Package com.ibm.security.access.signing

Class SigningHelper

  • public class SigningHelper
extends java.lang.Object
    Simple class to handle signing of data using backing Java Signing classes.

    • Constructor Summary

      Constructors 
      Constructor Description
      SigningHelper​(java.lang.String signatureAlgorithm)  

    • Method Summary

      All Methods Static Methods Instance Methods Concrete Methods 
      Modifier and Type Method Description
      byte[] certificateToPublicKey​(byte[] certificate)
      Convert they bytes of an x509 certificate to a public key.
      boolean checkKey​(byte[] keyBytes)
      Check if a public key is valid
      boolean checkKeyB64​(java.lang.String key)
      Check if a base64 encoded public key is valid
      boolean checkKeyB64Url​(java.lang.String key)
      Check if a base64 url encoded public key is valid
      byte[] getPublicKey​(java.lang.String keyStore, java.lang.String label)
      Retrieve a public key from Verify Access.
      java.lang.String getPublicKeyB64​(java.lang.String keyStore, java.lang.String label)
      Retrieve a public key from Verify Access.
      java.lang.String getPublicKeyB64Url​(java.lang.String keyStore, java.lang.String label)
      Retrieve a public key from Verify Access.
      static java.lang.String[] getSupportedAlgorithms()  
      byte[] sign​(byte[] data, byte[] privateKey)
      Sign a piece of data using a provided private key.
      byte[] sign​(byte[] data, java.lang.String keyStore, java.lang.String label)
      Sign a piece of data using a given keystore and label.
      java.lang.String signB64​(java.lang.String data, java.lang.String privateKey)
      Sign a piece of data using the provided private key.
      java.lang.String signB64​(java.lang.String data, java.lang.String keyStore, java.lang.String label)
      Sign a piece of data using a given keystore and label.
      java.lang.String signB64Url​(java.lang.String data, java.lang.String privateKey)
      Sign a piece of data using the provided private key.
      java.lang.String signB64Url​(java.lang.String data, java.lang.String keyStore, java.lang.String label)
      Sign a piece of data using a given keystore and label.
      java.lang.Boolean verify​(byte[] data, byte[] signature, byte[] publicKey)
      Validate a piece of data against a given signature and public key
      java.lang.Boolean verify​(byte[] data, byte[] signature, java.lang.String keyStore, java.lang.String label)
      Validate a piece of data against a given signature and public key
      java.lang.Boolean verifyB64​(java.lang.String data, java.lang.String signature, java.lang.String publicKey)
      Validate a piece of data against a given signature and public key The signature and public key values will be Base64 decoded to get the bytes to use in the verification.
      java.lang.Boolean verifyB64​(java.lang.String data, java.lang.String signature, java.lang.String keyStore, java.lang.String label)
      Validate a piece of data against a given signature and public key The signature value will be Base64 decoded to get the bytes to use.
      java.lang.Boolean verifyB64Url​(java.lang.String data, java.lang.String signature, java.lang.String publicKey)
      Validate a piece of data against a given signature and public key The signature and public key values will be Base64Url decoded to get the bytes to use in the verification
      java.lang.Boolean verifyB64Url​(java.lang.String data, java.lang.String signature, java.lang.String keyStore, java.lang.String label)
      Validate a piece of data against a given signature and public key This method assumes ALL parameters are a base64URL encoded string.

      • Methods inherited from class java.lang.Object

        equals, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

    • Field Detail

      • SigningHelper_java_sourceCodeID

        public static final java.lang.String SigningHelper_java_sourceCodeID
        See Also:
        Constant Field Values

      • SigningHelper_java_copyright

        public static final java.lang.String SigningHelper_java_copyright

    • Constructor Detail

      • SigningHelper

        public SigningHelper​(java.lang.String signatureAlgorithm)

    • Method Detail

      • getSupportedAlgorithms

        public static java.lang.String[] getSupportedAlgorithms()

      • verifyB64

        public java.lang.Boolean verifyB64​(java.lang.String data,
                                   java.lang.String signature,
                                   java.lang.String publicKey)
        Validate a piece of data against a given signature and public key The signature and public key values will be Base64 decoded to get the bytes to use in the verification.
        Parameters:
        data - to validate against the provided signature. This value is not decoded
        signature - provided signature to validate against
        publicKey - to use when signing the data
        Returns:
        true if the signature matches, false if it does not, null if an error occured.

      • verifyB64Url

        public java.lang.Boolean verifyB64Url​(java.lang.String data,
                                      java.lang.String signature,
                                      java.lang.String publicKey)
        Validate a piece of data against a given signature and public key The signature and public key values will be Base64Url decoded to get the bytes to use in the verification
        Parameters:
        data - to validate against the provided signature. This value is not decoded
        signature - provided signature to validate against
        publicKey - to use when signing the data
        Returns:
        true if the signature matches, false if it does not, null if an error occured.

      • verify

        public java.lang.Boolean verify​(byte[] data,
                                byte[] signature,
                                byte[] publicKey)
        Validate a piece of data against a given signature and public key
        Parameters:
        data - to validate against the provided signature.
        signature - provided signature to validate against
        publicKey - to use when signing the data
        Returns:
        true if the signature matches, false if it does not, null if an error occured.

      • verifyB64

        public java.lang.Boolean verifyB64​(java.lang.String data,
                                   java.lang.String signature,
                                   java.lang.String keyStore,
                                   java.lang.String label)
        Validate a piece of data against a given signature and public key The signature value will be Base64 decoded to get the bytes to use.
        Parameters:
        signature - provided signature to validate against
        keyStore - to search for public key in
        label - of the certificate to use
        Returns:
        true if the signature matches, false if it does not, null if an error occured.

      • verifyB64Url

        public java.lang.Boolean verifyB64Url​(java.lang.String data,
                                      java.lang.String signature,
                                      java.lang.String keyStore,
                                      java.lang.String label)
        Validate a piece of data against a given signature and public key This method assumes ALL parameters are a base64URL encoded string. All provided values will be Base64Url decoded to get the bytes to use.
        Parameters:
        signature - provided signature to validate against
        keyStore - to search for public key in
        label - of the certificate to use
        Returns:
        true if the signature matches, false if it does not, null if an error occured.

      • verify

        public java.lang.Boolean verify​(byte[] data,
                                byte[] signature,
                                java.lang.String keyStore,
                                java.lang.String label)
        Validate a piece of data against a given signature and public key
        Parameters:
        signature - provided signature to validate against
        keyStore - to search for public key in
        label - of the certificate to use
        Returns:
        true if the signature matches, false if it does not, null if an error occured.

      • getPublicKeyB64

        public java.lang.String getPublicKeyB64​(java.lang.String keyStore,
                                        java.lang.String label)
        Retrieve a public key from Verify Access.
        Parameters:
        keyStore - to retrieve the key from
        the - label of the key to retrieve
        Returns:
        the bytes of this public key as a base64 encoded string / null if an error occurred

      • getPublicKeyB64Url

        public java.lang.String getPublicKeyB64Url​(java.lang.String keyStore,
                                           java.lang.String label)
        Retrieve a public key from Verify Access.
        Parameters:
        keyStore - to retrieve the key from
        the - label of the key to retrieve
        Returns:
        the bytes of this public key as a base64url encoded string / null if an error occurred

      • getPublicKey

        public byte[] getPublicKey​(java.lang.String keyStore,
                           java.lang.String label)
        Retrieve a public key from Verify Access.
        Parameters:
        keyStore - to retrieve the key from
        the - label of the key to retrieve
        Returns:
        the bytes of this public key / null if an error occured

      • signB64Url

        public java.lang.String signB64Url​(java.lang.String data,
                                   java.lang.String privateKey)
        Sign a piece of data using the provided private key. It is assumed that the private key is base64url encoded. The produced signature is base64 url encoded.
        Parameters:
        data - to sign
        privateKey - to perform the signing with
        Returns:
        base64url encoded signature of the data.

      • signB64Url

        public java.lang.String signB64Url​(java.lang.String data,
                                   java.lang.String keyStore,
                                   java.lang.String label)
        Sign a piece of data using a given keystore and label. It is assumed that the private key is base64url encoded. The produced signature is base64 url encoded.
        Parameters:
        data - to sign
        keyStore - to retrieve the key from
        label - for the key to use
        Returns:
        base64url encoded signature of the data.

      • signB64

        public java.lang.String signB64​(java.lang.String data,
                                java.lang.String privateKey)
        Sign a piece of data using the provided private key. It is assumed that the private key is base64 encoded. The produced signature is base64 encoded.
        Parameters:
        data - to sign
        privateKey - to perform the signing with
        Returns:
        base64 encoded signature of the data.

      • signB64

        public java.lang.String signB64​(java.lang.String data,
                                java.lang.String keyStore,
                                java.lang.String label)
        Sign a piece of data using a given keystore and label. It is assumed that the private key is base64 encoded. The produced signature is base64 encoded.
        Parameters:
        data - to sign
        keyStore - to retrieve the key from
        label - for the key to use
        Returns:
        base64 encoded signature of the data.

      • sign

        public byte[] sign​(byte[] data,
                   byte[] privateKey)
        Sign a piece of data using a provided private key. It is assumed that the private key is not encoded. The produced signature is the raw bytes produced by the sign call
        Parameters:
        data - to sign
        keyStore - to retrieve the key from
        label - for the key to use
        Returns:
        base64 encoded signature of the data.

      • sign

        public byte[] sign​(byte[] data,
                   java.lang.String keyStore,
                   java.lang.String label)
        Sign a piece of data using a given keystore and label. It is assumed that the private key is not encoded. The produced signature is the raw bytes produced by the sign call
        Parameters:
        data - to sign
        keyStore - to retrieve the key from
        label - for the key to use
        Returns:
        base64 encoded signature of the data.

      • certificateToPublicKey

        public byte[] certificateToPublicKey​(byte[] certificate)
        Convert they bytes of an x509 certificate to a public key.
        Parameters:
        certificate - to extract the public key from
        Returns:
        null on error / the public key contained in the certificate.

      • checkKey

        public boolean checkKey​(byte[] keyBytes)
        Check if a public key is valid
        Parameters:
        bytes - to check
        Returns:
        true if its a valid public key / false if its invalid

      • checkKeyB64

        public boolean checkKeyB64​(java.lang.String key)
        Check if a base64 encoded public key is valid
        Parameters:
        bytes - to check
        Returns:
        true if its a valid public key / false if its invalid

      • checkKeyB64Url

        public boolean checkKeyB64Url​(java.lang.String key)
        Check if a base64 url encoded public key is valid
        Parameters:
        bytes - to check
        Returns:
        true if its a valid public key / false if its invalid