Package ch.swisscom.mid.client.impl

Class SignatureValidatorImpl

java.lang.Object

ch.swisscom.mid.client.impl.SignatureValidatorImpl

All Implemented Interfaces:

SignatureValidator

public class SignatureValidatorImpl
extends Object
implements SignatureValidator

Default implementation of SignatureValidator.

Since:

v1.5.0

Constructor Summary

Constructors

Constructor	Description
SignatureValidatorImpl(SignatureValidationConfiguration config)
SignatureValidatorImpl(KeyStore validationTrustStore)

Method Summary

Modifier and Type	Method	Description
String	getMIDSerialNumber(String base64SignatureContent, Traceable trace)	Retrieves mobile id serial number from Signature Response base64 SignatureContent element
SignatureValidationResult	validateSignature(String base64SignatureContent, String requestedDtbs, Traceable trace)	Validates a digital signature content given as a Base64-encoded CMS data.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Details

SignatureValidatorImpl

public SignatureValidatorImpl(SignatureValidationConfiguration config)

SignatureValidatorImpl

public SignatureValidatorImpl(KeyStore validationTrustStore)

Method Details

validateSignature

public SignatureValidationResult validateSignature(String base64SignatureContent,
 String requestedDtbs,
 Traceable trace)

Description copied from interface: SignatureValidator

Validates a digital signature content given as a Base64-encoded CMS data. The validation involves:

1. Validates if the received certificate (with the public key) inside the signature response data is trustworthy, which means the certificate chain must have an anchor certificate that matches one of the root certificates in the configured truststore file. This step ensures that the public key was not replaced by a MITM-attack.
2. Verifies the digital signature (which requires the public key of the end user certificate). This step ensures that the signature was done by the correct user/private-key and not by anyone else.
3. Verifies if the signed data (which is the DTBD/DTBS message) inside the digital signature actually matches the DTBD message that was sent in the request.

Specified by:

validateSignature in interface SignatureValidator

Parameters:

base64SignatureContent - the Base64-encoded CMS signature content received in the signature response

requestedDtbs - the requested DTBD/DTBS from the signature request

trace - an optional trace object to print details about the current flow

Returns:

a validation result containing boolean flags for the types of validations that are performed (and whether the validations passed or not) and various information bits extracted from the signature content

getMIDSerialNumber

public String getMIDSerialNumber(String base64SignatureContent,
 Traceable trace)

Description copied from interface: SignatureValidator

Retrieves mobile id serial number from Signature Response base64 SignatureContent element

Specified by:

getMIDSerialNumber in interface SignatureValidator

Parameters:

base64SignatureContent - the Base64 encoded digital signature data from signature response

Returns:

mobile id serial number extracted from digital signature data from signature response