Olaf Schreck
2017-07-03 17:50:16 UTC
Hi,
I'd like to use crypto:validate-signature() to validate a signed XML doc
(a SAML assertion actually).
I'm looking at test file validateEnvelopedDigitalSignature.xq from the
exist crypto lib. Usage seems to be dead simple: pass in the signed doc,
get true() if the sig matches.
Tried this and got something like "no key found". I assume this is because
the XML signature that I receive does not contain a "KeyInfo" element. Is
that correct? I couldn't find the exact error message in the crypto lib
source or in the
ro.kuberam.libs.java.crypto.digitalSignature.ValidateXmlSignature source.
In the test file I see $certificate-details bound to a <digital-certificate>
XML structure, but this var is not used anywhere? Am I missing some
under-the-hood magic here?
Finally, how could I use crypto:validate-signature() to validate an XML sig
that does not contain KeyInfo, assuming I have the matching X.509 cert in
the local keystore?
Thanks,
Olaf
I'd like to use crypto:validate-signature() to validate a signed XML doc
(a SAML assertion actually).
I'm looking at test file validateEnvelopedDigitalSignature.xq from the
exist crypto lib. Usage seems to be dead simple: pass in the signed doc,
get true() if the sig matches.
Tried this and got something like "no key found". I assume this is because
the XML signature that I receive does not contain a "KeyInfo" element. Is
that correct? I couldn't find the exact error message in the crypto lib
source or in the
ro.kuberam.libs.java.crypto.digitalSignature.ValidateXmlSignature source.
In the test file I see $certificate-details bound to a <digital-certificate>
XML structure, but this var is not used anywhere? Am I missing some
under-the-hood magic here?
Finally, how could I use crypto:validate-signature() to validate an XML sig
that does not contain KeyInfo, assuming I have the matching X.509 cert in
the local keystore?
Thanks,
Olaf