|
||||||||||
| PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
| SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD | |||||||||
The interface of the object that is able to verify signature represented by
the tokenizer. The implement of this interface may be obtained using
SignatureFactory class:
SignatureVerifier verifier = SignatureFactory.getInstance().getSignatureVerifier();
If the signature contains public key or certificate (for example, signed by
RSA private key and certificate), use method verify(Tokenizer signature, Tokenizer source).
In the other case (for example, signed by HMAC method), use method
verify(Tokenizer signature, Tokenizer source, javax.crypto.SecretKey secretKey)
instead to verify signature.
Example of verifying signature:
Tokenizer sign;
Tokenizer dataSource;
...
// sign and dataSource must be obtained and set here
...
boolean verified = SignatureFactory.getInstance().getSignatureVerifier().verify(sign, dataSource);
if(verified){
System.out.println("OK, verifying signature passed");
}
else{
System.out.println("ERR, verifying signature not passed!!!");
}
Note:If KeyContent uses X509Certificate, this certificate must be
added to the PStore as a trusted certificate before verifying a signature, if not verifying
fails.
If application doesn't want to check trusted certificates, it may perform the following steps:
SignatureVerifier ver = org.idoox.xml.security.SignatureFactory.getInstance().getSignatureVerifier();
Map prop = new HashMap();
prop.put(KeyContent.NO_CHECK_TRUSTED_CERTIFICATE, "true");
ver.setKeyContentData(KeyContent.ALL_KEYCONTENTS, prop);
| Method Summary | |
java.security.cert.Certificate[] |
getCertificates()
Returns certificate array contained in the verified signature. |
void |
setKeyContentData(QName keyContentName,
java.util.Map keyContentData)
This method is used to set the default document that is neccessary URIelements or attributes are
fragment without path. |
boolean |
verify(Tokenizer signature,
Tokenizer source)
Verifies signature with the given data source. |
boolean |
verify(Tokenizer signature,
Tokenizer source,
javax.crypto.SecretKey secretKey)
Verifies signature with the given data source. |
boolean |
verifyEnvelopedSignature(Tokenizer source)
The helper method to verify signature, it's sole reference has enveloped transform. |
| Method Detail |
public boolean verify(Tokenizer signature,
Tokenizer source)
signature - a given signature.source - a given source.
public boolean verify(Tokenizer signature,
Tokenizer source,
javax.crypto.SecretKey secretKey)
signature - a given signature.source - a given source.secretKey - a secret key (HMAC algorithm).
public void setKeyContentData(QName keyContentName,
java.util.Map keyContentData)
URIelements or attributes are
fragment without path.
Sets KeyContent associates with a given keyContentName to the KeyInfo
element If KeyContent is RSA, DSA or X509Certificate, keyContentData
might be null. If KeyContent is LicenseLocation, keyContentData must
contains a pair {KeyContent.LICENSE_LOCATION_DEFFAULT_DOCUMENT,
Tokenizer object}. If KeyContent is some other type, the neccessary
information may be put into keyContentData map.
keyContentName - The new KeyContentData valuekeyContentData - The new KeyContentData valuepublic java.security.cert.Certificate[] getCertificates()
public boolean verifyEnvelopedSignature(Tokenizer source)
source - the data source that contains enveloped signature
|
||||||||||
| PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
| SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD | |||||||||