I don't know anything about that code but throwing a checked exception if a signature is not valid doesn't seem right (since it's obviously something that can happen)