XML Signature Verification - Safelayer Labs Technology: Axis examples

DISCLAIMER

The objective of this example is to validate the document signature produced in the XML Signature Generation example. In order to understand this example, it is recommended that first you understand the previously seen example: CMS/PKCS#7 Signature Verification example.

To try this example, you must download the file called sampleAxis7.zip and follow the instructions in Configuration of the Environment.

The downloaded file already contains a signature to be used for verification, but, if you wish, you can replace this file with the one generated in the XML Signature Generation example, to check the validity of the generated signature.

This example is very similar to the CMS/PKCS#7 Signature Verification example; however, this example applies the XADES profile.

VerifyRequest vr = new VerifyRequest();
vr.setProfile(new URI(PROF_VERIFY_XADES));

Given that the signature generated is detached, the request must include the data for both the signed file and the signature.
The binary encoded signature data are inserted in the request in a SignatureObject object. In addition to the data, it is also stated that the format of the inserted signature is CMS.

SignatureObject sobj = new SignatureObject();
Base64Binary b64bin = new Base64Binary();
b64bin.set_value(Util.readBinaryFile(path_in + signname));
sobj.setBase64XMLSignature(b64bin);
vr.setSignatureObject(sobj);

The data of the signed file are inserted in the request as InputDocuments, and they are encoded in Base64 inside a Document object.

InputDocuments idoc = new InputDocuments();
Document doc = new Document();
doc.setBase64XML(Util.readBinaryFile(path_in + filename));
idoc.setDocument(doc);
vr.setInputDocuments(idoc);

Once all the data have been entered in the request, the verify() operation is invoked; this operation sends the request to the host and collects the response in a VerifyResponse object.

VerifyResponse vrs = bindingDsv.verify(vr);

Execution of this example will generate a response such as the one seen below.

** RESPONSE **
---------------------
Major: urn:oasis:names:tc:dss:1.0:resultmajor:Success
Minor: urn:oasis:names:tc:dss:1.0:resultminor:ValidSignature_OnAllDocuments
DN: CN=trustedx, OU=Demo, O=TrustedX, C=ES
Issuer Trust Level: 0
Issuer Trust Label: Administration

Technology: Axis examples

Experiment PKI

Experiment TrustedX

Experiment Signatures

Experiment citizen eID