signatureverifier.java

一个完整的XACML工程,学习XACML技术的好例子!

/*
* Copyright (c) 2000-2005, University of Salford
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without 
* modification, are permitted provided that the following conditions are met:
*
* Redistributions of source code must retain the above copyright notice, this 
* list of conditions and the following disclaimer.
* 
* Redistributions in binary form must reproduce the above copyright notice, 
* this list of conditions and the following disclaimer in the documentation 
* and/or other materials provided with the distribution. 
*
* Neither the name of the University of Salford nor the names of its 
* contributors may be used to endorse or promote products derived from this 
* software without specific prior written permission. 
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" 
* AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
* ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE 
* LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 
* CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 
* SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 
* INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 
* CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 
* POSSIBILITY OF SUCH DAMAGE.
*/

package issrg.pba.rbac;

import java.security.Principal;

/**
 * This abstract class is the wrapper for the cryptographic functionality
 * required to validate digital signatures.
 *
 * <p>Note that this somewhat duplicates the other interface, 
 * issrg.security.Verifier. This double wrapping allows to integrate the 
 * signature verification at different levels. SignatureVerifier interface
 * has smaller demands, e.g. it does not require the underlying implementation
 * to have access to the actual Verification Certificates, whilst the 
 * issrg.security.Verifier requires the implementation to be able to provide the
 * signature verification certificates. The Verifier interface is more generic,
 * but may be harder to implement.
 *
 * @author A Otenko
 * @author E Ball
 * @author D W Chadwick
 * @version 0.2
 */
public interface SignatureVerifier {
  /**
   * This method checks if the Signature for the given Value has been created by
   * the Signer. It is the responsibility of this object to fetch any relevant
   * CRLs, or call an OCSP server or any other method to ensure that the public
   * key of the Signer has not been revoked. It is also the responsibility of
   * this object to fetch the public key certificate of the signer, and to
   * follow the certification path back to its root of trust. If the signer is
   * not certified directly or indirectly beneath the root or roots of trust
   * that the PKI knows about, then it must fail to verify the signature.
   *
   * @param Value is the byte array that had been signed
   * @param Signature is the byte array of the resulting signature
   * @param algorithmID is the String representation (dotted form) of the
   *    object identifier of the algorithm used for signing
   * @param Signer is the TokenLocator of the signer
   *
   * @return true, if there is a valid non-revoked PKI token, which proves the
   *    signature is valid; false otherwise
   *
   * @throws PkiException if any unrecoverable error occurs
   */
  public boolean checkSignature(byte[] Value, byte[] Signature,
                                String algorithmID, issrg.utils.repository.TokenLocator Signer)
                                throws PkiException;
}