• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Liutauras Vilda
  • Jeanne Boyarsky
  • Devaka Cooray
  • Paul Clapham
Sheriffs:
  • Tim Cooke
  • Knute Snortum
  • Bear Bibeault
Saloon Keepers:
  • Ron McLeod
  • Tim Moores
  • Stephan van Hulst
  • Piet Souris
  • Ganesh Patekar
Bartenders:
  • Frits Walraven
  • Carey Brown
  • Tim Holloway

Validating XML Digital Signature with Certificate Chain

 
Greenhorn
Posts: 11
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi!

I'm trying to validate a XML with a detached signature. There a certificate chain, like you can see in the example, and i have in my server a keystore with the certificates. Well, my qestion is how can i validate the certificate chain, and also the signature of the xml? Anyone have an example for me? I let you with the XML.

<?xml version="1.0" encoding="UTF-8" ?>
- - <Message id="N3p1Mzc3ejdYOXdCRHA1TkZHM1U=">
- <PAResxxx id="3780197">
(...)
</PAResxxx>
- <Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
- <SignedInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
<CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315" />
<SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
- <Reference URI="#3780197">
<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
<DigestValue>9BoB5VASWdKHLbG0I81B7UwDU/k=</DigestValue>
</Reference>
</SignedInfo>
<SignatureValue>(...)SignatureValue>
- <KeyInfo>
- <X509Data>

<X509Certificate>(...)X509Certificate>
<X509Certificate>(...)X509Certificate>
<X509Certificate>(...)X509Certificate>
</X509Data>
</KeyInfo>
</Signature>
</Message>


Let me know if you have any question about that... This is driving me crazy!

Thanks a lot for your help!

Cristovao
 
Greenhorn
Posts: 6
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I would suggest to check org.apache.xml.security.signature.XMLSignature and to read the specification of http://www.w3.org/TR/xmldsig-core/ so you can have things more clear in terms of validation of signatures and certificates, basically you could validate the signature (as you can see in the specification http://www.w3.org/TR/xmldsig-core/) in a straightforward way using org.apache.xml.security.signature.XMLSignature API, and you can follow example here to validate certificates chain: http://www.nakov.com/blog/2009/12/01/x509-certificate-validation-in-java-build-and-verify-chain-and-verify-clr-with-bouncy-castle/
 
With a little knowledge, a cast iron skillet is non-stick and lasts a lifetime.
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!