Class SealedObject
- All Implemented Interfaces:
- Serializable
 Given any Serializable object, one can create a
 SealedObject that encapsulates the original object, in serialized
 format (i.e., a "deep copy"), and seals (encrypts) its serialized contents,
 using a cryptographic algorithm such as AES, to protect its
 confidentiality.  The encrypted content can later be decrypted (with
 the corresponding algorithm using the correct decryption key) and
 de-serialized, yielding the original object.
 
 Note that the Cipher object must be fully initialized with
 the correct algorithm, key, padding scheme, etc., before being applied
 to a SealedObject.
 
The original object that was sealed can be recovered in two different ways:
- by using the getObjectmethod that takes aCipherobject.This method requires a fully initialized Cipherobject, initialized with the exact same algorithm, key, padding scheme, etc., that were used to seal the object.This approach has the advantage that the party who unseals the sealed object does not require knowledge of the decryption key. For example, after one party has initialized the cipher object with the required decryption key, it could hand over the cipher object to another party who then unseals the sealed object. 
- by using one of the
 getObjectmethods that take aKeyobject.In this approach, the getObjectmethod creates a cipher object for the appropriate decryption algorithm and initializes it with the given decryption key and the algorithm parameters (if any) that were stored in the sealed object.This approach has the advantage that the party who unseals the object does not need to keep track of the parameters (e.g., an IV) that were used to seal the object. 
- Since:
- 1.4
- See Also:
- 
Field SummaryFieldsModifier and TypeFieldDescriptionprotected byte[]The cryptographic parameters used by the sealingCipherobject, encoded in the default format.
- 
Constructor SummaryConstructorsModifierConstructorDescriptionSealedObject(Serializable object, Cipher c) Constructs aSealedObjectfrom anySerializableobject.protectedConstructs aSealedObjectobject from the passed-inSealedObject.
- 
Method Summary
- 
Field Details- 
encodedParamsprotected byte[] encodedParamsThe cryptographic parameters used by the sealingCipherobject, encoded in the default format.That is, Cipher.getParameters().getEncoded().
 
- 
- 
Constructor Details- 
SealedObjectConstructs aSealedObjectfrom anySerializableobject.The given object is serialized, and its serialized contents are encrypted using the given Cipherobject, which must be fully initialized.Any algorithm parameters that may be used in the encryption operation are stored inside the new SealedObject.- Parameters:
- object- the object to be sealed; can be- null.
- c- the cipher used to seal the object.
- Throws:
- NullPointerException- if the given cipher is- null.
- IOException- if an error occurs during serialization
- IllegalBlockSizeException- if the given cipher is a block cipher, no padding has been requested, and the total input length (i.e., the length of the serialized object contents) is not a multiple of the cipher's block size
 
- 
SealedObjectConstructs aSealedObjectobject from the passed-inSealedObject.- Parameters:
- so- a- SealedObjectobject
- Throws:
- NullPointerException- if the given sealed object is- null.
 
 
- 
- 
Method Details- 
getAlgorithmReturns the algorithm that was used to seal this object.- Returns:
- the algorithm that was used to seal this object.
 
- 
getObjectpublic final Object getObject(Key key) throws IOException, ClassNotFoundException, NoSuchAlgorithmException, InvalidKeyException Retrieves the original (encapsulated) object.This method creates a cipher for the algorithm that had been used in the sealing operation. If the default provider package provides an implementation of that algorithm, a Cipherobject containing that implementation is used. If the algorithm is not available in the default package, other packages are searched. TheCipherobject is initialized for decryption, using the givenkeyand the parameters (if any) that had been used in the sealing operation.The encapsulated object is unsealed and de-serialized, before it is returned. - Parameters:
- key- the key used to unseal the object.
- Returns:
- the original object.
- Throws:
- IOException- if an error occurs during de-serialization.
- ClassNotFoundException- if an error occurs during de-serialization.
- NoSuchAlgorithmException- if the algorithm to unseal the object is not available.
- InvalidKeyException- if the given key cannot be used to unseal the object (e.g., it has the wrong algorithm).
- NullPointerException- if- keyis null.
 
- 
getObjectpublic final Object getObject(Cipher c) throws IOException, ClassNotFoundException, IllegalBlockSizeException, BadPaddingException Retrieves the original (encapsulated) object.The encapsulated object is unsealed (using the given Cipherobject, assuming that theCipherobject is already properly initialized) and de-serialized, before it is returned.- Parameters:
- c- the cipher used to unseal the object
- Returns:
- the original object.
- Throws:
- NullPointerException- if the given cipher is- null.
- IOException- if an error occurs during de-serialization
- ClassNotFoundException- if an error occurs during de-serialization
- IllegalBlockSizeException- if the given cipher is a block cipher, no padding has been requested, and the total input length is not a multiple of the cipher's block size
- BadPaddingException- if the given cipher has been initialized for decryption, and padding has been specified, but the input data does not have proper expected padding bytes
 
- 
getObjectpublic final Object getObject(Key key, String provider) throws IOException, ClassNotFoundException, NoSuchAlgorithmException, NoSuchProviderException, InvalidKeyException Retrieves the original (encapsulated) object.This method creates a cipher for the algorithm that had been used in the sealing operation, using an implementation of that algorithm from the given provider. TheCipherobject is initialized for decryption, using the givenkeyand the parameters (if any) that had been used in the sealing operation.The encapsulated object is unsealed and de-serialized, before it is returned. - Parameters:
- key- the key used to unseal the object.
- provider- the name of the provider of the algorithm to unseal the object.
- Returns:
- the original object.
- Throws:
- IllegalArgumentException- if the given provider is- nullor empty.
- IOException- if an error occurs during de-serialization.
- ClassNotFoundException- if an error occurs during de-serialization.
- NoSuchAlgorithmException- if the algorithm to unseal the object is not available.
- NoSuchProviderException- if the given provider is not configured.
- InvalidKeyException- if the given key cannot be used to unseal the object (e.g., it has the wrong algorithm).
- NullPointerException- if- keyis null.
 
 
-