|
The objective of this request is to validate the status of a certificate using the TrustedX validation service. Next, you will find a description of the most important elements in this request.
Firstly, we must bear in mind that this is a SOAP request and it consists of two parts: a header (SOAP-ENV:Header) containing security and authentication data, and a body (SOAP-ENV:Body) that contains the main information or payload, defined in the various XML schemas.
The wsse:UsernameToken element in the header, which you can seen in the example, allows the user to present his credentials to the system using the user/password mechanism, and therefore, to correctly authenticate/authorize himself.
As can be observed, performing a certificate validation request involves using the dss:VerifyRequest element and specifying that the signature profile (Profile attribute) is certstatus. This differentiates this profile from the profile used for signature verification, which we have not yet seen and will see later.
In turn, in this example, the dss:VerifyRequest element contains the optional attribute, which permits selection of the service policy that will be used to validate the certificate (the ss:ServicePolicy). The person in charge of the TrustedX administration defines the policies and should make them public to users.
Finally, the certificate to be validated in Base64 format is added to the dss:Base64Signature element and, in this case, we specify, in the Type attribute, that the signature is a signed certificate.
<?xml version="1.0" encoding="UTF-8"?><SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<SOAP-ENV:Header>
<wsse:Security><wsse:UsernameToken wsu:Id="SecurityToken-5978847319590924181"><wsse:Username>dave</wsse:Username><wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">trustedx</wsse:Password></wsse:UsernameToken></wsse:Security></SOAP-ENV:Header>
<SOAP-ENV:Body wsu:Id="Id-3790929153794131125">
<dss:VerifyRequest xmlns:css="http://www.safelayer.com/TWS" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:dss="http://www.docs.oasis-open.org/dss/2004/06/oasis-dss-1.0-core-schema-wd-27.xsd" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:xades="http://uri.etsi.org/01903/v1.2.2#" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" Profile="urn:safelayer:tws:dss:1.0:profiles:certstatus:1.0:verify" RequestID="Id-4095479411226266653">
<dss:OptionalInputs><dss:ServicePolicy>urn:safelayer:tws:policies:validation:sample:local</dss:ServicePolicy></dss:OptionalInputs><dss:SignatureObject><dss:Base64Signature Type="urn:safelayer:tws:dss:1.0:profiles:names:certificate">MIIEVzCCAz+gAwIBAgICBLMwDQYJKoZIhvcNAQEFBQAwbjFBMD8GA1UEChM4U2FmZWxheWVyIFNlY3VyZSBDb21tdW5pY2F0aW9ucywgUy5BLiBbQy5JLkYuIEE2MTkzMDA0Nl0xKTAnBgNVBAMTIFNhZmVsYXllciAtIENsYXNzIDEgUm9vdCBDQSBEZW1vMB4XDTA5MDEyMTEwMzk1M1oXDTIyMDEyMTEwMzk1M1owPjELMAkGA1UEBhMCRVMxETAPBgNVBAoTCFRydXN0ZWRYMQ0wCwYDVQQLEwREZW1vMQ0wCwYDVQQDEwREYXZlMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDKgonDOEw1jOJF4w0QQsYfrw5hZA3yW9HqJcQXHWq7IhuXd+P5M6TqM3FFGw6eJg1ZbYdCc15njxFlfzzUhQ8mv9h/Dc45h3S9bHZD5j9WBlJ/bqKczV2iGKOHka5UYJNAQKdeDkKLTEvJlP0+16pbWzOkzqKk7lyINcnzSYXbxQIDAQABo4IBsTCCAa0wDAYDVR0TAQH/BAIwADAOBgNVHQ8BAf8EBAMCA/gwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMEMBEGCWCGSAGG+EIBAQQEAwIFoDAdBgNVHQ4EFgQUfw4g7lN7fyRsHPV5MiputZb2AyIwgZgGA1UdIwSBkDCBjYAUNEmbBBkEQgCP0PZ4m8TXjcAX7TShcqRwMG4xQTA/BgNVBAoTOFNhZmVsYXllciBTZWN1cmUgQ29tbXVuaWNhdGlvbnMsIFMuQS4gW0MuSS5GLiBBNjE5MzAwNDZdMSkwJwYDVQQDEyBTYWZlbGF5ZXIgLSBDbGFzcyAxIFJvb3QgQ0EgRGVtb4IBATA4BggrBgEFBQcBAQQsMCowKAYIKwYBBQUHMAGGHGh0dHA6Ly92YS5zYWZlbGF5ZXIuY29tOjgwOTQwZwYDVR0fBGAwXjBcoFqgWIYpaHR0cDovL2NhLnNhZmVsYXllci5jb20vY3Jscy9jcmxEZW1vcy5jcmyGK2h0dHA6Ly9kZW1vLnNhZmVsYXllci5jb20vY3Jscy9jcmxEZW1vcy5jcmwwDQYJKoZIhvcNAQEFBQADggEBAFSpzvI2xo7aV+zSEQfa9nqqhTiiEVc1JbTveb6UROtueIN9uZcZoheXH6+Su+5kdZEqfjl9OJPV8h2f2r4yMNSkiCuPQMrq6p3RZeP7oQr7vP9GIvxhQCr9xdAP4PjKKn+kj1gS7RXdhEBmpyrKNxb/eq9WU3T6c3d8P38/Ea+kijYbEarzc9gqRSl853vaR8UDcADjWXwXfAAQ4dmuHizsUNqQ4JV5hBe5089V/hxazZAvneCQvyVMlJl6koMl96tl5FOy3aqyer96+QkWFLw8AO4yHBayO46y4sSy2bH9zgUUIPz2NJh/I7KFOYN8hPcTk+yq1jwqWMIGBDF+VSU=</dss:Base64Signature></dss:SignatureObject></dss:VerifyRequest>
</SOAP-ENV:Body>
</SOAP-ENV:Envelope>
| | | | | | | |
The following explanation refers to the response that the TrustedX platform obtains once the request has been sent. Therefore, you should press the "try" button (above) to generate this response.
Firstly, if we observe the response obtained, we will see that the dss:VerifyResponse element indicates that it is a verification response. Moreover, it also contains the Profile attribute with the certstatus value, thus indicating that it is a certificate validation.
Meanwhile, the dss:Result element with its two indicators, dss:ResultMajor and dss:ResultMinor, states the result of the validation. A correct validation is one in which both values are correct, i.e. Success and ValidSignature_OnAllDocuments, respectively.
Furthermore, it is possible for a certificate validation response to return other values with optional information. Some of these values are added because of having been previously selected in the signature policy, which is used in the TrustedX' s own administration console. Others, however, are expected to be present in a response, as they have been asked for explicitly in the corresponding request. In this example, you can see the following output elements: the css:TrustInfo element, which contains the level of trust in a root and the css:ValidationPolicy element, which contains the validation policies that were used by TrustedX to validate the certificate.
|
