjects</i> can be used to construct a logical sequence
+ *  of signatures, resembling a chain of authorization and delegation.</li>
+ * </ul>
+ *
+ * @author Mark Benvenuto <ivymccough@worldnet.att.net>
+ * @since 1.2
+ * @see Signature
  */
 public final class SignedObject implements Serializable
 {
   static final long serialVersionUID = 720502720485447167L;
 
+  /** @serial */
   private byte[] content;
+  /** @serial */
   private byte[] signature;
+  /** @serial */
   private String thealgorithm;
 
   /**
-     Constructs a new SignedObject from a Serializeable object. The 
-     object is signed with private key and signature engine
-
-     @param object the object to sign
-     @param signingKey the key to sign with
-     @param signingEngine the signature engine to use
-
-     @throws IOException serialization error occurred
-     @throws InvalidKeyException invalid key
-     @throws SignatureException signing error
+   * Constructs a <code>SignedObject</code> from any {@link Serializable}
+   * object. The given object is signed with the given signing key, using the
+   * designated signature engine.
+   *
+   * @param object the object to be signed.
+   * @param signingKey the private key for signing.
+   * @param signingEngine the signature signing engine.
+   * @throws IOException if an error occurs during serialization.
+   * @throws InvalidKeyException if the key is invalid.
+   * @throws SignatureException if signing fails.
    */
   public SignedObject(Serializable object, PrivateKey signingKey,
-		      Signature signingEngine) throws IOException,
-    InvalidKeyException, SignatureException
+		      Signature signingEngine)
+    throws IOException, InvalidKeyException, SignatureException
   {
     thealgorithm = signingEngine.getAlgorithm();
 
@@ -107,6 +160,7 @@ public final class SignedObject implements Serializable
     ObjectOutputStream p = new ObjectOutputStream(ostream);
     p.writeObject(object);
     p.flush();
+    p.close();
 
     content = ostream.toByteArray();
 
@@ -116,35 +170,39 @@ public final class SignedObject implements Serializable
   }
 
   /**
-     Returns the encapsulated object. The object is 
-     de-serialized before being returned.
-
-     @return the encapsulated object
-
-     @throws IOException de-serialization error occurred
-     @throws ClassNotFoundException de-serialization error occurred
+   * Retrieves the encapsulated object. The encapsulated object is de-serialized
+   * before it is returned.
+   *
+   * @return the encapsulated object.
+   * @throws IOException if an error occurs during de-serialization.
+   * @throws ClassNotFoundException if an error occurs during de-serialization.
    */
   public Object getObject() throws IOException, ClassNotFoundException
   {
-    ByteArrayInputStream istream = new ByteArrayInputStream(content);
+    ByteArrayInputStream bais = new ByteArrayInputStream(content);
+    ObjectInput oi = new ObjectInputStream(bais);
+    Object obj = oi.readObject();
+    oi.close();
+    bais.close();
 
-    return new ObjectInputStream(istream).readObject();
+    return obj;
   }
 
   /**
-     Returns the signature of the encapsulated object.
-
-     @return a byte array containing the signature
+   * Retrieves the signature on the signed object, in the form of a byte array.
+   *
+   * @return a copy of the signature.
    */
   public byte[] getSignature()
   {
-    return signature;
+    return (byte[]) signature.clone();
+
   }
 
   /**
-     Returns the name of the signature algorithm.
-
-     @return the name of the signature algorithm.
+   * Retrieves the name of the signature algorithm.
+   *
+   * @return the signature algorithm name.
    */
   public String getAlgorithm()
   {
@@ -152,28 +210,31 @@ public final class SignedObject implements Serializable
   }
 
   /**
-     Verifies the SignedObject by checking that the signature that 
-     this class contains for the encapsulated object.
-
-     @param verificationKey the public key to use
-     @param verificationEngine the signature engine to use
-
-     @return true if signature is correct, false otherwise
-
-     @throws InvalidKeyException invalid key
-     @throws SignatureException signature verification failed
+   * Verifies that the signature in this <code>SignedObject</code> is the valid
+   * signature for the object stored inside, with the given verification key,
+   * using the designated verification engine.
+   *
+   * @param verificationKey the public key for verification.
+   * @param verificationEngine the signature verification engine.
+   * @return <code>true</code> if the signature is valid, <code>false</code>
+   * otherwise.
+   * @throws SignatureException if signature verification failed.
+   * @throws InvalidKeyException if the verification key is invalid.
    */
-  public boolean verify(PublicKey verificationKey,
-			Signature verificationEngine) throws
-    InvalidKeyException, SignatureException
+  public boolean verify(PublicKey verificationKey, Signature verificationEngine)
+    throws InvalidKeyException, SignatureException
   {
     verificationEngine.initVerify(verificationKey);
     verificationEngine.update(content);
     return verificationEngine.verify(signature);
   }
 
-  //     readObject is called to restore the state of the SignedObject from a
-  //     stream.
-  //private void readObject(ObjectInputStream s)
-  //                 throws IOException, ClassNotFoundException
+  /** Called to restore the state of the SignedObject from a stream. */
+  private void readObject(ObjectInputStream s)
+    throws IOException, ClassNotFoundException
+  {
+    s.defaultReadObject();
+    content = (byte[]) content.clone();
+    signature = (byte[]) signature.clone();
+  }
 }