issrg.pba.rbac
Interface SignatureVerifier

All Known Implementing Classes:
PermisAuthorizationService, PermisAuthzServiceImpl, PermisPDP, PermisPDP, PTBSignatureVerifier, SamplePKI, SamplePKI, SamplePKI, SimplePermisPDP, SimplePERMISSignatureVerifier, SimpleSignatureVerifier, XMLSignatureVerifier

public interface SignatureVerifier

This abstract class is the wrapper for the cryptographic functionality required to validate digital signatures.

Note that this somewhat duplicates the other interface, issrg.security.Verifier. This double wrapping allows to integrate the signature verification at different levels. SignatureVerifier interface has smaller demands, e.g. it does not require the underlying implementation to have access to the actual Verification Certificates, whilst the issrg.security.Verifier requires the implementation to be able to provide the signature verification certificates. The Verifier interface is more generic, but may be harder to implement.

Version:
0.2
Author:
A Otenko, E Ball, D W Chadwick

Method Summary
 boolean checkSignature(byte[] Value, byte[] Signature, java.lang.String algorithmID, TokenLocator Signer)
          This method checks if the Signature for the given Value has been created by the Signer.
 

Method Detail

checkSignature

boolean checkSignature(byte[] Value,
                       byte[] Signature,
                       java.lang.String algorithmID,
                       TokenLocator Signer)
                       throws PkiException
This method checks if the Signature for the given Value has been created by the Signer. It is the responsibility of this object to fetch any relevant CRLs, or call an OCSP server or any other method to ensure that the public key of the Signer has not been revoked. It is also the responsibility of this object to fetch the public key certificate of the signer, and to follow the certification path back to its root of trust. If the signer is not certified directly or indirectly beneath the root or roots of trust that the PKI knows about, then it must fail to verify the signature.

Parameters:
Value - is the byte array that had been signed
Signature - is the byte array of the resulting signature
algorithmID - is the String representation (dotted form) of the object identifier of the algorithm used for signing
Signer - is the TokenLocator of the signer
Returns:
true, if there is a valid non-revoked PKI token, which proves the signature is valid; false otherwise
Throws:
PkiException - if any unrecoverable error occurs