verifySignature

Processor for verifying that a message corresponds to a cryptographic signature, ensuring that the message has not been modified in transit. The signing and verification process is based on asymmetric key encryption.

The incoming payload is the message that was signed. The signature and the certificate containing the public key are both loaded using SpEL expression. This allows for flexibility in terms of how these inputs are passed to the processor. The certificate must use the PEM format. You can use the loadCertificate processor to provide a certificate stored in a secret.

The signing algorithm is specified by the user and must match the algorithm used when signing. A successful verification confirms that the signed payload has not been tampered with. The processor will fail non-transiently if the signature validation fails. Non-binary payloads will be converted to binary before being processed. The output payload is copied from the input payload.

Properties

Name Summary

Name	Summary
`algorithm`	The selected signing algorithm. Supported algorithms: SHA1withDSA, SHA1withRSA, SHA256withDSA, SHA256withRSA. See standard JDK signature algorithms. Required.
`pemCertificateSelectionExpr`	The expression used to load the certificate containing the public key used for signature verification. The certificate must be in the PEM format. Required
`signatureSelectionExpr`	The expression used to load the cryptographic signature to be verified. Required
`name`	Optional, descriptive name for the processor.
`id`	Required identifier of the processor, unique across all processors within the flow. Must be between 3 and 30 characters long; contain only lower and uppercase alphabetical characters (a-z and A-Z), numbers, dashes ("-"), and underscores ("_"); and start with an alphabetical character. In other words, it adheres to the regex pattern `[a-zA-Z][a-zA-Z0-9_-]{2,29}`.
`exchangeProperties`	Optional set of custom properties in a simple jdk-format, that are added to the message exchange properties before processing the incoming payload. Any existing properties with the same name will be replaced by properties defined here.
`retainPayloadOnFailure`	Whether the incoming payload is available for error processing on failure. Defaults to `false`.

algorithm

The selected signing algorithm. Supported algorithms: SHA1withDSA, SHA1withRSA, SHA256withDSA, SHA256withRSA. See standard JDK signature algorithms. Required.

pemCertificateSelectionExpr

The expression used to load the certificate containing the public key used for signature verification. The certificate must be in the PEM format. Required

signatureSelectionExpr

The expression used to load the cryptographic signature to be verified. Required

name

Optional, descriptive name for the processor.

id

Required identifier of the processor, unique across all processors within the flow. Must be between 3 and 30 characters long; contain only lower and uppercase alphabetical characters (a-z and A-Z), numbers, dashes ("-"), and underscores ("_"); and start with an alphabetical character. In other words, it adheres to the regex pattern [a-zA-Z][a-zA-Z0-9_-]{2,29}.

exchangeProperties

Optional set of custom properties in a simple jdk-format, that are added to the message exchange properties before processing the incoming payload. Any existing properties with the same name will be replaced by properties defined here.

retainPayloadOnFailure

Whether the incoming payload is available for error processing on failure. Defaults to false.

Sub-builders

Name	Summary
messageLoggingStrategy	Strategy for describing how a processor’s message is logged on the server.
payloadArchivingStrategy	Strategy for archiving payloads.
inboundTransformationStrategy	Strategy that customizes the conversion of an incoming payload by a processor (e.g., string to object). Should be used when the processor’s default conversion logic cannot be used.

Name

Summary

messageLoggingStrategy

Strategy for describing how a processor’s message is logged on the server.

payloadArchivingStrategy

Strategy for archiving payloads.

inboundTransformationStrategy

Strategy that customizes the conversion of an incoming payload by a processor (e.g., string to object). Should be used when the processor’s default conversion logic cannot be used.

Was this page helpful?