[Exist-open] Questions about exist crypto lib, validate-signature()

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

Hi,

I'd like to use crypto:validate-signature() to validate a signed XML doc 
(a SAML assertion actually).

I'm looking at test file validateEnvelopedDigitalSignature.xq from the 
exist crypto lib.  Usage seems to be dead simple: pass in the signed doc, 
get true() if the sig matches.

Tried this and got something like "no key found".  I assume this is because 
the XML signature that I receive does not contain a "KeyInfo" element.  Is 
that correct?  I couldn't find the exact error message in the crypto lib 
source or in the 
ro.kuberam.libs.java.crypto.digitalSignature.ValidateXmlSignature source.

In the test file I see $certificate-details bound to a <digital-certificate> 
XML structure, but this var is not used anywhere?  Am I missing some 
under-the-hood magic here?

Finally, how could I use crypto:validate-signature() to validate an XML sig 
that does not contain KeyInfo, assuming I have the matching X.509 cert in 
the local keystore?

Thanks,
Olaf

[Exist-open] Questions about exist crypto lib, validate-signature()

eXist-db is a feature rich Open Source native XML database

[Exist-open] Questions about exist crypto lib, validate-signature()