Package ch.swisscom.mid.client.impl

Class SignatureValidatorImpl

    • Method Detail

      • validateSignature

        public SignatureValidationResult validateSignature​(String base64SignatureContent,
                                                   String requestedDtbs,
                                                   Traceable trace)
        Description copied from interface: SignatureValidator
        Validates a digital signature content given as a Base64-encoded CMS data. The validation involves:
        1. Validates if the received certificate (with the public key) inside the signature response data is trustworthy, which means the certificate chain must have an anchor certificate that matches one of the root certificates in the configured truststore file. This step ensures that the public key was not replaced by a MITM-attack.
        2. Verifies the digital signature (which requires the public key of the end user certificate). This step ensures that the signature was done by the correct user/private-key and not by anyone else.
        3. Verifies if the signed data (which is the DTBD/DTBS message) inside the digital signature actually matches the DTBD message that was sent in the request.
        Specified by:
        validateSignature in interface SignatureValidator
        Parameters:
        base64SignatureContent - the Base64-encoded CMS signature content received in the signature response
        requestedDtbs - the requested DTBD/DTBS from the signature request
        trace - an optional trace object to print details about the current flow
        Returns:
        a validation result containing boolean flags for the types of validations that are performed (and whether the validations passed or not) and various information bits extracted from the signature content