com.ibm.ws.wssecurity.core

Interface SignatureEngine


  1. public interface SignatureEngine

This defines an interface to sign or verify signature values of XML-Signature.

The XML-Signature processor uses an instance as follows:

  1. The XML-Signature processor calls EngineFactory.getSignatureEngine(), which instanciates an instance of SignatureEngine
  2. Calls setParameter()
  3. Calls initSign() (or initVerify())
  4. Calls update() repeatedly
  5. Calls sign() (or verify())
  6. The instance is passed to EngineFactory.releaseSignatureEngine()

An EngineFactory implementation may recycle instances of SignatureEngine. In that case, the EngineFactory.getSignatureEngine() does not instanciate a new SignatureEngine, but returns existing instance which was passed to releaseSignatureEngine().

See Also:
EngineFactory.getSignatureEngine(String), EngineFactory.releaseSignatureEngine(SignatureEngine), Signature, javax.crypto.Mac

Method Summary

Modifier and Type Method and Description
  1. java.lang.String
getURI()
Return the algorithm identifier.
  1. void
initSign(java.security.Key key)
Initialize for signing.
  1. void
initVerify(java.security.Key key)
Initialize for verification.
  1. void
setParameter(java.security.spec.AlgorithmParameterSpec spec)
Set an instance of AlgorithmParameterSpec extracted from the content of<ds:SignatureMethod>.
  1. byte[]
sign()
Sign the data supplied via the update() method call(s), and return the signature value.
  1. void
update(byte[] data)
Add signed/verified data.
  1. void
update(byte[] data,int off,int len)
Add signed/verified data using the byte array data, starting at offset offin the array, for a length of len.
  1. boolean
verify(byte[] signature)
Verify the data supplied via the update() method call(s) using the specified signature, and return the validity of the signature value.

Method Detail

setParameter

  1. void setParameter(java.security.spec.AlgorithmParameterSpec spec)
  2. throws java.security.InvalidAlgorithmParameterException
Set an instance of AlgorithmParameterSpec extracted from the content of<ds:SignatureMethod>.
Parameters:
spec - Algorithm parameter. It may be null
Throws:
java.security.InvalidAlgorithmParameterException - Invalid AlgorithmParameterSpec is specified.
See Also:
EngineFactory#unmarshalParameter(String, org.w3c.dom.Element)

getURI

  1. java.lang.String getURI()
Return the algorithm identifier.
Returns:
Algorithm identifier URI.

initSign

  1. void initSign(java.security.Key key)
  2. throws java.security.InvalidKeyException
Initialize for signing.
Parameters:
key - Signing key. For asymmetric signature algorithms, it would be an instance of PrivateKey.
Throws:
java.security.InvalidKeyException - Invalid Key is specified.
See Also:
Signature.initSign(java.security.PrivateKey)

initVerify

  1. void initVerify(java.security.Key key)
  2. throws java.security.InvalidKeyException
Initialize for verification.
Parameters:
key - Verification key. For asymmetric signature algorithms, it would be an instance of PublicKey.
Throws:
java.security.InvalidKeyException - Invalid Key is specified.
See Also:
Signature.initVerify(java.security.PublicKey)

update

  1. void update(byte[] data)
  2. throws java.security.SignatureException
Add signed/verified data. This method must be equivalent to update(data, 0, data.length).
Parameters:
data - data to be signed or verified
Throws:
java.security.SignatureException
See Also:
Signature.update(byte[])

update

  1. void update(byte[] data,
  2. int off,
  3. int len)
  4. throws java.security.SignatureException
Add signed/verified data using the byte array data, starting at offset offin the array, for a length of len.
Parameters:
data - data to be signed or verified
off - starting offset in the data
len - the length to be processed
Throws:
java.security.SignatureException
See Also:
Signature.update(byte[], int, int)

sign

  1. byte[] sign()
  2. throws java.security.SignatureException
Sign the data supplied via the update() method call(s), and return the signature value.
Returns:
signature value to be inserted to <ds:SignatureValue>
Throws:
java.security.SignatureException - There was a problem generating the signature.
See Also:
Signature.sign()

verify

  1. boolean verify(byte[] signature)
  2. throws java.security.SignatureException
Verify the data supplied via the update() method call(s) using the specified signature, and return the validity of the signature value.
Parameters:
signature - binary representation of the content of <ds:SignatureValue>
Returns:
true if the signature is matched.
Throws:
java.security.SignatureException - There was a problem verifying the signature.
See Also:
Signature.verify(byte[])