Although most of the data for a remote call is transmitted in band as part of the call itself, code is downloaded out of band, based on codebase URLs that are transmitted in band. For a remote call to have integrity, the out-of-band code as well as the in-band data must have integrity. A proxy implementation that provides for integrity must ensure the integrity of both code and data.
Code signing is difficult to use for this purpose if the classes span more than a single package (because individual files are signed rather than the entire JAR file being signed, and the only automatic enforcement is that classes in a single package all have the same signers), or if the code references bundled resources (because there is no way to determine the signers of a resource). A better technique is to use codebase URLs that provide content integrity, such as HTTPMD or HTTPS URLs. If integrity-protecting codebase URLs are used, and the URLs themselves are sent as part of the integrity-protected in-band data, the result is complete object integrity. Because out-of-band communication is used, integrity-protecting URLs must either contain sufficient information to independently verify integrity (as is the case with HTTPMD URLs), or must contain sufficient information to authenticate the origin of the content and use sufficient means to maintain content integrity in transit (as is the case with HTTPS URLs).
Serialization for this class is guaranteed to produce instances that are comparable with ==.
@author Sun Microsystems, Inc.
@see net.jini.security.Security#verifyCodebaseIntegrity Security.verifyCodebaseIntegrity
@since 2.0
| |