aspose file tools*
The moose likes Other JSE/JEE APIs and the fly likes Validating XML Digital Signature with Certificate Chain Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of The Java EE 7 Tutorial Volume 1 or Volume 2 this week in the Java EE forum
or jQuery UI in Action in the JavaScript forum!
JavaRanch » Java Forums » Java » Other JSE/JEE APIs
Bookmark "Validating XML Digital Signature with Certificate Chain" Watch "Validating XML Digital Signature with Certificate Chain" New topic
Author

Validating XML Digital Signature with Certificate Chain

Cristovao Santos
Greenhorn

Joined: Jul 01, 2008
Posts: 11
Hi!

I'm trying to validate a XML with a detached signature. There a certificate chain, like you can see in the example, and i have in my server a keystore with the certificates. Well, my qestion is how can i validate the certificate chain, and also the signature of the xml? Anyone have an example for me? I let you with the XML.

<?xml version="1.0" encoding="UTF-8" ?>
- - <Message id="N3p1Mzc3ejdYOXdCRHA1TkZHM1U=">
- <PAResxxx id="3780197">
(...)
</PAResxxx>
- <Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
- <SignedInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
<CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315" />
<SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
- <Reference URI="#3780197">
<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
<DigestValue>9BoB5VASWdKHLbG0I81B7UwDU/k=</DigestValue>
</Reference>
</SignedInfo>
<SignatureValue>(...)SignatureValue>
- <KeyInfo>
- <X509Data>

<X509Certificate>(...)X509Certificate>
<X509Certificate>(...)X509Certificate>
<X509Certificate>(...)X509Certificate>
</X509Data>
</KeyInfo>
</Signature>
</Message>


Let me know if you have any question about that... This is driving me crazy!

Thanks a lot for your help!

Cristovao
Jaime Hablutzel
Greenhorn

Joined: Dec 25, 2009
Posts: 6
I would suggest to check org.apache.xml.security.signature.XMLSignature and to read the specification of http://www.w3.org/TR/xmldsig-core/ so you can have things more clear in terms of validation of signatures and certificates, basically you could validate the signature (as you can see in the specification http://www.w3.org/TR/xmldsig-core/) in a straightforward way using org.apache.xml.security.signature.XMLSignature API, and you can follow example here to validate certificates chain: http://www.nakov.com/blog/2009/12/01/x509-certificate-validation-in-java-build-and-verify-chain-and-verify-clr-with-bouncy-castle/
 
wood burning stoves
 
subject: Validating XML Digital Signature with Certificate Chain