com.ibm.ws.wssecurity.core
Interface SignatureEngine
-
public interface SignatureEngine
This defines an interface to sign or verify signature values of XML-Signature.
The XML-Signature processor uses an instance as follows:
- The XML-Signature processor calls
EngineFactory.getSignatureEngine()
, which instanciates an instance ofSignatureEngine
- Calls
setParameter()
- Calls
initSign()
(orinitVerify()
) - Calls
update()
repeatedly - Calls
sign()
(orverify()
) - The instance is passed to
EngineFactory.releaseSignatureEngine()
An
EngineFactory
implementation may recycle instances ofSignatureEngine
. In that case, theEngineFactory.getSignatureEngine()
does not instanciate a newSignatureEngine
, but returns existing instance which was passed toreleaseSignatureEngine()
.- See Also:
EngineFactory.getSignatureEngine(String)
,EngineFactory.releaseSignatureEngine(SignatureEngine)
,Signature
,javax.crypto.Mac
- The XML-Signature processor calls
-
-
Method Summary
Methods Modifier and Type Method and Description java.lang.String
getURI()
Return the algorithm identifier.void
initSign(java.security.Key key)
Initialize for signing.void
initVerify(java.security.Key key)
Initialize for verification.void
setParameter(java.security.spec.AlgorithmParameterSpec spec)
Set an instance ofAlgorithmParameterSpec
extracted from the content of<ds:SignatureMethod>.byte[]
sign()
Sign the data supplied via theupdate()
method call(s), and return the signature value.void
update(byte[] data)
Add signed/verified data.void
update(byte[] data, int off, int len)
Add signed/verified data using the byte arraydata
, starting at offsetoff
in the array, for a length oflen
.boolean
verify(byte[] signature)
Verify the data supplied via theupdate()
method call(s) using the specified signature, and return the validity of the signature value.
-
-
-
Method Detail
-
setParameter
void setParameter(java.security.spec.AlgorithmParameterSpec spec) throws java.security.InvalidAlgorithmParameterException
Set an instance ofAlgorithmParameterSpec
extracted from the content of<ds:SignatureMethod>.- Parameters:
spec
- Algorithm parameter. It may benull
- Throws:
java.security.InvalidAlgorithmParameterException
- InvalidAlgorithmParameterSpec
is specified.- See Also:
EngineFactory#unmarshalParameter(String, org.w3c.dom.Element)
-
getURI
java.lang.String getURI()
Return the algorithm identifier.- Returns:
- Algorithm identifier URI.
-
initSign
void initSign(java.security.Key key) throws java.security.InvalidKeyException
Initialize for signing.- Parameters:
key
- Signing key. For asymmetric signature algorithms, it would be an instance ofPrivateKey
.- Throws:
java.security.InvalidKeyException
- InvalidKey
is specified.- See Also:
Signature.initSign(java.security.PrivateKey)
-
initVerify
void initVerify(java.security.Key key) throws java.security.InvalidKeyException
Initialize for verification.- Parameters:
key
- Verification key. For asymmetric signature algorithms, it would be an instance ofPublicKey
.- Throws:
java.security.InvalidKeyException
- InvalidKey
is specified.- See Also:
Signature.initVerify(java.security.PublicKey)
-
update
void update(byte[] data) throws java.security.SignatureException
Add signed/verified data. This method must be equivalent toupdate(data, 0, data.length)
.- Parameters:
data
- data to be signed or verified- Throws:
java.security.SignatureException
- See Also:
Signature.update(byte[])
-
update
void update(byte[] data, int off, int len) throws java.security.SignatureException
Add signed/verified data using the byte arraydata
, starting at offsetoff
in the array, for a length oflen
.- Parameters:
data
- data to be signed or verifiedoff
- starting offset in the datalen
- the length to be processed- Throws:
java.security.SignatureException
- See Also:
Signature.update(byte[], int, int)
-
sign
byte[] sign() throws java.security.SignatureException
Sign the data supplied via theupdate()
method call(s), and return the signature value.- Returns:
- signature value to be inserted to <ds:SignatureValue>
- Throws:
java.security.SignatureException
- There was a problem generating the signature.- See Also:
Signature.sign()
-
verify
boolean verify(byte[] signature) throws java.security.SignatureException
Verify the data supplied via theupdate()
method call(s) using the specified signature, and return the validity of the signature value.- Parameters:
signature
- binary representation of the content of <ds:SignatureValue>- Returns:
true
if the signature is matched.- Throws:
java.security.SignatureException
- There was a problem verifying the signature.- See Also:
Signature.verify(byte[])
-
-