SignedObject

This class applies a digital signature to any serializable Java object. Create a SignedObject by specifying the object to be signed, the PrivateKey to use for the signature, and the Signature object to create the signature. The SignedObject( ) constructor serializes the specified object into an array of bytes and creates a digital signature for those bytes.

After creation, a SignedObject is itself typically serialized for storage or transmission to another Java thread or process. Once the SignedObject is reconstituted, the integrity of the object it contains can be verified by calling verify( ) and supplying the PublicKey of the signer and a Signature that performs the verification. Whether or not verification is performed or is successful, getObject( ) can be called to deserialize and return the wrapped object.

Figure 14-41. java.security.SignedObject

 public final class  SignedObject  implements Serializable {  // Public Constructors  public  SignedObject  (Serializable  object  , PrivateKey  signingKey  ,          Signature  signingEngine  )          throws java.io.IOException, InvalidKeyException, SignatureException;  // Public Instance Methods  public String  getAlgorithm  ( );        public Object  getObject  ( ) throws java.io.IOException,          ClassNotFoundException;        public byte[ ]  getSignature  ( );        public boolean  verify  (PublicKey  verificationKey  ,          Signature  verificationEngine  )          throws InvalidKeyException, SignatureException;   }