This class applies a digital signature to any serializable Java object. Create a SignedObject by specifying the object to be signed, the PrivateKey to use for the signature, and the Signature object to create the signature. The SignedObject( ) constructor serializes the specified object into an array of bytes and creates a digital signature for those bytes.

After creation, a SignedObject is itself typically serialized for storage or transmission to another Java thread or process. Once the SignedObject is reconstituted, the integrity of the object it contains can be verified by calling verify( ) and supplying the PublicKey of the signer and a Signature that performs the verification. Whether or not verification is performed or is successful, getObject( ) can be called to deserialize and return the wrapped object.

Figure 14-41. java.security.SignedObject

public final class SignedObject implements Serializable {
// Public Constructors
     public SignedObject(Serializable object, PrivateKey signingKey, 
        Signature signingEngine) 
        throws java.io.IOException, InvalidKeyException, SignatureException;  
// Public Instance Methods
     public String getAlgorithm( );  
     public Object getObject( ) throws java.io.IOException, 
        ClassNotFoundException;  
     public byte[ ] getSignature( );  
     public boolean verify(PublicKey verificationKey, 
        Signature verificationEngine) 
        throws InvalidKeyException, SignatureException;  
}