public class VerifyHandler extends Object
Constructor and Description |
---|
VerifyHandler(List<String> contextCertAccessList,
X509Certificate bankidRootCertificate,
X509Certificate[] bankidRootCertificates)
Constructs a VerifyHandler and sets the Certificate Access List to
verfiy certificate against
|
Modifier and Type | Method and Description |
---|---|
void |
verifyDetachedPKCS7(byte[] signature,
byte[] signedData,
String signerCertKeyUsages,
String extendedKeyUsages)
Verifies a PKCS7 against the input byte[] data.
|
void |
verifyIdentrusHashInSDO(byte[] signature,
byte[] dataTBS,
String signerCertKU,
String extendedKeyUsage)
Verifies the Signature against the signer certificate's PublicKey.
|
void |
verifySDODetachedPKCS7(byte[] signature,
byte[] signedData,
String signerCertKeyUsages,
String extendedKeyUsages)
Verifies a SDO PKCS7 against the input byte[] data.
|
void |
verifySHAWithRSA(org.bouncycastle.cert.ocsp.BasicOCSPResp resp,
byte[] dataTBS,
X509Certificate signerCert,
String keyUsage,
String extKeyUsage,
boolean checkCertificateExpiration)
Method that verifies a standard SHA1withRSA Signature and the signer certificate
keyusage and extended key usages if they exist
|
public VerifyHandler(List<String> contextCertAccessList, X509Certificate bankidRootCertificate, X509Certificate[] bankidRootCertificates)
contextCertAccessList
- HashMap containing supported certificate policy OIDSpublic void verifyIdentrusHashInSDO(byte[] signature, byte[] dataTBS, String signerCertKU, String extendedKeyUsage) throws BIDException
signature
- byte[] The signature (PKCS#7)dataTBS
- byte[] The data signedsignerCertKU
- String The Signer Certificate's keyusage to verifyextendedKeyUsage
- String extended KeyUsages or nullBIDException
- If verification fails or an error occurspublic void verifySHAWithRSA(org.bouncycastle.cert.ocsp.BasicOCSPResp resp, byte[] dataTBS, X509Certificate signerCert, String keyUsage, String extKeyUsage, boolean checkCertificateExpiration) throws BIDException
resp
- dataTBS
- byte[] The data signedsignerCert
- X509Certificate The signer certificatekeyUsage
- String The signer certificate expected key usagesextKeyUsage
- String The signer certificate 's expected extended key usagesBIDException
- If something failspublic void verifyDetachedPKCS7(byte[] signature, byte[] signedData, String signerCertKeyUsages, String extendedKeyUsages) throws BIDException
signature
- byte[] The signature (PKCS#7)signedData
- byte[] The data signedBIDException
- If the verification failspublic void verifySDODetachedPKCS7(byte[] signature, byte[] signedData, String signerCertKeyUsages, String extendedKeyUsages) throws BIDException
signature
- byte[] The signature (PKCS#7)signedData
- byte[] The data signedBIDException
- If the verification failsCopyright © 2017 Nets Branch Norway. All Rights Reserved.