Class FapiResourceRequestVerifier

java.lang.Object
com.authlete.hms.fapi.FapiResourceRequestBase<FapiResourceRequestVerifier>
com.authlete.hms.fapi.FapiResourceRequestVerifier
public class FapiResourceRequestVerifier extends FapiResourceRequestBase<FapiResourceRequestVerifier>
A utility for verifying a resource request in accordance with the FAPI 2.0 Http Signatures requirements.

Sample Code

 // The received signature.
 SignatureEntry signatureEntry = ...;
 byte[]            signature = signatureEntry.getSignature();
 SignatureMetadata metadata  = signatureEntry.getMetadata();

 // Create a verifier.
 FapiResourceRequestVerifier verifier = new FapiResourceRequestVerifier()
         .setMethod("POST")
         .setTargetUri(URI.create("https://example.com/path?key=value"))
         .setAuthorization("Bearer abc")
         .setContentDigest(
             "sha-256=:RBNvo1WzZ4oRRq0W9+hknpT7T8If536DEMBg9hyq/4o=:"
         )
         .setVerificationKey(JWK.parse(VERIFICATION_KEY))
         ;

 // Verify the signature.
 boolean verified = verifier.verify(signature, metadata);
Since:
1.4
See Also:

  • Constructor Details

    • FapiResourceRequestVerifier

      public FapiResourceRequestVerifier()

  • Method Details

    • getVerificationKey

      public JWK getVerificationKey()
      Get the public key for verifying the HTTP message signature in the request.
      Returns:
      The public key for verifying the HTTP message signature.

    • setVerificationKey

      public FapiResourceRequestVerifier setVerificationKey(JWK verificationKey)
      Set the public key for verifying the HTTP message signature in the request.
      Parameters:
      verificationKey - The public key for verifying the HTTP message signature.
      Returns:
      this object.

    • verify

      public VerificationInfo verify(SignatureEntry signatureEntry) throws IllegalStateException, SignatureException
      Execute HTTP message verification.

      This method is an alias of verify(signatureEntry.getSignature(), signatureEntry.getMetadata()).

      Parameters:
      signatureEntry - A signature entry that contains the signature to be verified.
      Returns:
      Information about the verification operation, including the computed signature base and the verification result.
      Throws:
      IllegalStateException - Mandatory input parameters, such as method, targetUri, authorization, and verificationKey, are not set.
      SignatureException - Signature verification failed.

    • verify

      public VerificationInfo verify(byte[] signature, SignatureMetadata metadata) throws IllegalStateException, SignatureException
      Execute HTTP message verification.
      Parameters:
      signature - The signature to verify.
      metadata - The signature metadata referenced for creating the signature base. If null is given, the default signature metadata is built and used, but it is not recommended. The signature metadata that has been provided together with the signature should be used.
      Returns:
      Information about the verification operation, including the computed signature base and the verification result.
      Throws:
      IllegalStateException - Mandatory input parameters, such as method, targetUri, authorization, and verificationKey, are not set.
      SignatureException - Signature verification failed.