Package com.ibm.security.access.signing

Class SigningHelper

java.lang.Object
com.ibm.security.access.signing.SigningHelper
public class SigningHelper extends Object
Simple class to handle signing of data using backing Java Signing classes.

  • Field Details

  • Constructor Details

    • SigningHelper

      public SigningHelper(String signatureAlgorithm)

  • Method Details

    • getSupportedAlgorithms

      public static String[] getSupportedAlgorithms()

    • verifyB64

      public Boolean verifyB64(String data, String signature, String publicKey)
      Validate a piece of data against a given signature and public key The signature and public key values will be Base64 decoded to get the bytes to use in the verification.
      Parameters:
      data - to validate against the provided signature. This value is not decoded
      signature - provided signature to validate against
      publicKey - to use when signing the data
      Returns:
      true if the signature matches, false if it does not, null if an error occured.

    • verifyB64Url

      public Boolean verifyB64Url(String data, String signature, String publicKey)
      Validate a piece of data against a given signature and public key The signature and public key values will be Base64Url decoded to get the bytes to use in the verification
      Parameters:
      data - to validate against the provided signature. This value is not decoded
      signature - provided signature to validate against
      publicKey - to use when signing the data
      Returns:
      true if the signature matches, false if it does not, null if an error occured.

    • verify

      public Boolean verify(byte[] data, byte[] signature, byte[] publicKey)
      Validate a piece of data against a given signature and public key
      Parameters:
      data - to validate against the provided signature.
      signature - provided signature to validate against
      publicKey - to use when signing the data
      Returns:
      true if the signature matches, false if it does not, null if an error occured.

    • verifyB64

      public Boolean verifyB64(String data, String signature, String keyStore, String label)
      Validate a piece of data against a given signature and public key The signature value will be Base64 decoded to get the bytes to use.
      Parameters:
      signature - provided signature to validate against
      keyStore - to search for public key in
      label - of the certificate to use
      Returns:
      true if the signature matches, false if it does not, null if an error occured.

    • verifyB64Url

      public Boolean verifyB64Url(String data, String signature, String keyStore, String label)
      Validate a piece of data against a given signature and public key This method assumes ALL parameters are a base64URL encoded string. All provided values will be Base64Url decoded to get the bytes to use.
      Parameters:
      signature - provided signature to validate against
      keyStore - to search for public key in
      label - of the certificate to use
      Returns:
      true if the signature matches, false if it does not, null if an error occured.

    • verify

      public Boolean verify(byte[] data, byte[] signature, String keyStore, String label)
      Validate a piece of data against a given signature and public key
      Parameters:
      signature - provided signature to validate against
      keyStore - to search for public key in
      label - of the certificate to use
      Returns:
      true if the signature matches, false if it does not, null if an error occured.

    • getPublicKeyB64

      public String getPublicKeyB64(String keyStore, String label)
      Retrieve a public key from Verify Identity Access.
      Parameters:
      keyStore - to retrieve the key from
      the - label of the key to retrieve
      Returns:
      the bytes of this public key as a base64 encoded string / null if an error occurred

    • getPublicKeyB64Url

      public String getPublicKeyB64Url(String keyStore, String label)
      Retrieve a public key from Verify Identity Access.
      Parameters:
      keyStore - to retrieve the key from
      the - label of the key to retrieve
      Returns:
      the bytes of this public key as a base64url encoded string / null if an error occurred

    • getPublicKey

      public byte[] getPublicKey(String keyStore, String label)
      Retrieve a public key from Verify Identity Access.
      Parameters:
      keyStore - to retrieve the key from
      the - label of the key to retrieve
      Returns:
      the bytes of this public key / null if an error occured

    • signB64Url

      public String signB64Url(String data, String privateKey)
      Sign a piece of data using the provided private key. It is assumed that the private key is base64url encoded. The produced signature is base64 url encoded.
      Parameters:
      data - to sign
      privateKey - to perform the signing with
      Returns:
      base64url encoded signature of the data.

    • signB64Url

      public String signB64Url(String data, String keyStore, String label)
      Sign a piece of data using a given keystore and label. It is assumed that the private key is base64url encoded. The produced signature is base64 url encoded.
      Parameters:
      data - to sign
      keyStore - to retrieve the key from
      label - for the key to use
      Returns:
      base64url encoded signature of the data.

    • signB64

      public String signB64(String data, String privateKey)
      Sign a piece of data using the provided private key. It is assumed that the private key is base64 encoded. The produced signature is base64 encoded.
      Parameters:
      data - to sign
      privateKey - to perform the signing with
      Returns:
      base64 encoded signature of the data.

    • signB64

      public String signB64(String data, String keyStore, String label)
      Sign a piece of data using a given keystore and label. It is assumed that the private key is base64 encoded. The produced signature is base64 encoded.
      Parameters:
      data - to sign
      keyStore - to retrieve the key from
      label - for the key to use
      Returns:
      base64 encoded signature of the data.

    • sign

      public byte[] sign(byte[] data, byte[] privateKey)
      Sign a piece of data using a provided private key. It is assumed that the private key is not encoded. The produced signature is the raw bytes produced by the sign call
      Parameters:
      data - to sign
      keyStore - to retrieve the key from
      label - for the key to use
      Returns:
      base64 encoded signature of the data.

    • sign

      public byte[] sign(byte[] data, String keyStore, String label)
      Sign a piece of data using a given keystore and label. It is assumed that the private key is not encoded. The produced signature is the raw bytes produced by the sign call
      Parameters:
      data - to sign
      keyStore - to retrieve the key from
      label - for the key to use
      Returns:
      base64 encoded signature of the data.

    • certificateToPublicKey

      public byte[] certificateToPublicKey(byte[] certificate)
      Convert they bytes of an x509 certificate to a public key.
      Parameters:
      certificate - to extract the public key from
      Returns:
      null on error / the public key contained in the certificate.

    • checkKey

      public boolean checkKey(byte[] keyBytes)
      Check if a public key is valid
      Parameters:
      bytes - to check
      Returns:
      true if its a valid public key / false if its invalid

    • checkKeyB64

      public boolean checkKeyB64(String key)
      Check if a base64 encoded public key is valid
      Parameters:
      bytes - to check
      Returns:
      true if its a valid public key / false if its invalid

    • checkKeyB64Url

      public boolean checkKeyB64Url(String key)
      Check if a base64 url encoded public key is valid
      Parameters:
      bytes - to check
      Returns:
      true if its a valid public key / false if its invalid