issrg.test.ptb
Class PTBSignatureVerifier

java.lang.Object
  issrg.test.ptb.PTBSignatureVerifier

All Implemented Interfaces:

SignatureVerifier

public class PTBSignatureVerifier
extends java.lang.Object
implements SignatureVerifier

This class implements the SignatureVerifier interface and provides the following mechanisms:

• Verification of the self-signed CA certificate
• Veritication of the X.509 identity certificates related to the different SOAs involved in the application scenario
• Verification of the digital signature of the different attribute certificates related to end users. Those certificates are checked using the public key contained in the X.509 identity certificate related to the corresponding SOA.

This class assumes that:

• Identity certificates of the different SOAs are issued by the self-signed CA (no subordinate CAs are used)
• SOAs are the only issuers of the ACs (no subordinate AAs are used)

Version:

0.1

Author:

O Canovas, O Otenko

Field Summary

protected X509Certificate	caCertificate
protected java.util.Hashtable	soaCerts

Constructor Summary

PTBSignatureVerifier()
Constructs a PTBSignatureVerifier.

Method Summary

boolean	addSOACertificate(java.lang.String file) Gets a new SOA certificate and inserts it in the hash table.
boolean	checkSignature(byte[] value, byte[] signature, java.lang.String algorithmID, TokenLocator signer) Checks if the signature for the given value has been signed by the signer.
boolean	setCACertificate(java.lang.String file) Gets the CA certificate and validates the signature.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

caCertificate

protected X509Certificate caCertificate

soaCerts

protected java.util.Hashtable soaCerts

Constructor Detail

PTBSignatureVerifier

public PTBSignatureVerifier()

Constructs a PTBSignatureVerifier. It has no parameters, and its main function is to initialise the hash table.

Method Detail

setCACertificate

public boolean setCACertificate(java.lang.String file)

Gets the CA certificate and validates the signature.

Parameters:

file - is the file containing the certificate

Returns:

true if the certificate was successfully read and validated

addSOACertificate

public boolean addSOACertificate(java.lang.String file)

Gets a new SOA certificate and inserts it in the hash table.

Parameters:

file - is the file containing the certificate

Returns:

true if the certificate was successfully read and validated

checkSignature

public boolean checkSignature(byte[] value,
                              byte[] signature,
                              java.lang.String algorithmID,
                              TokenLocator signer)

Checks if the signature for the given value has been signed by the signer. This method does not perform any kind of verification related to revocations (CRLs, OCSP queries). This method fetches the public key certificate of the signer, and follows the certification path back to its root of trust, that is, Signer -> SOA -> CA.

Specified by:

checkSignature in interface SignatureVerifier

Parameters:

value - is the byte array that had been signed

signature - is the byte array of the resulting signature

algorithmID - is the String representation (dotted form) of the object identifier of the algorithm used for signing

signer - is the Principal of the signer

Returns:

true, if there is a valid PKI token, which proves the signature is valid; false otherwise