From f6273721193b5a36e71d48e5388b24103468a175 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Thu, 14 Nov 2019 13:35:19 +0100 Subject: refactor JoseTools to support JWS signature verification by using one truststore --- .../eaaf/modules/auth/sl20/utils/IJOSETools.java | 45 ++++++++++++++++++++-- 1 file changed, 42 insertions(+), 3 deletions(-) (limited to 'eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/IJOSETools.java') diff --git a/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/IJOSETools.java b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/IJOSETools.java index 35e6de4f..b124ada7 100644 --- a/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/IJOSETools.java +++ b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/IJOSETools.java @@ -1,6 +1,15 @@ package at.gv.egiz.eaaf.modules.auth.sl20.utils; +import java.io.IOException; +import java.security.KeyStore; +import java.security.KeyStoreException; import java.security.cert.X509Certificate; +import java.util.List; + +import javax.annotation.Nonnull; + +import org.jose4j.jwa.AlgorithmConstraints; +import org.jose4j.lang.JoseException; import com.fasterxml.jackson.databind.JsonNode; @@ -20,14 +29,44 @@ public interface IJOSETools { public String createSignature(String payLoad) throws SLCommandoBuildException; /** - * Validates a JWS signature + * Validates a signed SL2.0 message * * @param serializedContent * @return * @throws SLCommandoParserException * @throws SL20Exception */ - public VerificationResult validateSignature(String serializedContent) throws SL20Exception; + @Nonnull + public VerificationResult validateSignature(@Nonnull String serializedContent) throws SL20Exception; + + /** + * Validate a JWS signature + * + * @param serializedContent JWS in serialized form + * @param trustedCerts trusted X509 certificates + * @param constraints signature verification constraints + * @return Signature-verification result + * @throws JoseException + * @throws IOException + */ + @Nonnull + public VerificationResult validateSignature(@Nonnull String serializedContent, @Nonnull List trustedCerts, + @Nonnull AlgorithmConstraints constraints) throws JoseException, IOException; + + /** + * Validate a JWS signature + * + * @param serializedContent JWS in serialized form + * @param trustStore with trusted X509 certificates + * @param algconstraints signature verification constraints + * @return Signature-verification result + * @throws JoseException + * @throws IOException + * @throws KeyStoreException + */ + @Nonnull + public VerificationResult validateSignature(@Nonnull String serializedContent, @Nonnull KeyStore trustStore, + @Nonnull AlgorithmConstraints algconstraints) throws JoseException, IOException, KeyStoreException; /** * Get the encryption certificate for SL2.0 End-to-End encryption @@ -44,5 +83,5 @@ public interface IJOSETools { * @throws SL20Exception */ public JsonNode decryptPayload(String compactSerialization) throws SL20Exception; - + } -- cgit v1.2.3