Class FapiResourceResponseVerifier

java.lang.Object
com.authlete.hms.fapi.FapiResourceResponseBase<FapiResourceResponseVerifier>
com.authlete.hms.fapi.FapiResourceResponseVerifier
public class FapiResourceResponseVerifier extends FapiResourceResponseBase<FapiResourceResponseVerifier>
A utility for signing a resource response in accordance with the FAPI 2.0 Http Signatures requirements.

Sample Code

 // The signature in the request.
 SignatureEntry sigEntryInRequest = ...;

 // The signature in the response.
 SignatureEntry sigEntryInResponse = ...;

 // Create a verifier.
 FapiResourceResponseVerifier verifier = new FapiResourceResponseVerifier()
         .setMethod("POST")
         .setTargetUri(URI.create("https://example.com/path?key=value"))
         .addRequestSignature(sigEntryInRequest)
         .setStatus(200)
         .setRequestContentDigest(
             "sha-256=:RBNvo1WzZ4oRRq0W9+hknpT7T8If536DEMBg9hyq/4o=:"
         )
         .setResponseContentDigest(
             "sha-256=:X48E9qOokqqrvdts8nOJRJN3OWDUoyWxBf7kbu9DBPE=:"
         )
         .setVerificationKey(JWK.parse(VERIFICATION_KEY))
         ;

 // Verify the signature.
 boolean verified = verifier.verify(sigEntryInResponse);
Since:
1.4
See Also:

  • Constructor Details

    • FapiResourceResponseVerifier

      public FapiResourceResponseVerifier()

  • Method Details

    • getVerificationKey

      public JWK getVerificationKey()
      Get the public key for verifying the HTTP message signature in the response.
      Returns:
      The public key for verifying the HTTP message signature.

    • setVerificationKey

      public FapiResourceResponseVerifier setVerificationKey(JWK verificationKey)
      Set the public key for verifying the HTTP message signature in the response.
      Parameters:
      verificationKey - The public key for verifying the HTTP message signature.
      Returns:
      this object.

    • verify

      public VerificationInfo verify(SignatureEntry signatureEntry) throws IllegalStateException, SignatureException
      Execute HTTP message verification.

      This method is an alias of verify(signatureEntry.getSignature(), signatureEntry.getMetadata()).

      Parameters:
      signatureEntry - A signature entry that contains the signature to be verified.
      Returns:
      Information about the verification operation, including the computed signature base and the verification result.
      Throws:
      IllegalStateException - Mandatory input parameters, such as method, targetUri, authorization, and verificationKey, are not set.
      SignatureException - Signature verification failed.

    • verify

      public VerificationInfo verify(byte[] signature, SignatureMetadata metadata) throws IllegalStateException, SignatureException
      Execute HTTP message verification.
      Parameters:
      signature - The signature to verify.
      metadata - The signature metadata referenced for creating the signature base. If null is given, the default signature metadata is built and used, but it is not recommended. The signature metadata that has been provided together with the signature should be used.
      Returns:
      Information about the verification operation, including the computed signature base and the verification result.
      Throws:
      IllegalStateException - Mandatory input parameters, such as method, targetUri, status, and verificationKey, are not set.
      SignatureException - Signature verification failed.