SignatureTrustEngine (Red Hat JBoss Enterprise Application Platform 6.4.19.GA public API)

All Superinterfaces:

TrustEngine<Signature>

All Known Implementing Classes:

BaseSignatureTrustEngine, ChainingSignatureTrustEngine, ExplicitKeySignatureTrustEngine, PKIXSignatureTrustEngine
```
public interface SignatureTrustEngine
extends TrustEngine<Signature>
```
Evaluates the trustworthiness and validity of XML or raw Signatures against implementation-specific requirements.

Method Summary

Methods
Modifier and Type	Method and Description
`KeyInfoCredentialResolver`	`getKeyInfoResolver()` Get the KeyInfoCredentialResolver instance used to resolve (advisory) signing credential information from KeyInfo elements contained within a Signature element.
`boolean`	`validate(byte[] signature, byte[] content, String algorithmURI, CriteriaSet trustBasisCriteria, Credential candidateCredential)` Determines whether a raw signature over specified content is valid and signed by a trusted credential.

Methods inherited from interface org.opensaml.xml.security.trust.TrustEngine
validate

- Method Detail
  - getKeyInfoResolver
```
KeyInfoCredentialResolver getKeyInfoResolver()
```
    Get the KeyInfoCredentialResolver instance used to resolve (advisory) signing credential information from KeyInfo elements contained within a Signature element. Note that credential(s) obtained via this resolver are not themselves trusted. They must be evaluated against the trusted credential information obtained from the trusted credential resolver.
    
    Returns:
    a KeyInfoCredentialResolver instance
  - validate
```
boolean validate(byte[] signature,
               byte[] content,
               String algorithmURI,
               CriteriaSet trustBasisCriteria,
               Credential candidateCredential)
                 throws SecurityException
```
    Determines whether a raw signature over specified content is valid and signed by a trusted credential.
    A candidate verification credential may optionally be supplied. If one is supplied and is determined to successfully verify the signature, an attempt will be made to establish trust on this basis.
    
    If a candidate credential is not supplied, or it does not successfully verify the signature, some implementations may be able to resolve candidate verification credential(s) in an implementation-specific manner based on the trusted criteria supplied, and then attempt to verify the signature and establish trust on this basis.
    
    Parameters:
    signature - the signature value
    content - the content that was signed
    algorithmURI - the signature algorithm URI which was used to sign the content
    trustBasisCriteria - criteria used to describe and/or resolve the information which serves as the basis for trust evaluation
    candidateCredential - the untrusted candidate credential containing the validation key for the signature (optional)
    
    Returns:
    true if the signature was valid for the provided content and was signed by a key contained within a credential established as trusted based on the supplied criteria, otherwise false
    
    Throws:
    
    SecurityException - thrown if there is a problem attempting to verify the signature such as the signature algorithim not being supported

Interface SignatureTrustEngine

Method Summary

Methods inherited from interface org.opensaml.xml.security.trust.TrustEngine

Method Detail

getKeyInfoResolver

validate