|
In order to understand this example, it is recommended that first you understand the previously seen examples, XML Signature Generation and CMS/PKCS#7 Signature Verification
The following request enables enveloping XML signatures to be verified from a dsig:Signature signature, which has already been explained in previous examples.
<?xml version="1.0" encoding="UTF-8"?><SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<SOAP-ENV:Header>
<wsse:Security><wsse:UsernameToken wsu:Id="SecurityToken-3962994896493663234"><wsse:Username>eve</wsse:Username><wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">trustedx</wsse:Password></wsse:UsernameToken></wsse:Security></SOAP-ENV:Header>
<SOAP-ENV:Body wsu:Id="Id-7496267126417417500">
<dss:VerifyRequest xmlns:css="http://www.safelayer.com/TWS" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:dss="http://www.docs.oasis-open.org/dss/2004/06/oasis-dss-1.0-core-schema-wd-27.xsd" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:xades="http://uri.etsi.org/01903/v1.2.2#" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" Profile="urn:safelayer:tws:dss:1.0:profiles:xades:1.0:verify" RequestID="Id-1877342843188573652">
<dss:SignatureObject><dsig:Signature xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" Id="Id54197229618085870562850365">
<dsig:SignedInfo Id="Id20928222411289023821438099311">
<dsig:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
<dsig:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
<dsig:Reference Id="Id175222648218298666671660021328" URI="#Id98225871720158818231011228416">
<dsig:Transforms>
<dsig:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</dsig:Transforms>
<dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<dsig:DigestValue>ZO4GWxbpEaKe/ZaK4S8nP1txIls=</dsig:DigestValue>
</dsig:Reference>
<dsig:Reference Id="Id1142606388383876256815327999" Type="http://uri.etsi.org/01903/V1.2.2#SignedProperties" URI="#Id15803900912340281071849950319">
<dsig:Transforms>
<dsig:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</dsig:Transforms>
<dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<dsig:DigestValue>EV77pyBzH6QiqLitx92YIvj33gE=</dsig:DigestValue>
</dsig:Reference>
</dsig:SignedInfo>
<dsig:SignatureValue Id="Id1452495980578271158170039400">q6bdoc9D0Dc0Q/dAixVj3th4DeTClMu4rlCAhTgKyPAM2Hw9prqA46hBInzPZZ3NaLln4ZymY4eNSe48By20zm+eGXl21nAKKf7tDlgOv3/KIzsO1V+xjUoxBwgKRxNAYDW6Env5CHTneppUZo9GrnQEUBP43Bm88uBv8/2qghA=</dsig:SignatureValue>
<dsig:KeyInfo>
<dsig:X509Data>
<dsig:X509Certificate>MIIEVzCCAz+gAwIBAgICA8EwDQYJKoZIhvcNAQEFBQAwbjFBMD8GA1UEChM4U2FmZWxheWVyIFNlY3VyZSBDb21tdW5pY2F0aW9ucywgUy5BLiBbQy5JLkYuIEE2MTkzMDA0Nl0xKTAnBgNVBAMTIFNhZmVsYXllciAtIENsYXNzIDEgUm9vdCBDQSBEZW1vMB4XDTA4MDExMDExNDYwNFoXDTA5MDExMDExNDYwNFowPjELMAkGA1UEBhMCRVMxETAPBgNVBAoTCFRydXN0ZWRYMQ0wCwYDVQQLEwREZW1vMQ0wCwYDVQQDEwREYXZlMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCwgP6U2BdxG/hUzPLlVN4maa79hfsxfOpvENDo4BOCmni9IhXBsFoQkNt/an/JILIhsZm1Pz+oiOZCuzb6FJxHMoKltxMFukZnGBdyDvhAKJVx5J9t165hB82x2cIjkjyGEdRCEpmp40IQV23P0/t71vj9tEF2dTRhs723KZvk2wIDAQABo4IBsTCCAa0wDAYDVR0TAQH/BAIwADAOBgNVHQ8BAf8EBAMCA/gwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMEMBEGCWCGSAGG+EIBAQQEAwIFoDAdBgNVHQ4EFgQUsQmFz7/Ei7KW7aJu01YtRCIH3yUwgZgGA1UdIwSBkDCBjYAUNEmbBBkEQgCP0PZ4m8TXjcAX7TShcqRwMG4xQTA/BgNVBAoTOFNhZmVsYXllciBTZWN1cmUgQ29tbXVuaWNhdGlvbnMsIFMuQS4gW0MuSS5GLiBBNjE5MzAwNDZdMSkwJwYDVQQDEyBTYWZlbGF5ZXIgLSBDbGFzcyAxIFJvb3QgQ0EgRGVtb4IBATA4BggrBgEFBQcBAQQsMCowKAYIKwYBBQUHMAGGHGh0dHA6Ly92YS5zYWZlbGF5ZXIuY29tOjgwOTQwZwYDVR0fBGAwXjBcoFqgWIYpaHR0cDovL2NhLnNhZmVsYXllci5jb20vY3Jscy9jcmxEZW1vcy5jcmyGK2h0dHA6Ly9kZW1vLnNhZmVsYXllci5jb20vY3Jscy9jcmxEZW1vcy5jcmwwDQYJKoZIhvcNAQEFBQADggEBAH1/za0hD5V/JBCFHZRtXtQfkrP9Os+iD5lq04+el+ULnXR03F801scmdLoFLT6IC69wwnGO61lQpRvzPf2GYBB5QOfU/13CeZEVWyG4k5kx8jcDvT2SCbPJ5Ewh74tO8PnRH+/5Ja5pj9MIv51sRXEP5mJrf5rOEyRX5ZK/aSZuGaEkuIOhsYoKGvAkf8gxuBZ5Jj0CP9vPnRJXReXov6GkUoJd45NulOIHEa3vuJnserph3cX+D3yJV1ytRZAurOIWtxlkp4uWiNUa4yzGIcXT03TRLn96iyB+uDL4U4i725e3kE6oSlB2STjvGctkSm0lVKCRk007ioN2WnsDYRY=</dsig:X509Certificate>
</dsig:X509Data>
</dsig:KeyInfo>
<dsig:Object Id="Id81214538214956045071205624227">
<xades:QualifyingProperties Target="#Id54197229618085870562850365" xmlns:xades="http://uri.etsi.org/01903/v1.2.2#">
<xades:SignedProperties Id="Id15803900912340281071849950319" xmlns:xades="http://uri.etsi.org/01903/v1.2.2#">
<xades:SignedSignatureProperties>
<xades:SigningTime>2008-02-04T12:34:20Z</xades:SigningTime>
</xades:SignedSignatureProperties><xades:SignedDataObjectProperties/>
</xades:SignedProperties>
</xades:QualifyingProperties></dsig:Object><dsig:Object Id="Id98225871720158818231011228416" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"><trustedx Id="data"><example Id="node1">Simple xml file</example><description Id="node2" format="text">XMLDSig/XAdES TrustedX signatures</description></trustedx></dsig:Object></dsig:Signature></dss:SignatureObject></dss:VerifyRequest>
</SOAP-ENV:Body>
</SOAP-ENV:Envelope>
| | | | | | | |
The following explanation refers to the response that the TrustedX platform obtains once the request has been sent. Therefore, you should press the "try" button (above) to generate this response.
As in previous examples, the dss:Result element, with its dss:ResultMajor and dss:ResultMinor indicators, indicates the result of the validation - in this case a positive result.
Moreover, we can see the following optional output elements: dss:SignerIdentity, which contains the signer information, css:TrustInfo, which contains the level of trust in a root and css:ValidationPolicy, which contains the validation policies used by TrustedX to validate the certificate.
|
Try 
(1)