This
class applies a digital signature to any
serializable Java object. Create a
SignedObject by specifying the object to be
signed, the PrivateKey to use for the signature,
and the Signature object to create the signature.
The SignedObject( ) constructor serializes the
specified object into an array of bytes and creates a digital
signature for those bytes.
After
creation, a SignedObject is itself typically
serialized for storage or transmission to another Java thread or
process. Once the SignedObject is reconstituted,
the integrity of the object it contains can be verified by calling
verify( ) and supplying the
PublicKey of the signer and a
Signature that performs the verification. Whether
or not verification is performed or is successful,
getObject( ) can be called to deserialize and
return the wrapped object.
Figure 14-41. java.security.SignedObject
public final class
SignedObject implements Serializable {
// Public Constructors
public
SignedObject (Serializable
object , PrivateKey
signingKey ,
Signature
signingEngine )
throws java.io.IOException, InvalidKeyException, SignatureException;
// Public Instance Methods
public String
getAlgorithm ( );
public Object
getObject ( ) throws java.io.IOException,
ClassNotFoundException;
public byte[ ]
getSignature ( );
public boolean
verify (PublicKey
verificationKey ,
Signature
verificationEngine )
throws InvalidKeyException, SignatureException;
}