+ const CredentialResolver& credResolver,
+ CredentialCriteria* criteria=NULL
+ ) const=0;
+
+ /**
+ * Determines whether a raw signature is correct and valid with respect to
+ * the source of credentials supplied.
+ *
+ * <p>It is the responsibility of the application to ensure that the Credentials
+ * supplied are in fact associated with the peer who created the signature.
+ *
+ * <p>If criteria with a peer name are supplied, the "name" of the Credential that verifies
+ * the signature may also be checked to ensure that it identifies the intended peer.
+ * The peer name itself or implementation-specific rules based on the content of the
+ * peer credentials may be applied. Implementations may omit this check if they
+ * deem it unnecessary.
+ *
+ * <p>Note that the keyInfo parameter is not part of the implicitly trusted
+ * set of information supplied via the CredentialResolver, but rather advisory
+ * data that may have accompanied the signature itself.
+ *
+ * @param sigAlgorithm XML Signature identifier for the algorithm used
+ * @param sig null-terminated base64-encoded signature value
+ * @param keyInfo KeyInfo object accompanying the signature, if any
+ * @param in the input data over which the signature was created
+ * @param in_len size of input data in bytes
+ * @param credResolver a locked resolver to supply trusted peer credentials to the TrustEngine
+ * @param criteria criteria for selecting peer credentials
+ * @return true iff the signature validates
+ */
+ virtual bool validate(
+ const XMLCh* sigAlgorithm,
+ const char* sig,
+ xmlsignature::KeyInfo* keyInfo,
+ const char* in,
+ unsigned int in_len,
+ const CredentialResolver& credResolver,
+ CredentialCriteria* criteria=NULL