Processor for verifying that a message corresponds to a cryptographic signature, ensuring that the message has not been modified in transit. The signing and verification process is based on asymmetric key encryption. The incoming payload is the message that was signed. The signature and the certificate containing the public key are both loaded using SpEL expression. This allows for flexibility in terms of how these inputs are passed to the processor. The certificate must use the PEM format. You can use the loadCertificate processor to provide a certificate stored in a secret. The signing algorithm is specified by the user and must match the algorithm used when signing. A successful verification confirms that the signed payload has not been tampered with. The processor will fail non-transiently if the signature validation fails. Non-binary payloads will be converted to binary before being processed. The output payload is copied from the input payload.


Name Summary


The selected signing algorithm. Supported algorithms: SHA1withDSA, SHA1withRSA, SHA256withDSA, SHA256withRSA. See standard JDK signature algorithms. Required.


The expression used to load the certificate containing the public key used for signature verification. The certificate must be in the PEM format. Required


The expression used to load the cryptographic signature to be verified. Required


Optional, descriptive name for the processor.


Required identifier of the processor, unique across all processors within the flow. Must be between 3 and 30 characters long; contain only lower and uppercase alphabetical characters (a-z and A-Z), numbers, dashes ("-"), and underscores ("_"); and start with an alphabetical character. In other words, it adheres to the regex pattern [a-zA-Z][a-zA-Z0-9_-]{2,29}.


Optional set of custom properties in a simple jdk-format, that are added to the message exchange properties before processing the incoming payload. Any existing properties with the same name will be replaced by properties defined here.


Whether the incoming payload is available for error processing on failure. Defaults to false.


Name Summary


Strategy for describing how a processor’s message is logged on the server.


Strategy for archiving payloads.


Strategy that customizes the conversion of an incoming payload by a processor (e.g., string to object). Should be used when the processor’s default conversion logic cannot be used.