Package org.opensaml.security.crypto

Class SigningUtil

java.lang.Object
org.opensaml.security.crypto.SigningUtil
public final class SigningUtil extends Object
A utility class for computing and verifying raw signatures and MAC values.

  • Field Summary

    Fields
    Modifier and Type
    Field
    Description
    private static final org.slf4j.Logger
    LOG
    Logger.

  • Constructor Summary

    Constructors
    Modifier
    Constructor
    Description
    private
    SigningUtil()
    Constructor.

  • Method Summary

    Modifier and Type
    Method
    Description
    static byte[]
    sign(PrivateKey signingKey, String jcaAlgorithmID, byte[] input)
    Compute the raw signature value over the supplied input.
    static byte[]
    sign(Credential signingCredential, String jcaAlgorithmID, boolean isMAC, byte[] input)
    Compute the signature or MAC value over the supplied input.
    static byte[]
    signMAC(Key signingKey, String jcaAlgorithmID, byte[] input)
    Compute the Message Authentication Code (MAC) value over the supplied input.
    static boolean
    verify(PublicKey verificationKey, String jcaAlgorithmID, byte[] signature, byte[] input)
    Verify the signature value computed over the supplied input against the supplied signature value.
    static boolean
    verify(Credential verificationCredential, String jcaAlgorithmID, boolean isMAC, byte[] signature, byte[] input)
    Verify the signature value computed over the supplied input against the supplied signature value.
    static boolean
    verifyMAC(Key verificationKey, String jcaAlgorithmID, byte[] signature, byte[] input)
    Verify the Message Authentication Code (MAC) value computed over the supplied input against the supplied MAC value.

    Methods inherited from class java.lang.Object

    clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

  • Field Details

    • LOG

      @Nonnull private static final org.slf4j.Logger LOG
      Logger.

  • Constructor Details

    • SigningUtil

      private SigningUtil()
      Constructor.

  • Method Details

    • sign

      @Nonnull public static byte[] sign(@Nonnull Credential signingCredential, @Nonnull String jcaAlgorithmID, boolean isMAC, @Nonnull byte[] input) throws SecurityException
      Compute the signature or MAC value over the supplied input. It is up to the caller to ensure that the specified algorithm ID and isMAC flag are consistent with the type of signing key supplied in the signing credential.
      Parameters:
      signingCredential - the credential containing the signing key
      jcaAlgorithmID - the Java JCA algorithm ID to use
      isMAC - flag indicating whether the operation to be performed is a signature or MAC computation
      input - the input over which to compute the signature
      Returns:
      the computed signature or MAC value
      Throws:
      SecurityException - throw if the computation process results in an error

    • sign

      @Nonnull public static byte[] sign(@Nonnull PrivateKey signingKey, @Nonnull String jcaAlgorithmID, @Nonnull byte[] input) throws SecurityException
      Compute the raw signature value over the supplied input. It is up to the caller to ensure that the specified algorithm ID is consistent with the type of signing key supplied.
      Parameters:
      signingKey - the private key with which to compute the signature
      jcaAlgorithmID - the Java JCA algorithm ID to use
      input - the input over which to compute the signature
      Returns:
      the computed signature value
      Throws:
      SecurityException - thrown if the signature computation results in an error

    • signMAC

      @Nonnull public static byte[] signMAC(@Nonnull Key signingKey, @Nonnull String jcaAlgorithmID, @Nonnull byte[] input) throws SecurityException
      Compute the Message Authentication Code (MAC) value over the supplied input. It is up to the caller to ensure that the specified algorithm ID is consistent with the type of signing key supplied.
      Parameters:
      signingKey - the key with which to compute the MAC
      jcaAlgorithmID - the Java JCA algorithm ID to use
      input - the input over which to compute the MAC
      Returns:
      the computed MAC value
      Throws:
      SecurityException - thrown if the MAC computation results in an error

    • verify

      public static boolean verify(@Nonnull Credential verificationCredential, @Nonnull String jcaAlgorithmID, boolean isMAC, @Nonnull byte[] signature, @Nonnull byte[] input) throws SecurityException
      Verify the signature value computed over the supplied input against the supplied signature value. It is up to the caller to ensure that the specified algorithm ID and isMAC flag are consistent with the type of verification credential supplied.
      Parameters:
      verificationCredential - the credential containing the verification key
      jcaAlgorithmID - the Java JCA algorithm ID to use
      isMAC - flag indicating whether the operation to be performed is a signature or MAC computation
      signature - the computed signature value received from the signer
      input - the input over which the signature is computed and verified
      Returns:
      true iff the signature value computed over the input using the supplied key and algorithm ID is identical to the supplied signature value
      Throws:
      SecurityException - thrown if the signature computation or verification process results in an error

    • verify

      public static boolean verify(@Nonnull PublicKey verificationKey, @Nonnull String jcaAlgorithmID, @Nonnull byte[] signature, @Nonnull byte[] input) throws SecurityException
      Verify the signature value computed over the supplied input against the supplied signature value. It is up to the caller to ensure that the specified algorithm ID is consistent with the type of verification key supplied.
      Parameters:
      verificationKey - the key with which to compute and verify the signature
      jcaAlgorithmID - the Java JCA algorithm ID to use
      signature - the computed signature value received from the signer
      input - the input over which the signature is computed and verified
      Returns:
      true if the signature value computed over the input using the supplied key and algorithm ID is identical to the supplied signature value
      Throws:
      SecurityException - thrown if the signature computation or verification process results in an error

    • verifyMAC

      public static boolean verifyMAC(@Nonnull Key verificationKey, @Nonnull String jcaAlgorithmID, @Nonnull byte[] signature, @Nonnull byte[] input) throws SecurityException
      Verify the Message Authentication Code (MAC) value computed over the supplied input against the supplied MAC value. It is up to the caller to ensure that the specified algorithm ID is consistent with the type of verification key supplied.
      Parameters:
      verificationKey - the key with which to compute and verify the MAC
      jcaAlgorithmID - the Java JCA algorithm ID to use
      signature - the computed MAC value received from the signer
      input - the input over which the MAC is computed and verified
      Returns:
      true iff the MAC value computed over the input using the supplied key and algorithm ID is identical to the supplied MAC signature value
      Throws:
      SecurityException - thrown if the MAC computation or verification process results in an error