Package net.visma.autopay.http.signature

Class VerificationSpec.Builder

java.lang.Object
net.visma.autopay.http.signature.VerificationSpec.Builder
Enclosing class:
VerificationSpec
public static class VerificationSpec.Builder extends Object
Builder class to build VerificationSpec objects.

Signature Context must be provided, and it should contain Signature-Input and Signature headers. Public ket getter key must be provided. Signature label must be provided.

  • Method Details

    • requiredParameters

      public VerificationSpec.Builder requiredParameters(SignatureParameterType... parameters)
      Sets Signature Parameters which must be present in verified signature.

      If any of them is not present, in Signature-Input, then verified signature is rejected.

      Parameters:
      parameters - Required Signature Parameter types, provided as vararg
      Returns:
      This builder

    • requiredParameters

      public VerificationSpec.Builder requiredParameters(Collection<SignatureParameterType> parameters)
      Sets Signature Parameters which must be present in verified signature.

      If any of them is not present, in Signature-Input, then verified signature is rejected.

      Parameters:
      parameters - Required Signature Parameter types, provided as collection
      Returns:
      This builder

    • forbiddenParameters

      public VerificationSpec.Builder forbiddenParameters(SignatureParameterType... parameters)
      Sets Signature Parameters which must not be present in verified signature, e.g. alg

      If any of them is present, in Signature-Input, then verified signature is rejected.

      Parameters:
      parameters - Forbidden Signature Parameter types, provided as varargs
      Returns:
      This builder

    • forbiddenParameters

      public VerificationSpec.Builder forbiddenParameters(Collection<SignatureParameterType> parameters)
      Sets Signature Parameters which must not be present in verified signature, e.g. alg

      If any of them is present, in Signature-Input, then verified signature is rejected.

      Parameters:
      parameters - Forbidden Signature Parameter types, provided as collection
      Returns:
      This builder

    • requiredComponents

      public VerificationSpec.Builder requiredComponents(SignatureComponents components)
      Sets definitions of required Signature Components

      If related values are not present in verified Signature-Input, the signature is rejected.

      Parameters:
      components - Required Signature Components
      Returns:
      This builder

    • requiredIfPresentComponents

      public VerificationSpec.Builder requiredIfPresentComponents(SignatureComponents components)
      Sets definitions of Signature Components which are required in the signature only if their values are defined in Signature Context.

      They can be optional HTTP headers which must be included in the signature if they are present. If such headers are present in the Signature Context but are missing in Signature-Input, the signature is rejected.

      Parameters:
      components - Signature Components required if present in the Signature Context
      Returns:
      This builder

    • context

      public VerificationSpec.Builder context(SignatureContext signatureContext)
      Sets Signature Context
      Parameters:
      signatureContext - Signature Context with values obtained from verified request or response
      Returns:
      This builder

    • maximumAge

      public VerificationSpec.Builder maximumAge(int maximumAgeSeconds)
      Sets maximum age of verified signature in seconds

      Age is based on created Signature Parameter. Signature is rejected if created < now() - maximumAgeSeconds. Such verification is performed only if created Signature Parameter is present.

      Parameters:
      maximumAgeSeconds - Maximum age of verified signature in seconds
      Returns:
      This builder

    • maximumSkew

      public VerificationSpec.Builder maximumSkew(int maximumSkewSeconds)
      Set s maximum "skew" for created Signature Property (in seconds) - for detecting signatures from the "future".

      A signature will be rejected if it's from the "future" - created > now() + maximumSkewSeconds

      Parameters:
      maximumSkewSeconds - Maximum "future" skew of verified signature n seconds
      Returns:
      This builder

    • publicKeyGetter

      public VerificationSpec.Builder publicKeyGetter(CheckedFunction<String,PublicKeyInfo> publicKeyGetter)
      Sets public key supplier function

      The supplier should return PublicKeyInfo object for given key ID, or throw an exception in case of problems, e.g. unknown key ID. Key ID is extracted from Signature-Input header.

      Parameters:
      publicKeyGetter - Function which for given keyid returns related public key
      Returns:
      This builder
      See Also:

    • signatureLabel

      public VerificationSpec.Builder signatureLabel(String signatureLabel)
      Sets label of signature to verify

      Signature and Signature-Input headers will be searched for provided label. If they don't contain the label, signature verification will be rejected.

      If application-specific {applicationTag(String)} is also provided then found signature must contain both the label and the tag. If signatureLabel is not provided then only applicationTag(String) is used to find matching signature. Either signatureLabel or applicationTag must be provided in verification specs.

      Parameters:
      signatureLabel - Label of signature to verify
      Returns:
      This builder

    • applicationTag

      public VerificationSpec.Builder applicationTag(String tag)
      Sets application-specific tag of signature to verify

      Signature-Input header will be searched for provided tag. If it doesn't contain the tag, signature verification will be rejected. If multiple signatures contain the tag, signature verification will be rejected.

      If {signatureLabel(String) is also provided then found signature must contain both the label and the tag. (In this case multiple signatures having the tag won't lead to rejection.) If tag is not provided then only signatureLabel(String) is used to find matching signature. Either signatureLabel or applicationTag must be provided in verification specs.

      Parameters:
      tag - Application-specific tag of signature to verify
      Returns:
      This builder

    • build

      public VerificationSpec build()
      Constructs VerificationSpec object from this builder

      All required data mentioned in VerificationSpec.Builder must be provided (signature context, public key getter, signature label).

      Returns:
      VerificationSpec object