Class SignatureServiceImpl

Object

SignatureServiceImpl

All Implemented Interfaces:

SignatureService

public final class SignatureServiceImpl
extends Object
implements SignatureService

Thread-safe implementation of SignatureService.

Constructor Summary

Constructors

Constructor	Description
SignatureServiceImpl(AnkaSecureOpenApiClient api)

Method Summary

Modifier and Type	Method	Description
ResignFileResult	resignBytes(String newKid, String oldJws)	Re-sign a Compact JWS switching to newKid.
ResignFileResult	resignFile(String newKid, Path oldJws, Path newJws)
ResignFileResult	resignFileStream(Path oldJws, String newKid, Path input, Path newSigOut)	Re-sign a detached-payload JWS in streaming mode. The existing *General-JSON* header (containing the old kid) is supplied in oldJwsHeader.
SignFileResult	signBytes(String kid, byte[] data)	Sign an in-memory payload with a server-side **private** key.
SignFileResult	signFile(String kid, Path input, Path jwsOut)
SignFileResult	signFileStream(String kid, Path input, Path sigOut)
VerifySignatureResult	verifySignature(Path jwsFile)
VerifySignatureResult	verifySignatureBytes(String jwsToken)	Verify a Compact JWS that is fully in memory.

Methods inherited from class Object

equals, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Details

SignatureServiceImpl

public SignatureServiceImpl(AnkaSecureOpenApiClient api)

Method Details

signFile

public SignFileResult signFile(String kid,
 Path input,
 Path jwsOut)

Specified by:

signFile in interface SignatureService

verifySignature

public VerifySignatureResult verifySignature(Path jwsFile)

Specified by:

verifySignature in interface SignatureService

resignFile

public ResignFileResult resignFile(String newKid,
 Path oldJws,
 Path newJws)

Specified by:

resignFile in interface SignatureService

signFileStream

public SignFileResult signFileStream(String kid,
 Path input,
 Path sigOut)

Specified by:

signFileStream in interface SignatureService

resignFileStream

public ResignFileResult resignFileStream(Path oldJws,
 String newKid,
 Path input,
 Path newSigOut)

Description copied from interface: SignatureService

Re-sign a detached-payload JWS in streaming mode.
The existing *General-JSON* header (containing the old kid) is supplied in oldJwsHeader. The payload itself is streamed from input.

Specified by:

resignFileStream in interface SignatureService

Parameters:

oldJws - UTF-8 file that contains the original JWS header (General-JSON, detached payload)

newKid - key identifier that must sign the refreshed JWS

input - data whose signature is being replaced

newSigOut - destination file that will receive the new signature

signBytes

public SignFileResult signBytes(String kid,
 byte[] data)

Sign an in-memory payload with a server-side **private** key.

Specified by:

signBytes in interface SignatureService

Parameters:

kid - private-key ID in Anka Secure (must not be null)

data - bytes to be signed (must not be null)

Returns:

SignFileResult containing the detached Compact JWS and metadata

verifySignatureBytes

public VerifySignatureResult verifySignatureBytes(String jwsToken)

Verify a Compact JWS that is fully in memory.

Specified by:

verifySignatureBytes in interface SignatureService

Parameters:

jwsToken - textual Compact JWS (UTF-8)

Returns:

outcome, metadata, and Base64 payload

resignBytes

public ResignFileResult resignBytes(String newKid,
 String oldJws)

Re-sign a Compact JWS switching to newKid.

Specified by:

resignBytes in interface SignatureService

Parameters:

newKid - private-key ID that must generate the new signature

oldJws - existing Compact JWS (UTF-8)

Returns:

dual-key metadata plus the new token