The BundleVerifier class is used to verify the signature of a signed bundle.

Bundle verification was successful.

No signature was found for the given signer.

The signature files found in the bundle are not valid.

Bundle verification failed.

Creates a BundleVerifier for verifying the bundle given by bundlePath. The given path can either refer to a bundle file (in ZIP file format), or a bundle directory.

Destroys the BundleVerifier.

Extracts the X509 certificate for the signer given by alias from the bundle's signature file.

If the bundle does not contain a certificate for the given alias, returns 0.

Returns the alias name of the signer of the bundle.

If the bundle has more than one signature, the alias name of the first signer found is returned.

If the bundle does not contain any signatures, returns an empty string.

Fills the given vectors with the alias names of all signers of the bundle.

The list is built by searching for <alias>.sf files in the bundle's META-INF directory.

Verifies the bundle, using the signature from the signer given by alias, as well as the signer's public key extracted from the given certificate.

First, checks whether a signature from the given signer exists in the bundle. Second, verifies the integrity of the signature file, using the public key from the certificate. Third, computes the SHA1/SHA2 digests for all files in the bundle, and checks that the signatures match the signatures in the bundle's signature file.

Return values:

• If verification was successful, returns BUNDLE_VERIFICATION_OK.
• If the bundle does not contain a signature from the given signer, returns BUNDLE_VERIFICATION_NO_SIGNATURE.
• If the signature found in the bundle is not valid (or in a wrong format), returns BUNDLE_VERIFICATION_INVALID_SIGNATURE.
• If verification fails, returns BUNDLE_VERIFICATION_FAILED and stores messages describing the reason for the failure in messages.

Note that verify() can also throw a Poco::Exception if a low-level error occurs.