...
| Code Block | ||
|---|---|---|
| ||
class SerializableMap<K,V> implements Serializable {
// other fields and methods...
private SignedObject signedMap;
public void sign(Signature sig, PrivateKey key)
throws IOException, GeneralSecurityException {
signedMap = new SignedObject( map, key, sig);
map = null;
}
public void unsign(Signature sig, PublicKey key)
throws IOException, GeneralSecurityException, ClassNotFoundException {
if (signedMap.verify(key, sig)) {
map = (HashMap<K,V>) signedMap.getObject();
signedMap = null;
}
}
private SealedObject sealedMap;
public void seal(Cipher cipher)
throws IOException, IllegalBlockSizeException {
sealedMap = new SealedObject(signedMap, cipher);
// Now set the Map to null so that original data does not remain in cleartext
signedMap = null;
}
public void unseal(Cipher cipher)
throws IOException, GeneralSecurityException, ClassNotFoundException {
signedMap = (SignedObject) sealedMap.getObject(cipher);
sealedMap = null;
}
}
|
Finally, refrain from signing encrypted (sealed) data. (See guideline SEC17-J. Create and sign a SignedObject before creating a SealedObject.)
Risk Assessment
Failure to sign and/or seal objects during transit can lead to loss of object integrity or confidentiality.
...