Interface SignatureService

All Known Implementing Classes:

SignatureServiceImpl

public interface SignatureService

Pure signature-layer abstraction (no encryption tasks).

Implementations are stateless.

Method Summary

Modifier and Type	Method	Description
ResignResult	resignBytes(String newKid, String oldJws)	Generates a fresh Compact JWS for the payload embedded in oldJws.
ResignResult	resignFile(String newKid, Path oldJwsFile, Path newJwsFile)
ResignResult	resignFileStream(Path oldJwsHeader, String newKid, Path input, Path newSignature)	Re-sign a detached-payload JWS in streaming mode. The existing *General-JSON* header (containing the old kid) is supplied in oldJwsHeader.
SignResult	signBytes(String kid, byte[] data)	Signs an in-memory payload with the private key kid.
SignResult	signFile(String kid, Path input, Path signature)
SignResult	signFileStream(String kid, Path input, Path signature)
VerifySignatureResult	verifySignature(Path compactJwsFile)
VerifySignatureResult	verifySignatureBytes(String jws)	Verifies a textual Compact JWS that is already in memory.

Method Details

signFile

SignResult signFile(String kid,
 Path input,
 Path signature)
             throws AnkaSecureSdkException

Throws:

AnkaSecureSdkException

verifySignature

VerifySignatureResult verifySignature(Path compactJwsFile)
                               throws AnkaSecureSdkException

Throws:

AnkaSecureSdkException

resignFile

ResignResult resignFile(String newKid,
 Path oldJwsFile,
 Path newJwsFile)
                 throws AnkaSecureSdkException

Throws:

AnkaSecureSdkException

signFileStream

SignResult signFileStream(String kid,
 Path input,
 Path signature)
                   throws AnkaSecureSdkException

Throws:

AnkaSecureSdkException

resignFileStream

ResignResult resignFileStream(Path oldJwsHeader,
 String newKid,
 Path input,
 Path newSignature)
                       throws AnkaSecureSdkException

Re-sign a detached-payload JWS in streaming mode.
The existing *General-JSON* header (containing the old kid) is supplied in oldJwsHeader. The payload itself is streamed from input.

Parameters:

oldJwsHeader - UTF-8 file that contains the original JWS header (General-JSON, detached payload)

newKid - key identifier that must sign the refreshed JWS

input - data whose signature is being replaced

newSignature - destination file that will receive the new signature

Throws:

AnkaSecureSdkException

signBytes

SignResult signBytes(String kid,
 byte[] data)
              throws AnkaSecureSdkException

Signs an in-memory payload with the private key kid.

Parameters:

kid - private-key ID in Anka Secure (must not be null)

data - bytes to be signed (must not be null)

Returns:

SignResult containing the detached Compact JWS and metadata

Throws:

AnkaSecureSdkException - on validation or remote failure

verifySignatureBytes

VerifySignatureResult verifySignatureBytes(String jws)
                                    throws AnkaSecureSdkException

Verifies a textual Compact JWS that is already in memory.

Parameters:

jws - textual Compact JWS (UTF-8)

Returns:

outcome, metadata, and Base64 payload

Throws:

AnkaSecureSdkException - on validation or remote failure

resignBytes

ResignResult resignBytes(String newKid,
 String oldJws)
                  throws AnkaSecureSdkException

Generates a fresh Compact JWS for the payload embedded in oldJws. The platform first verifies oldJws, then re-signs the payload with newKid.

Parameters:

newKid - private-key ID that must generate the new signature

oldJws - existing Compact JWS (UTF-8)

Returns:

dual-key metadata plus the new token

Throws:

AnkaSecureSdkException - on validation or remote failure