*
*/
protected boolean validateSignature(byte[] signature, byte[] signedContent, String algorithmURI,
CriteriaSet criteriaSet, List<Credential> candidateCredentials) throws SecurityPolicyException {
SignatureTrustEngine engine = getTrustEngine();
// Some bindings allow candidate signing credentials to be supplied (e.g. via ds:KeyInfo), some do not.
// So have 2 slightly different cases.
try {
if (candidateCredentials == null || candidateCredentials.isEmpty()) {
if (engine.validate(signature, signedContent, algorithmURI, criteriaSet, null)) {
log.debug("Simple signature validation (with no request-derived credentials) was successful");
return true;
} else {
log.error("Simple signature validation (with no request-derived credentials) failed");
return false;
}
} else {
for (Credential cred : candidateCredentials) {
if (engine.validate(signature, signedContent, algorithmURI, criteriaSet, cred)) {
log.debug("Simple signature validation succeeded with a request-derived credential");
return true;
}
}
log.error("Signature validation using request-derived credentials failed");