Community articleverifySignature method
Added by IBM contributorIBM on May 2, 2012
Rate this article 1 starsRate this article 2 starsRate this article 3 starsRate this article 4 starsRate this article 5 stars

No abstract provided.



Description

This method verifies the correctness of the given digital signature. You supply the root of the form that contains the signature you want to verify. This method checks the following conditions:
  • The signature item contains mimedata.
  • The mimedata contains a hash value and signer certificate.
  • The signer certificate contains the same ID as that recorded in the signature item's signer option.
  • The signer certificate has not expired.
A plain text representation of the form (filtered by the signature item's filter) is constructed and the result is hashed. This hash value must match the hash value stored in the signature.

Method

   public short verifySignature(
      FormNodeP signatureItem,
      StringHolder theCertChain,
      boolean reportAsErrorsFlag
   ) throws UWIException;


Parameters

Table 1. Method parameters
ExpressionTypeDescription
signatureItemFormNodePThe signature to verify.
theCertChainStringHolderReserved. Must be null.
reportAsErrorsFlagbooleanSet to true if you want errors about the signatures to be reported by throwing a UWIException or false if you want the error code to be returned through the return value.


Returns

A short having one of the following values, depending on the status of the signature:
Table 2. return codes
CodeStatus
FormNodeP.UFL_DS_OKThe signature is verified.
FormNodeP.UFL_DS_ALGORITHMUNAVAILABLEThe appropriate verification engine for the signature is not available.
FormNodeP.UFL_DS_CERTEXPIREDThe certificate has expired.
FormNodeP.UFL_DS_CERTNOTFOUNDThe certificate cannot be located.
FormNodeP.UFL_DS_CERTNOTTRUSTEDThe certificate is not trusted.
FormNodeP.UFL_DS_CERTREVOKEDThe certificate has been revoked.
FormNodeP.UFL_DS_CRLINVALIDThe certificate revocation list is invalid.
FormNodeP.UFL_DS_F2MATCHSIGNERThe certificate does not match the signer's name.
FormNodeP.UFL_DS_HASHCOMPFAILEDThe document has been tampered with.
FormNodeP.UFL_DS_ISSUERCERTEXPIREDThe issuer's certificate has expired.
FormNodeP.UFL_DS_ISSUERINVALIDThe issuer is invalid for the certificate used to sign.
FormNodeP.UFL_DS_ISSUERKEYUSAGE UNACCEPTABLEThe issuer certificate's key usage extension does not match what the key was used for.
FormNodeP.UFL_DS_ISSUERNOTCAThe certificate's issuer is not a Certificate Authority.
FormNodeP.UFL_DS_ISSUERNOTFOUNDThe issuer's certificate was not located.
FormNodeP.UFL_DS_ISSUERSIGFAILEDVerification of the issuer's certificate failed.
FormNodeP.UFL_DS_KEYREVOKEDThe key used to create the signature has been revoked.
FormNodeP.UFL_DS_KEYUSAGEUNACCEPTABLEThe certificate's key usage extension does not match what the key was used for.
FormNodeP.UFL_DS_KRLINVALIDThe Key Revocation List is invalid.
FormNodeP.UFL_DS_NOSIGNATUREThere is no signature.
FormNodeP.UFL_DS_NOTAUTHENTICATEDThe signer cannot be authenticated.
FormNodeP.UFL_DS_POLICYUNACCEPTABLEThe certificate's policy extension does not match the acceptable policies.
FormNodeP.UFL_DS_SIGNATUREALTEREDThe signature has been tampered with.
FormNodeP.UFL_DS_UNEXPECTEDAn unexpected error occurred.
FormNodeP.UFL_DS_UNVERIFIABLEThe signature cannot be verified.


If the signature is not valid and the reportAsErrorsFlag is true, a generic exception (UWIException) is thrown. On error, the method throws a generic exception (UWIException).

Example

In the following example, dereferenceEx is used to locate a signature node. verifySignature then determines whether the signature is valid. If the signature is not valid, a message is printed.
   private static void checkSignature(FormNodeP theForm) throws Exception
   {
   StringHolder certChain = new StringHolder( );
   FormNodeP tempNode;
 
      if ((tempNode = theForm.dereferenceEx(null, "PAGE1.SIGNATURE1", 0,
         FormNodeP.UFL_ITEM_REFERENCE, null)) == null) 
      {
         throw new UWIException("Could not locate SIGNATURE node.");
      }
      if (theForm.verifySignature(tempNode, certChain, false) == 0)
      {
         System.out.println("The first signature is valid.");
      } 
 
   /* If verifySignature returned a value that is equal to the FormNodeP
      constant UFL_DS_F2MATCHSIGNER, a message explaining the error is
      displayed. */
 
      if (theForm.verifySignature(tempNode, certChain, false) == 
         FormNodeP.UFL_DS_F2MATCHSIGNER)
      {
         System.out.println("The name in the form doesn't match the name in
            the signature.");
      }
   }


Parent topic:
FormNodeP class