|
||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
This is the interface for verification of signatures on various objects. It implies that the underlying implementation can operate on a certificate storage to retrieve certificates. However, the implementations must assume that during the verification process the whole certification path can be passed to the verifier. Such separation makes the push model possible.
Some implementations may support the push model only (don't return anything on getVerificationCertificates), but the callers need to be aware of that.
Method Summary | |
java.security.cert.X509Certificate[] |
getVerificationCertificates(TokenLocator signerName)
This method allows the caller to obtain all verification certificates that the Verifier can obtain using its own means. |
boolean |
verify(byte[] data,
byte[] signature,
java.lang.String algorithmID,
java.security.cert.X509Certificate[] certs)
This method lets to verify the given signature of the data byte array. |
Method Detail |
public boolean verify(byte[] data, byte[] signature, java.lang.String algorithmID, java.security.cert.X509Certificate[] certs) throws SecurityException
The caller must supply all certificates that are relevant to the signer and issuers of that certificate, putting the certificate of the signer the first in the array of certificates. The implementations may retrieve insufficient data (roots of trust, certificate repositories, CRLs) by whatever means available to them; these means are not specified by this interface.
It is up to the Verifier to ensure the certificates are not revoked.
data
- is the byte array of the signed datasignature
- is the byte array of the signaturecerts
- is the array of certificates available to the caller; the first
certificate is the one used for verifying the signature, the rest will
be used to verify the certification path
SecurityException
- if a definite decision cannot be derivedpublic java.security.cert.X509Certificate[] getVerificationCertificates(TokenLocator signerName) throws SecurityException
signerName
- is the name of the signer of the data - the name of the
holder of the verification certificates to return, and the locator
of holder's PKCs
SecurityException
- if the result cannot be delivered
|
||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |