Win a copy of Re-engineering Legacy Software this week in the Refactoring forum
or Docker in Action in the Agile forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Validating XML Digital Signature with Certificate Chain

 
Cristovao Santos
Greenhorn
Posts: 11
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi!

I'm trying to validate a XML with a detached signature. There a certificate chain, like you can see in the example, and i have in my server a keystore with the certificates. Well, my qestion is how can i validate the certificate chain, and also the signature of the xml? Anyone have an example for me? I let you with the XML.

<?xml version="1.0" encoding="UTF-8" ?>
- - <Message id="N3p1Mzc3ejdYOXdCRHA1TkZHM1U=">
- <PAResxxx id="3780197">
(...)
</PAResxxx>
- <Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
- <SignedInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
<CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315" />
<SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
- <Reference URI="#3780197">
<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
<DigestValue>9BoB5VASWdKHLbG0I81B7UwDU/k=</DigestValue>
</Reference>
</SignedInfo>
<SignatureValue>(...)SignatureValue>
- <KeyInfo>
- <X509Data>

<X509Certificate>(...)X509Certificate>
<X509Certificate>(...)X509Certificate>
<X509Certificate>(...)X509Certificate>
</X509Data>
</KeyInfo>
</Signature>
</Message>


Let me know if you have any question about that... This is driving me crazy!

Thanks a lot for your help!

Cristovao
 
Jaime Hablutzel
Greenhorn
Posts: 6
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I would suggest to check org.apache.xml.security.signature.XMLSignature and to read the specification of http://www.w3.org/TR/xmldsig-core/ so you can have things more clear in terms of validation of signatures and certificates, basically you could validate the signature (as you can see in the specification http://www.w3.org/TR/xmldsig-core/) in a straightforward way using org.apache.xml.security.signature.XMLSignature API, and you can follow example here to validate certificates chain: http://www.nakov.com/blog/2009/12/01/x509-certificate-validation-in-java-build-and-verify-chain-and-verify-clr-with-bouncy-castle/
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic