private boolean verifySignature(
     Principal principal,
     byte[] dataToSign,
     String signature,
     ContainerRequestContext requestContext) {
   try {
     final byte[] signatureData = StringUtils.base64Decode(signature);
     if (logger.isDebugEnabled()) {
       logger.debug(
           "Verifying REST request - principal: "
               + principal
               + " data: "
               + fingerprint(dataToSign)
               + " signature: "
               + fingerprint(signatureData));
     }
     SignatureVerificationKey key = findVerificationKey(principal);
     if (key == null) {
       return false;
     }
     try {
       cryptoEngine.verifySignature(key, digestAlgorithm, dataToSign, signatureData);
       return true;
     } catch (InvalidKeyException e) {
       logServerError(
           "Invalid key found while verifying signature: " + e.getMessage(), e, requestContext);
       throw new WebApplicationException(INTERNAL_SERVER_ERROR);
     } catch (SignatureException e) {
       return false;
     }
   } catch (BackendAccessException e) {
     logServerError("Unexpected BackendAccessException: " + e.getMessage(), e, requestContext);
     throw new WebApplicationException(INTERNAL_SERVER_ERROR);
   }
 }
 @Override
 public void aroundWriteTo(WriterInterceptorContext responseCtx)
     throws IOException, WebApplicationException {
   RequestDetails requestDetails = (RequestDetails) responseCtx.getProperty(TMP_REQDETAILS);
   if (requestDetails.principal != null) {
     ByteArrayOutputStream content = new ByteArrayOutputStream();
     OutputStream oldStream = responseCtx.getOutputStream();
     responseCtx.setOutputStream(content);
     responseCtx.proceed();
     byte[] contentData = content.toByteArray();
     RESTResponseSigner responseSigner =
         new RESTResponseSigner(
             requestDetails.nonce,
             requestDetails.signature,
             requestDetails.statusCode,
             contentData);
     try {
       responseCtx
           .getHeaders()
           .add(
               RESTRequestSigner.HEADER_SIGNATURE,
               signResponse(requestDetails.principal, responseSigner.getDataToSign()));
     } catch (InvalidKeyException e) {
       logServerError(
           "Invalid key for identity " + requestDetails.identity + " : " + e.getMessage(),
           e,
           null);
       throw new WebApplicationException(INTERNAL_SERVER_ERROR);
     } catch (BackendAccessException e) {
       logServerError("Unexpected BackendAccessException" + e.getMessage(), e, null);
       throw new WebApplicationException(INTERNAL_SERVER_ERROR);
     }
     oldStream.write(contentData);
   }
 }