use of org.apache.cxf.rs.security.httpsignature.exception.InvalidSignatureException in project cxf by apache.
the class TomitribeSignatureValidator method runVerifier.
private void runVerifier(Map<String, List<String>> messageHeaders, Key key, Signature signature, java.security.Provider provider, String method, String uri, List<String> requiredHeaders) {
LOG.fine("Starting signature validation");
boolean success;
try {
Verifier verifier = new Verifier(key, signature, provider);
success = verifier.verify(method, uri, SignatureHeaderUtils.mapHeaders(messageHeaders));
if (!signature.getHeaders().containsAll(requiredHeaders)) {
LOG.warning("Not all of the required headers are signed");
throw new InvalidDataToVerifySignatureException();
}
} catch (Exception e) {
throw new InvalidDataToVerifySignatureException("Error validating the signature", e);
}
if (!success) {
throw new InvalidSignatureException("signature is not valid");
}
LOG.fine("Finished signature validation");
}
Aggregations