Name

SignedObject

Synopsis

This class applies a digital signature to any serializable Java object. Create a SignedObject by specifying the object to be signed, the PrivateKey to use for the signature, and the Signature object to create the signature. The SignedObject( ) constructor serializes the specified object into an array of bytes and creates a digital signature for those bytes.

After creation, a SignedObject is itself typically serialized for storage or transmission to another Java thread or process. Once the SignedObject is reconstituted, the integrity of the object it contains can be verified by calling verify( ) and supplying the PublicKey of the signer and a Signature that performs the verification. Whether or not verification is performed or is successful, getObject( ) can be called to deserialize and return the wrapped object.

java.security.SignedObject

Figure 14-41. java.security.SignedObject

public final class SignedObject implements Serializable {
// Public Constructors
     public SignedObject(Serializable object, PrivateKey signingKey, 
        Signature signingEngine) 
        throws java.io.IOException, InvalidKeyException, SignatureException;  
// Public Instance Methods
     public String getAlgorithm( );  
     public Object getObject( ) throws java.io.IOException, 
        ClassNotFoundException;  
     public byte[ ] getSignature( );  
     public boolean verify(PublicKey verificationKey, 
        Signature verificationEngine) throws InvalidKeyException, ...

Get Java in a Nutshell, 5th Edition now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.