* Given any Serializable object, one can create a SealedObject * that encapsulates the original object, in serialized * format (i.e., a "deep copy"), and seals (encrypts) its serialized contents, * using a cryptographic algorithm such as DES, to protect its * confidentiality. The encrypted content can later be decrypted (with * the corresponding algorithm using the correct decryption key) and * de-serialized, yielding the original object. * *
* Note that the Cipher object must be fully initialized with the * correct algorithm, key, padding scheme, etc., before being applied * to a SealedObject. * *
* The original object that was sealed can be recovered in two different * ways: *
* *
Cipher object.
*
*
* This method requires a fully initialized Cipher object,
* initialized with the
* exact same algorithm, key, padding scheme, etc., that were used to seal the
* object.
*
*
* This approach has the advantage that the party who unseals the * sealed object does not require knowledge of the decryption key. For example, * after one party has initialized the cipher object with the required * decryption key, it could hand over the cipher object to * another party who then unseals the sealed object. * *
* *
Key object.
*
* In this approach, the getObject method creates a cipher
* object for the appropriate decryption algorithm and initializes it with the
* given decryption key and the algorithm parameters (if any) that were stored
* in the sealed object.
*
*
This approach has the advantage that the party who * unseals the object does not need to keep track of the parameters (e.g., an * IV) that were used to seal the object. * *
* The given object is serialized, and its serialized contents are * encrypted using the given Cipher, which must be fully initialized. *
* Any algorithm parameters that may be used in the encryption
* operation are stored inside of the new SealedObject.
*
* @param object the object to be sealed.
* @param c the cipher used to seal the object.
* @exception IOException if an error occurs during serialization
* @exception IllegalBlockSizeException if the given cipher is a block
* cipher, no padding has been requested, and the total input length
* (i.e., the length of the serialized object contents) is not a multiple
* of the cipher's block size
*/
public SealedObject(
Serializable object,
Cipher c)
throws IOException, IllegalBlockSizeException
{
ByteArrayOutputStream bOut = new ByteArrayOutputStream();
ObjectOutputStream oOut = new ObjectOutputStream(bOut);
oOut.writeObject(object);
oOut.close();
byte[] encodedObject = bOut.toByteArray();
if (c == null)
{
throw new IllegalArgumentException("cipher object is null!");
}
try
{
this.encryptedContent = c.doFinal(encodedObject);
}
catch (BadPaddingException e)
{
// should not happen
throw new IOException(e.getMessage());
}
this.sealAlg = c.getAlgorithm();
AlgorithmParameters params = c.getParameters();
if ( params != null )
{
this.encodedParams = params.getEncoded();
this.paramsAlg = params.getAlgorithm();
}
}
/**
* Constructs a SealedObject object from the passed-in SealedObject.
*
* @param so a SealedObject object
*/
protected SealedObject(SealedObject so)
{
super();
if (so.encodedParams != null)
{
this.encodedParams = (byte[]) so.encodedParams.clone();
}
if (so.encryptedContent != null)
{
this.encryptedContent = (byte[]) so.encryptedContent.clone();
}
this.paramsAlg = so.paramsAlg;
this.sealAlg = so.sealAlg;
}
/**
* Returns the algorithm that was used to seal this object.
*
* @return the algorithm that was used to seal this object.
*/
public final String getAlgorithm()
{
return sealAlg;
}
/**
* Retrieves the original (encapsulated) object.
*
* This method creates a cipher for the algorithm that had been used in
* the sealing operation.
* If the default provider package provides an implementation of that
* algorithm, an instance of Cipher containing that implementation is used.
* If the algorithm is not available in the default package, other
* packages are searched.
* The Cipher object is initialized for decryption, using the given
* key and the parameters (if any) that had been used in the
* sealing operation.
*
* The encapsulated object is unsealed and de-serialized, before it is * returned. * * @param key the key used to unseal the object. * @return the original object. * @exception IOException if an error occurs during de-serialiazation. * @exception ClassNotFoundException if an error occurs during de-serialiazation. * @exception NoSuchAlgorithmException if the algorithm to unseal the object is not available. * @exception InvalidKeyException if the given key cannot be used to unseal * the object (e.g., it has the wrong algorithm). */ public final Object getObject( Key key) throws IOException, ClassNotFoundException, NoSuchAlgorithmException, InvalidKeyException { if (key == null) { throw new IllegalArgumentException("key object is null!"); } try { return getObject(key, null); } catch (NoSuchProviderException e) { throw new NoSuchAlgorithmException(e.getMessage()); } } /** * Retrieves the original (encapsulated) object. *
* The encapsulated object is unsealed (using the given Cipher, * assuming that the Cipher is already properly initialized) and * de-serialized, before it is returned. * * @param c the cipher used to unseal the object * @return the original object. * @exception IOException if an error occurs during de-serialiazation * @exception ClassNotFoundException if an error occurs during de-serialiazation * @exception IllegalBlockSizeException if the given cipher is a block * cipher, no padding has been requested, and the total input length is * not a multiple of the cipher's block size * @exception BadPaddingException if the given cipher has been * initialized for decryption, and padding has been specified, but * the input data does not have proper expected padding bytes */ public final Object getObject( Cipher c) throws IOException, ClassNotFoundException, IllegalBlockSizeException, BadPaddingException { if (c == null) { throw new IllegalArgumentException("cipher object is null!"); } byte[] encodedObject = c.doFinal(encryptedContent); ObjectInputStream oIn = new ObjectInputStream( new ByteArrayInputStream(encodedObject)); return oIn.readObject(); } /** * Retrieves the original (encapsulated) object. *
* This method creates a cipher for the algorithm that had been used in
* the sealing operation, using an implementation of that algorithm from
* the given provider.
* The Cipher object is initialized for decryption, using the given
* key and the parameters (if any) that had been used in the
* sealing operation.
*
* The encapsulated object is unsealed and de-serialized, before it is * returned. * * @param key the key used to unseal the object. * @param provider the name of the provider of the algorithm to unseal * the object. * @return the original object. * @exception IOException if an error occurs during de-serialiazation. * @exception ClassNotFoundException if an error occurs during * de-serialization. * @exception NoSuchAlgorithmException if the algorithm to unseal the * object is not available. * @exception NoSuchProviderException if the given provider is not * configured. * @exception InvalidKeyException if the given key cannot be used to unseal * the object (e.g., it has the wrong algorithm). */ public final Object getObject( Key key, String provider) throws IOException, ClassNotFoundException, NoSuchAlgorithmException, NoSuchProviderException, InvalidKeyException { if (key == null) { throw new IllegalArgumentException("key object is null!"); } Cipher cipher = null; try { if ( provider != null ) { cipher = Cipher.getInstance(sealAlg, provider); } else { cipher = Cipher.getInstance(sealAlg); } } catch (NoSuchPaddingException e) { throw new NoSuchAlgorithmException(e.getMessage()); } if ( paramsAlg == null ) { cipher.init(Cipher.DECRYPT_MODE, key); } else { AlgorithmParameters algParams = AlgorithmParameters.getInstance(paramsAlg); algParams.init(encodedParams); try { cipher.init(Cipher.DECRYPT_MODE, key, algParams); } catch (InvalidAlgorithmParameterException e) { throw new IOException(e.getMessage()); } } try { return getObject(cipher); } catch (BadPaddingException e) { throw new IOException(e.getMessage()); } catch (IllegalBlockSizeException e2) { throw new IOException(e2.getMessage()); } } }