|
|||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
public interface Verifier
This is the interface for verification of signatures on various objects. It implies that the underlying implementation can operate on a certificate storage to retrieve certificates. However, the implementations must assume that during the verification process the whole certification path can be passed to the verifier. Such separation makes the push model possible.
Some implementations may support the push model only (don't return anything on getVerificationCertificates), but the callers need to be aware of that.
Method Summary | |
---|---|
PKCRepository |
getPKCRepository()
gets the repository that will be used to retrieve user's signature verification Public Key Certificates. |
java.security.cert.X509Certificate[] |
getRootCAs()
This method returns the array of PKCs of multiple roots of trust. |
java.security.cert.X509Certificate[] |
getVerificationCertificates(TokenLocator signerName)
This method allows the caller to obtain all verification certificates that the Verifier can obtain using its own means. |
boolean |
verify(byte[] data,
byte[] signature,
java.lang.String algorithmID,
java.security.cert.X509Certificate[] certs)
This method lets to verify the given signature of the data byte array. |
Method Detail |
---|
boolean verify(byte[] data, byte[] signature, java.lang.String algorithmID, java.security.cert.X509Certificate[] certs) throws SecurityException
The caller must supply all certificates that are relevant to the signer and issuers of that certificate, putting the certificate of the signer the first in the array of certificates. The implementations may retrieve insufficient data (roots of trust, certificate repositories, CRLs) by whatever means available to them; these means are not specified by this interface.
It is up to the Verifier to ensure the certificates are not revoked.
data
- is the byte array of the signed datasignature
- is the byte array of the signaturecerts
- is the array of certificates available to the caller; the first
certificate is the one used for verifying the signature, the rest will
be used to verify the certification path
SecurityException
- if a definite decision cannot be derivedjava.security.cert.X509Certificate[] getVerificationCertificates(TokenLocator signerName) throws SecurityException
signerName
- is the name of the signer of the data - the name of the
holder of the verification certificates to return, and the locator
of holder's PKCs
SecurityException
- if the result cannot be deliveredjava.security.cert.X509Certificate[] getRootCAs()
PKCRepository getPKCRepository()
|
|||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |