|
In order to understand this example, it is recommended that first you understand the previously seen example: CMS/PKCS#7 Signature Generation
The signature verification service, as its name indicates, is used to check that the generated signatures are proper; in other words that the signatures meet the requirements of authenticity, integrity and non-repudiation. This means the signature is checked to see that it belongs to who it is supposed to belong, that it was not modified in transit and that it cannot be repudiated or rejected by the issuer.
To go into more detail, a verification request must always possess the dss:VerifyRequest element, which, together with the verify value of the Profile attribute, indicates that it is a verification request.
As you can see, we are dealing with the verification of a CMS/PKCS#7 signature, which contains both the signature and the signed document. Therefore, we are dealing with a detached signature.
<?xml version="1.0" encoding="UTF-8"?><soap-env:Envelope xmlns:soap-env="http://schemas.xmlsoap.org/soap/envelope/" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<soap-env:Header>
<wsse:Security><wsse:UsernameToken wsu:Id="SecurityToken-2134843862229215579"><wsse:Username>dave</wsse:Username><wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">trustedx</wsse:Password></wsse:UsernameToken></wsse:Security></soap-env:Header>
<soap-env:Body wsu:Id="Id-515080325488186420">
<dss:VerifyRequest xmlns:css="http://www.safelayer.com/TWS" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:dss="http://www.docs.oasis-open.org/dss/2004/06/oasis-dss-1.0-core-schema-wd-27.xsd" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:xades="http://uri.etsi.org/01903/v1.2.2#" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" Profile="urn:safelayer:tws:dss:1.0:profiles:cmspkcs7sig:1.0:verify" RequestID="Id-5279520567819176708">
<dss:SignatureObject><dss:Base64Signature Type="urn:ietf:rfc:2315">MIIGDAYJKoZIhvcNAQcCoIIF/TCCBfkCAQExCzAJBgUrDgMCGgUAMAsGCSqGSIb3DQEHAaCCBFswggRXMIIDP6ADAgECAgIDwTANBgkqhkiG9w0BAQUFADBuMUEwPwYDVQQKEzhTYWZlbGF5ZXIgU2VjdXJlIENvbW11bmljYXRpb25zLCBTLkEuIFtDLkkuRi4gQTYxOTMwMDQ2XTEpMCcGA1UEAxMgU2FmZWxheWVyIC0gQ2xhc3MgMSBSb290IENBIERlbW8wHhcNMDgwMTEwMTE0NjA0WhcNMDkwMTEwMTE0NjA0WjA+MQswCQYDVQQGEwJFUzERMA8GA1UEChMIVHJ1c3RlZFgxDTALBgNVBAsTBERlbW8xDTALBgNVBAMTBERhdmUwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALCA/pTYF3Eb+FTM8uVU3iZprv2F+zF86m8Q0OjgE4KaeL0iFcGwWhCQ239qf8kgsiGxmbU/P6iI5kK7NvoUnEcygqW3EwW6RmcYF3IO+EAolXHkn23XrmEHzbHZwiOSPIYR1EISmanjQhBXbc/T+3vW+P20QXZ1NGGzvbcpm+TbAgMBAAGjggGxMIIBrTAMBgNVHRMBAf8EAjAAMA4GA1UdDwEB/wQEAwID+DAdBgNVHSUEFjAUBggrBgEFBQcDAgYIKwYBBQUHAwQwEQYJYIZIAYb4QgEBBAQDAgWgMB0GA1UdDgQWBBSxCYXPv8SLspbtom7TVi1EIgffJTCBmAYDVR0jBIGQMIGNgBQ0SZsEGQRCAI/Q9nibxNeNwBftNKFypHAwbjFBMD8GA1UEChM4U2FmZWxheWVyIFNlY3VyZSBDb21tdW5pY2F0aW9ucywgUy5BLiBbQy5JLkYuIEE2MTkzMDA0Nl0xKTAnBgNVBAMTIFNhZmVsYXllciAtIENsYXNzIDEgUm9vdCBDQSBEZW1vggEBMDgGCCsGAQUFBwEBBCwwKjAoBggrBgEFBQcwAYYcaHR0cDovL3ZhLnNhZmVsYXllci5jb206ODA5NDBnBgNVHR8EYDBeMFygWqBYhilodHRwOi8vY2Euc2FmZWxheWVyLmNvbS9jcmxzL2NybERlbW9zLmNybIYraHR0cDovL2RlbW8uc2FmZWxheWVyLmNvbS9jcmxzL2NybERlbW9zLmNybDANBgkqhkiG9w0BAQUFAAOCAQEAfX/NrSEPlX8kEIUdlG1e1B+Ss/06z6IPmWrTj56X5QuddHTcXzTWxyZ0ugUtPogLr3DCcY7rWVClG/M9/YZgEHlA59T/XcJ5kRVbIbiTmTHyNwO9PZIJs8nkTCHvi07w+dEf7/klrmmP0wi/nWxFcQ/mYmt/ms4TJFflkr9pJm4ZoSS4g6Gxigoa8CR/yDG4FnkmPQI/28+dEldF5ei/oaRSgl3jk26U4gcRre+4mex6umHdxf4PfIlXXK1FkC6s4ha3GWSni5aI1RrjLMYhxdPTdNEuf3qLIH64MvhTiLvbl7eQTqhKUHZJOO8Zy2RKbSVUoJGTTTuKg3ZaewNhFjGCAXkwggF1AgEBMHQwbjFBMD8GA1UEChM4U2FmZWxheWVyIFNlY3VyZSBDb21tdW5pY2F0aW9ucywgUy5BLiBbQy5JLkYuIEE2MTkzMDA0Nl0xKTAnBgNVBAMTIFNhZmVsYXllciAtIENsYXNzIDEgUm9vdCBDQSBEZW1vAgIDwTAJBgUrDgMCGgUAoF0wGAYJKoZIhvcNAQkDMQsGCSqGSIb3DQEHATAcBgkqhkiG9w0BCQUxDxcNMDgwMjA0MTAxODE0WjAjBgkqhkiG9w0BCQQxFgQUdM2lVWxycodK61slnx8ig4QCUaQwDQYJKoZIhvcNAQEBBQAEgYCBNb7sKRXA0lK68gAZGzP89fmT7k5UnA5HFPWRpdUcr4g93vFWq1seRZCgJF3cNelG7GHltl+qDs9/6vvCkk1M2G/Nq0ppMRavJN/Ix7lNfp2omSYfci15BbXM8/+/gNpm/2Ki4z/USPy9cAY92tH1sVfWs0Cb+gwR5yHM/vd2mw==</dss:Base64Signature></dss:SignatureObject><dss:InputDocuments><dss:Document><dss:Base64Data>DQpQRVJNSVNJT04gTk9USUNFIEFORCBESVNDTEFJTUVSDQoNCg0KVGhpcyBXZWIgU2l0ZSBjb250YWlucyBjZXJ0YWluIGRvd25sb2FkYWJsZSBzb2Z0d2FyZS4gVGhpcyBzb2Z0d2FyZSANCmlzIGNvcHlyaWdodGVkIGFuZCB0aGUgY29weXJpZ2h0ZXIgY2xhaW1zIGFsbCBleGNsdXNpdmUgcmlnaHRzIHRvIA0Kc3VjaCBzb2Z0d2FyZS4gVGhlIGNvcHlyaWdodCBvd25lciBvZiB0aGUgc29mdHdhcmUgdGhhdCB5b3UgDQpkb3dubG9hZCB0aHJvdWdoIHRoaXMgc2l0ZSBtYXkgYmUgaW5kaWNhdGVkIGluIHRoZSBhY2NvbXBhbnlpbmcgDQpyZWFkLW1lIGZpbGUgYW5kIGluIHRoZSBhY2NvbXBhbnlpbmcgc291cmNlIGNvZGUgYXMgd2VsbCBhcyBpbiB0aGUgDQphcmVhIG9mIHRoaXMgV2ViIFNpdGUgZnJvbSB3aGljaCB0aGUgc29mdHdhcmUgaXMgZG93bmxvYWRlZC4gDQoNClBlcm1pc3Npb24gdG8gdXNlLCBjb3B5LCBtb2RpZnkgYW5kIGRpc3RyaWJ1dGUgdGhpcyBzb2Z0d2FyZSBhbmQgDQppdHMgc291cmNlIGNvZGUgZm9yIG5vbiBjb21tZXJjaWFsIHB1cnBvc2VzIGFuZCB3aXRob3V0IGZlZSBpcyANCmhlcmVieSBncmFudGVkLCBwcm92aWRlZCB0aGF0IHRoZSBuYW1lIG9mIHRoZSBjb3B5cmlnaHQgb3duZXIgb3IgDQpyZWxhdGVkIGNvbnRyaWJ1dG9ycyBub3QgYmUgdXNlZCBpbiBhZHZlcnRpc2luZyBvciBwdWJsaWNpdHkgDQpwZXJ0YWluaW5nIHRvIGRpc3RyaWJ1dGlvbiBvZiB0aGUgc29mdHdhcmUgd2l0aG91dCBzcGVjaWZpYywgDQp3cml0dGVuIHByaW9yIHBlcm1pc3Npb24uIFRoZSBjb3B5cmlnaHQgb3duZXIgYW5kIGNvbnRyaWJ1dG9ycyANCm1ha2VzIG5vIHJlcHJlc2VudGF0aW9ucyBhYm91dCB0aGUgc3VpdGFiaWxpdHkgb2YgdGhpcyBzb2Z0d2FyZSBmb3IgDQphbnkgcHVycG9zZS4gSXQgaXMgcHJvdmlkZWQgImFzIGlzIiB3aXRob3V0IGV4cHJlc3Mgb3IgaW1wbGllZCANCndhcnJhbnR5Lg0KDQpUaGUgY29weXJpZ2h0IG93bmVyIGFuZCBpdHMgY29udHJpYnV0b3JzIGRpc2NsYWltIGFsbCB3YXJyYW50aWVzIA0Kd2l0aCByZWdhcmQgdG8gdGhpcyBzb2Z0d2FyZSwgaW5jbHVkaW5nIGFsbCBpbXBsaWVkIHdhcnJhbnRpZXMgb2YgDQptZXJjaGFudGFiaWxpdHkgYW5kIGZpdG5lc3MuIEluIG5vIGV2ZW50IHNoYWxsIHRoZSBhdXRob3IgYW5kIHRoZSANCmNvbnRyaWJ1dG9ycyBiZSBsaWFibGUgZm9yIGFueSBzcGVjaWFsLCBpbmRpcmVjdCBvciBjb25zZXF1ZW50aWFsIA0KZGFtYWdlcyBvciBhbnkgZGFtYWdlcyB3aGF0c29ldmVyIHJlc3VsdGluZyBmcm9tIGxvc3Mgb2YgdXNlLCBkYXRhIA0Kb3IgcHJvZml0cywgd2hldGhlciBpbiBhbiBhY3Rpb24gb2YgY29udHJhY3QsIG5lZ2xpZ2VuY2Ugb3Igb3RoZXIgDQp0b3J0dW91cyBhY3Rpb24sIGFyaXNpbmcgb3V0IG9mIG9yIGluIGNvbm5lY3Rpb24gd2l0aCB0aGUgdXNlIG9yIA0KcGVyZm9ybWFuY2Ugb2YgdGhpcyBzb2Z0d2FyZS4NCg==</dss:Base64Data></dss:Document></dss:InputDocuments></dss:VerifyRequest>
</soap-env:Body>
</soap-env:Envelope>
| | | | | | | |
The following explanation refers to the response that the TrustedX platform obtains once the request has been sent. Therefore, you should press the "try" button (above) to generate this response.
By observing the response, we can be sure that it is a signature verification, due to the presence of the dss:VerifyResponse element. Furthermore, the dss:ResultMajor and dss:ResultMinor elements indicate if the sent signature has been verified correctly.
Once the signature has been checked for correctness, all the optional fields that provide information about the signature and the verification process within the TrustedX platform, are added to the response. In this case, the dss:SignerIdentity element contains signer information, the css:TrustInfo element contains trust information including information about the policies and rules used to verify the signature, and lastly, the dss:SigningTime element indicates when the signature was produced. This time-stamp element is not valid because it is generated by the TrustedX platform and not by a time-stamping authority.
|
Try 
(1)