com.ibm.ws.wssecurity.core

Interface SignatureEngine



  • public interface SignatureEngine

    This defines an interface to sign or verify signature values of XML-Signature.

    The XML-Signature processor uses an instance as follows:

    1. The XML-Signature processor calls EngineFactory.getSignatureEngine(), which instanciates an instance of SignatureEngine
    2. Calls setParameter()
    3. Calls initSign() (or initVerify())
    4. Calls update() repeatedly
    5. Calls sign() (or verify())
    6. The instance is passed to EngineFactory.releaseSignatureEngine()

    An EngineFactory implementation may recycle instances of SignatureEngine. In that case, the EngineFactory.getSignatureEngine() does not instanciate a new SignatureEngine, but returns existing instance which was passed to releaseSignatureEngine().

    See Also:
    EngineFactory.getSignatureEngine(String), EngineFactory.releaseSignatureEngine(SignatureEngine), Signature, javax.crypto.Mac
    • Method Summary

      Methods 
      Modifier and Type Method and Description
      java.lang.String getURI()
      Return the algorithm identifier.
      void initSign(java.security.Key key)
      Initialize for signing.
      void initVerify(java.security.Key key)
      Initialize for verification.
      void setParameter(java.security.spec.AlgorithmParameterSpec spec)
      Set an instance of AlgorithmParameterSpec extracted from the content of<ds:SignatureMethod>.
      byte[] sign()
      Sign the data supplied via the update() method call(s), and return the signature value.
      void update(byte[] data)
      Add signed/verified data.
      void update(byte[] data, int off, int len)
      Add signed/verified data using the byte array data, starting at offset offin the array, for a length of len.
      boolean verify(byte[] signature)
      Verify the data supplied via the update() method call(s) using the specified signature, and return the validity of the signature value.
    • Method Detail

      • setParameter

        void setParameter(java.security.spec.AlgorithmParameterSpec spec)
                          throws java.security.InvalidAlgorithmParameterException
        Set an instance of AlgorithmParameterSpec extracted from the content of<ds:SignatureMethod>.
        Parameters:
        spec - Algorithm parameter. It may be null
        Throws:
        java.security.InvalidAlgorithmParameterException - Invalid AlgorithmParameterSpec is specified.
        See Also:
        EngineFactory#unmarshalParameter(String, org.w3c.dom.Element)
      • getURI

        java.lang.String getURI()
        Return the algorithm identifier.
        Returns:
        Algorithm identifier URI.
      • initSign

        void initSign(java.security.Key key)
                      throws java.security.InvalidKeyException
        Initialize for signing.
        Parameters:
        key - Signing key. For asymmetric signature algorithms, it would be an instance of PrivateKey.
        Throws:
        java.security.InvalidKeyException - Invalid Key is specified.
        See Also:
        Signature.initSign(java.security.PrivateKey)
      • initVerify

        void initVerify(java.security.Key key)
                        throws java.security.InvalidKeyException
        Initialize for verification.
        Parameters:
        key - Verification key. For asymmetric signature algorithms, it would be an instance of PublicKey.
        Throws:
        java.security.InvalidKeyException - Invalid Key is specified.
        See Also:
        Signature.initVerify(java.security.PublicKey)
      • update

        void update(byte[] data)
                    throws java.security.SignatureException
        Add signed/verified data. This method must be equivalent to update(data, 0, data.length).
        Parameters:
        data - data to be signed or verified
        Throws:
        java.security.SignatureException
        See Also:
        Signature.update(byte[])
      • update

        void update(byte[] data,
                  int off,
                  int len)
                    throws java.security.SignatureException
        Add signed/verified data using the byte array data, starting at offset offin the array, for a length of len.
        Parameters:
        data - data to be signed or verified
        off - starting offset in the data
        len - the length to be processed
        Throws:
        java.security.SignatureException
        See Also:
        Signature.update(byte[], int, int)
      • sign

        byte[] sign()
                    throws java.security.SignatureException
        Sign the data supplied via the update() method call(s), and return the signature value.
        Returns:
        signature value to be inserted to <ds:SignatureValue>
        Throws:
        java.security.SignatureException - There was a problem generating the signature.
        See Also:
        Signature.sign()
      • verify

        boolean verify(byte[] signature)
                       throws java.security.SignatureException
        Verify the data supplied via the update() method call(s) using the specified signature, and return the validity of the signature value.
        Parameters:
        signature - binary representation of the content of <ds:SignatureValue>
        Returns:
        true if the signature is matched.
        Throws:
        java.security.SignatureException - There was a problem verifying the signature.
        See Also:
        Signature.verify(byte[])
IBM WebSphere Application ServerTM
Release 9.0