Package org.opensaml.security.crypto

Class SigningUtil

java.lang.Object

org.opensaml.security.crypto.SigningUtil

public final class SigningUtil
extends Object

A utility class for computing and verifying raw signatures and MAC values.

Field Summary

Fields

Modifier and Type	Field	Description
private static org.slf4j.Logger	LOG	Logger.

Constructor Summary

Constructors

Modifier	Constructor	Description
private	SigningUtil()	Constructor.

Method Summary

Modifier and Type	Method	Description
static byte[]	sign(PrivateKey signingKey, String jcaAlgorithmID, byte[] input)	Compute the raw signature value over the supplied input.
static byte[]	sign(Credential signingCredential, String jcaAlgorithmID, boolean isMAC, byte[] input)	Compute the signature or MAC value over the supplied input.
static byte[]	signMAC(Key signingKey, String jcaAlgorithmID, byte[] input)	Compute the Message Authentication Code (MAC) value over the supplied input.
static boolean	verify(PublicKey verificationKey, String jcaAlgorithmID, byte[] signature, byte[] input)	Verify the signature value computed over the supplied input against the supplied signature value.
static boolean	verify(Credential verificationCredential, String jcaAlgorithmID, boolean isMAC, byte[] signature, byte[] input)	Verify the signature value computed over the supplied input against the supplied signature value.
static boolean	verifyMAC(Key verificationKey, String jcaAlgorithmID, byte[] signature, byte[] input)	Verify the Message Authentication Code (MAC) value computed over the supplied input against the supplied MAC value.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

LOG

@Nonnull
private static final org.slf4j.Logger LOG

Logger.

Constructor Detail

SigningUtil

private SigningUtil()

Constructor.

Method Detail

sign

@Nonnull
public static byte[] sign(@Nonnull
                          Credential signingCredential,
                          @Nonnull
                          String jcaAlgorithmID,
                          boolean isMAC,
                          @Nonnull
                          byte[] input)
                   throws SecurityException

Compute the signature or MAC value over the supplied input. It is up to the caller to ensure that the specified algorithm ID and isMAC flag are consistent with the type of signing key supplied in the signing credential.

Parameters:

signingCredential - the credential containing the signing key

jcaAlgorithmID - the Java JCA algorithm ID to use

isMAC - flag indicating whether the operation to be performed is a signature or MAC computation

input - the input over which to compute the signature

Returns:

the computed signature or MAC value

Throws:

SecurityException - throw if the computation process results in an error

sign

@Nonnull
public static byte[] sign(@Nonnull
                          PrivateKey signingKey,
                          @Nonnull
                          String jcaAlgorithmID,
                          @Nonnull
                          byte[] input)
                   throws SecurityException

Compute the raw signature value over the supplied input. It is up to the caller to ensure that the specified algorithm ID is consistent with the type of signing key supplied.

Parameters:

signingKey - the private key with which to compute the signature

jcaAlgorithmID - the Java JCA algorithm ID to use

input - the input over which to compute the signature

Returns:

the computed signature value

Throws:

SecurityException - thrown if the signature computation results in an error

signMAC

@Nonnull
public static byte[] signMAC(@Nonnull
                             Key signingKey,
                             @Nonnull
                             String jcaAlgorithmID,
                             @Nonnull
                             byte[] input)
                      throws SecurityException

Compute the Message Authentication Code (MAC) value over the supplied input. It is up to the caller to ensure that the specified algorithm ID is consistent with the type of signing key supplied.

Parameters:

signingKey - the key with which to compute the MAC

jcaAlgorithmID - the Java JCA algorithm ID to use

input - the input over which to compute the MAC

Returns:

the computed MAC value

Throws:

SecurityException - thrown if the MAC computation results in an error

verify

public static boolean verify(@Nonnull
                             Credential verificationCredential,
                             @Nonnull
                             String jcaAlgorithmID,
                             boolean isMAC,
                             @Nonnull
                             byte[] signature,
                             @Nonnull
                             byte[] input)
                      throws SecurityException

Verify the signature value computed over the supplied input against the supplied signature value. It is up to the caller to ensure that the specified algorithm ID and isMAC flag are consistent with the type of verification credential supplied.

Parameters:

verificationCredential - the credential containing the verification key

jcaAlgorithmID - the Java JCA algorithm ID to use

isMAC - flag indicating whether the operation to be performed is a signature or MAC computation

signature - the computed signature value received from the signer

input - the input over which the signature is computed and verified

Returns:

true iff the signature value computed over the input using the supplied key and algorithm ID is identical to the supplied signature value

Throws:

SecurityException - thrown if the signature computation or verification process results in an error

verify

public static boolean verify(@Nonnull
                             PublicKey verificationKey,
                             @Nonnull
                             String jcaAlgorithmID,
                             @Nonnull
                             byte[] signature,
                             @Nonnull
                             byte[] input)
                      throws SecurityException

Verify the signature value computed over the supplied input against the supplied signature value. It is up to the caller to ensure that the specified algorithm ID is consistent with the type of verification key supplied.

Parameters:

verificationKey - the key with which to compute and verify the signature

jcaAlgorithmID - the Java JCA algorithm ID to use

signature - the computed signature value received from the signer

input - the input over which the signature is computed and verified

Returns:

true if the signature value computed over the input using the supplied key and algorithm ID is identical to the supplied signature value

Throws:

SecurityException - thrown if the signature computation or verification process results in an error

verifyMAC

public static boolean verifyMAC(@Nonnull
                                Key verificationKey,
                                @Nonnull
                                String jcaAlgorithmID,
                                @Nonnull
                                byte[] signature,
                                @Nonnull
                                byte[] input)
                         throws SecurityException

Verify the Message Authentication Code (MAC) value computed over the supplied input against the supplied MAC value. It is up to the caller to ensure that the specified algorithm ID is consistent with the type of verification key supplied.

Parameters:

verificationKey - the key with which to compute and verify the MAC

jcaAlgorithmID - the Java JCA algorithm ID to use

signature - the computed MAC value received from the signer

input - the input over which the MAC is computed and verified

Returns:

true iff the MAC value computed over the input using the supplied key and algorithm ID is identical to the supplied MAC signature value

Throws:

SecurityException - thrown if the MAC computation or verification process results in an error