org.opensaml.xml.signature
Interface SignatureTrustEngine

All Superinterfaces:
TrustEngine<Signature>
All Known Implementing Classes:
BaseSignatureTrustEngine, ExplicitKeySignatureTrustEngine, PKIXSignatureTrustEngine

public interface SignatureTrustEngine
extends TrustEngine<Signature>

Evaluates the trustworthiness and validity of XML or raw Signatures against implementation-specific requirements.


Method Summary
 KeyInfoCredentialResolver getKeyInfoResolver()
          Get the KeyInfoCredentialResolver instance used to resolve (advisory) signing credential information from KeyInfo elements contained within a Signature element.
 boolean validate(byte[] signature, byte[] content, java.lang.String algorithm, Credential credential)
          Determines whether a raw signature is valid with respect to the Credential data supplied.
 
Methods inherited from interface org.opensaml.xml.security.trust.TrustEngine
validate
 

Method Detail

getKeyInfoResolver

KeyInfoCredentialResolver getKeyInfoResolver()
Get the KeyInfoCredentialResolver instance used to resolve (advisory) signing credential information from KeyInfo elements contained within a Signature element. Note that credential(s) obtained via this resolver are not themselves trusted. They must be evaluated against the trusted credential information obtained from the trusted credential resolver.

Returns:
a KeyInfoCredentialResolver instance

validate

boolean validate(byte[] signature,
                 byte[] content,
                 java.lang.String algorithm,
                 Credential credential)
                 throws SecurityException
Determines whether a raw signature is valid with respect to the Credential data supplied. It is the responsibility of the application to ensure that the Credential information supplied is in fact associated with the peer who created the signature.

Parameters:
signature - the signature value
content - the content that was signed
algorithm - the signature algorithm used
credential - credential containing the validation key for the signature
Returns:
true if the signature was valid for the provided content
Throws:
SecurityException - thrown if there is a problem attempting to verify the signature such as the signature algorithim not being supported