IBM WebSphere Application ServerTM
Release 8

com.ibm.ws.wssecurity.core
Interface SignatureEngine


public interface SignatureEngine

This defines an interface to sign or verify signature values of XML-Signature.

The XML-Signature processor uses an instance as follows:

  1. The XML-Signature processor calls EngineFactory.getSignatureEngine(), which instanciates an instance of SignatureEngine
  2. Calls setParameter()
  3. Calls initSign() (or initVerify())
  4. Calls update() repeatedly
  5. Calls sign() (or verify())
  6. The instance is passed to EngineFactory.releaseSignatureEngine()

An EngineFactory implementation may recycle instances of SignatureEngine. In that case, the EngineFactory.getSignatureEngine() does not instanciate a new SignatureEngine, but returns existing instance which was passed to releaseSignatureEngine().

See Also:
EngineFactory.getSignatureEngine(String), EngineFactory.releaseSignatureEngine(SignatureEngine), Signature, javax.crypto.Mac

Method Summary
 java.lang.String getURI()
          Return the algorithm identifier.
 void initSign(java.security.Key key)
          Initialize for signing.
 void initVerify(java.security.Key key)
          Initialize for verification.
 void setParameter(java.security.spec.AlgorithmParameterSpec spec)
          Set an instance of AlgorithmParameterSpec extracted from the content of<ds:SignatureMethod>.
 byte[] sign()
          Sign the data supplied via the update() method call(s), and return the signature value.
 void update(byte[] data)
          Add signed/verified data.
 void update(byte[] data, int off, int len)
          Add signed/verified data using the byte array data, starting at offset offin the array, for a length of len.
 boolean verify(byte[] signature)
          Verify the data supplied via the update() method call(s) using the specified signature, and return the validity of the signature value.
 

Method Detail

setParameter

void setParameter(java.security.spec.AlgorithmParameterSpec spec)
                  throws java.security.InvalidAlgorithmParameterException
Set an instance of AlgorithmParameterSpec extracted from the content of<ds:SignatureMethod>.

Parameters:
spec - Algorithm parameter. It may be null
Throws:
java.security.InvalidAlgorithmParameterException - Invalid AlgorithmParameterSpec is specified.
See Also:
EngineFactory#unmarshalParameter(String, org.w3c.dom.Element)

getURI

java.lang.String getURI()
Return the algorithm identifier.

Returns:
Algorithm identifier URI.

initSign

void initSign(java.security.Key key)
              throws java.security.InvalidKeyException
Initialize for signing.

Parameters:
key - Signing key. For asymmetric signature algorithms, it would be an instance of PrivateKey.
Throws:
java.security.InvalidKeyException - Invalid Key is specified.
See Also:
Signature.initSign(java.security.PrivateKey)

initVerify

void initVerify(java.security.Key key)
                throws java.security.InvalidKeyException
Initialize for verification.

Parameters:
key - Verification key. For asymmetric signature algorithms, it would be an instance of PublicKey.
Throws:
java.security.InvalidKeyException - Invalid Key is specified.
See Also:
Signature.initVerify(java.security.PublicKey)

update

void update(byte[] data)
            throws java.security.SignatureException
Add signed/verified data. This method must be equivalent to update(data, 0, data.length).

Parameters:
data - data to be signed or verified
Throws:
java.security.SignatureException
See Also:
Signature.update(byte[])

update

void update(byte[] data,
            int off,
            int len)
            throws java.security.SignatureException
Add signed/verified data using the byte array data, starting at offset offin the array, for a length of len.

Parameters:
data - data to be signed or verified
off - starting offset in the data
len - the length to be processed
Throws:
java.security.SignatureException
See Also:
Signature.update(byte[], int, int)

sign

byte[] sign()
            throws java.security.SignatureException
Sign the data supplied via the update() method call(s), and return the signature value.

Returns:
signature value to be inserted to <ds:SignatureValue>
Throws:
java.security.SignatureException - There was a problem generating the signature.
See Also:
Signature.sign()

verify

boolean verify(byte[] signature)
               throws java.security.SignatureException
Verify the data supplied via the update() method call(s) using the specified signature, and return the validity of the signature value.

Parameters:
signature - binary representation of the content of <ds:SignatureValue>
Returns:
true if the signature is matched.
Throws:
java.security.SignatureException - There was a problem verifying the signature.
See Also:
Signature.verify(byte[])

IBM WebSphere Application ServerTM
Release 8