Package ch.swisscom.mid.client.impl

Class SignatureValidatorImpl

java.lang.Object
ch.swisscom.mid.client.impl.SignatureValidatorImpl
All Implemented Interfaces:
SignatureValidator
public class SignatureValidatorImpl extends Object implements SignatureValidator
Default implementation of SignatureValidator.
Since:
v1.5.0

  • Constructor Details

  • Method Details

    • validateSignature

      public SignatureValidationResult validateSignature(String base64SignatureContent, String requestedDtbs, Traceable trace)
      Description copied from interface: SignatureValidator
      Validates a digital signature content given as a Base64-encoded CMS data. The validation involves:
      1. Validates if the received certificate (with the public key) inside the signature response data is trustworthy, which means the certificate chain must have an anchor certificate that matches one of the root certificates in the configured truststore file. This step ensures that the public key was not replaced by a MITM-attack.
      2. Verifies the digital signature (which requires the public key of the end user certificate). This step ensures that the signature was done by the correct user/private-key and not by anyone else.
      3. Verifies if the signed data (which is the DTBD/DTBS message) inside the digital signature actually matches the DTBD message that was sent in the request.
      Specified by:
      validateSignature in interface SignatureValidator
      Parameters:
      base64SignatureContent - the Base64-encoded CMS signature content received in the signature response
      requestedDtbs - the requested DTBD/DTBS from the signature request
      trace - an optional trace object to print details about the current flow
      Returns:
      a validation result containing boolean flags for the types of validations that are performed (and whether the validations passed or not) and various information bits extracted from the signature content