Package ch.swisscom.mid.client
Interface SignatureValidator
- All Known Implementing Classes:
SignatureValidatorImpl
public interface SignatureValidator
Interface for the components that can validate the CMS content of a digital signature that is received
after a successful signature transaction.
- Since:
- v1.5.0
-
Method Summary
Modifier and TypeMethodDescriptionvalidateSignature(String base64SignatureContent, String requestedDtbs, Traceable trace) Validates a digital signature content given as a Base64-encoded CMS data.
-
Method Details
-
validateSignature
SignatureValidationResult validateSignature(String base64SignatureContent, String requestedDtbs, Traceable trace) Validates a digital signature content given as a Base64-encoded CMS data. The validation involves:- Validates if the received certificate (with the public key) inside the signature response data is trustworthy, which means the certificate chain must have an anchor certificate that matches one of the root certificates in the configured truststore file. This step ensures that the public key was not replaced by a MITM-attack.
- Verifies the digital signature (which requires the public key of the end user certificate). This step ensures that the signature was done by the correct user/private-key and not by anyone else.
- Verifies if the signed data (which is the DTBD/DTBS message) inside the digital signature actually matches the DTBD message that was sent in the request.
- Parameters:
base64SignatureContent- the Base64-encoded CMS signature content received in the signature responserequestedDtbs- the requested DTBD/DTBS from the signature requesttrace- an optional trace object to print details about the current flow- Returns:
- a validation result containing boolean flags for the types of validations that are performed (and whether the validations passed or not) and various information bits extracted from the signature content
-