Page History

...

Code Block

bgColor	#FFcccc

class SimpleObject&lt;E,V&gt;SimpleObject<E,V> implements Serializable {
  final static long serialVersionUID = -2648720192864531932L;
  private HashMap&lt;E,V&gt;HashMap<E,V> ssnMap;
  
  public SimpleObject() {
    ssnMap = new HashMap&lt;E,V&gt;HashMap<E,V>();
  }

  public Object getdata(E key)  {
    return ssnMap.get(key);
  }

  public void setData(E key, V data)  {
    ssnMap.put(key, data);
  }
}

...

Code Block

bgColor	#ccccff

class SignSealUtility&lt;E,V&gt;SignSealUtility<E,V> implements Serializable {
  final static long serialVersionUID = 2648720192864531932L;
  private HashMap&lt;E,V&gt;HashMap<E,V> ssnMap;
  private SealedObject sealedSsnMap;
  private SignedObject signedSsnMap;
  
  public SignSealUtility() {
    ssnMap = new HashMap&lt;E,V&gt;HashMap<E,V>();
  }

  public void seal(Cipher cipher) throws Exception {
    sealedSsnMap = new SealedObject(ssnMap, cipher);
    // Now set the Map to null so that original data does not remain in cleartext
    ssnMap = null; 
  }

  public void unseal(Cipher cipher) throws Exception {
    ssnMap = (HashMap&lt;E,V&gt;HashMap<E,V>)sealedSsnMap.getObject(cipher);
  }
  
  public void sign(Signature sig, PrivateKey key) throws Exception {
    signedSsnMap = new SignedObject(ssnMap, key, sig);
    ssnMap = null;
  }

  public void unsign(Signature sig, PublicKey key) throws Exception {
    if(signedSsnMap.verify(key, sig)) {
      ssnMap = (HashMap&lt;E,V&gt;HashMap<E,V>)signedSsnMap.getObject();
    }
  }

  public Object getdata(E key) throws Exception {
    return ssnMap.get(key);
  }
 
  public void setData(E key, V data) throws Exception {
    ssnMap.put(key, data);
  }
}

...

Wiki Markup

\[[API 06|AA. Java References#API 06]\] 
\[[Steel 05|AA. Java References#Steel 05]\] Chapter 10: Securing the Business Tier, Obfuscated Transfer Object
\[[Gong 03|AA. Java References#Gong 03]\] 9.10 Sealing Objects
\[[Harold 99|AA. Java References#Harold 99]\] Chapter 11: Object Serialization, Sealed Objects 
\[[Neward 04|AA. Java References#Neward 04]\] Item 64: Use SignedObject to provide integrity of Serialized objects and Item 65: Use SealedObject to provide confidentiality of Serializable objects
\[[MITRE 09|AA. Java References#MITRE 09]\] [CWE ID 319|http://cwe.mitre.org/data/definitions/319.html] &quot;"Cleartext Transmission of Sensitive Information&quot;"

...

SEC05-J. Minimize accessibility of classes and their members       02. Platform Security (SEC)       SEC07-J. Do not grant untrusted code access to classes existing in forbidden packages

Space shortcuts

Page tree

Versions Compared

Old Version 20

New Version 21

Key