jQuery in Action, 3rd edition
The moose likes Other JSE/JEE APIs and the fly likes Validating XML Digital Signature with Certificate Chain Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Java » Other JSE/JEE APIs
Bookmark "Validating XML Digital Signature with Certificate Chain" Watch "Validating XML Digital Signature with Certificate Chain" New topic

Validating XML Digital Signature with Certificate Chain

Cristovao Santos

Joined: Jul 01, 2008
Posts: 11

I'm trying to validate a XML with a detached signature. There a certificate chain, like you can see in the example, and i have in my server a keystore with the certificates. Well, my qestion is how can i validate the certificate chain, and also the signature of the xml? Anyone have an example for me? I let you with the XML.

<?xml version="1.0" encoding="UTF-8" ?>
- - <Message id="N3p1Mzc3ejdYOXdCRHA1TkZHM1U=">
- <PAResxxx id="3780197">
- <Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
- <SignedInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
<CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315" />
<SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
- <Reference URI="#3780197">
<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
- <KeyInfo>
- <X509Data>


Let me know if you have any question about that... This is driving me crazy!

Thanks a lot for your help!

Jaime Hablutzel

Joined: Dec 25, 2009
Posts: 6
I would suggest to check org.apache.xml.security.signature.XMLSignature and to read the specification of http://www.w3.org/TR/xmldsig-core/ so you can have things more clear in terms of validation of signatures and certificates, basically you could validate the signature (as you can see in the specification http://www.w3.org/TR/xmldsig-core/) in a straightforward way using org.apache.xml.security.signature.XMLSignature API, and you can follow example here to validate certificates chain: http://www.nakov.com/blog/2009/12/01/x509-certificate-validation-in-java-build-and-verify-chain-and-verify-clr-with-bouncy-castle/
I’ve looked at a lot of different solutions, and in my humble opinion Aspose is the way to go. Here’s the link: http://aspose.com
subject: Validating XML Digital Signature with Certificate Chain
It's not a secret anymore!