Menu
▾
▴
Re: [Exist-open] Questions about exist crypto lib, validate-signature()
|
From: Adam R. <ad...@ex...> - 2017-07-08 15:21:00
|
Claudius, Can you shed any light on this one? Cheers Adam. On 3 July 2017 at 13:50, Olaf Schreck <ch...@sy...> wrote: > Hi, > > I'd like to use crypto:validate-signature() to validate a signed XML doc > (a SAML assertion actually). > > I'm looking at test file validateEnvelopedDigitalSignature.xq from the > exist crypto lib. Usage seems to be dead simple: pass in the signed doc, > get true() if the sig matches. > > Tried this and got something like "no key found". I assume this is because > the XML signature that I receive does not contain a "KeyInfo" element. Is > that correct? I couldn't find the exact error message in the crypto lib > source or in the > ro.kuberam.libs.java.crypto.digitalSignature.ValidateXmlSignature source. > > In the test file I see $certificate-details bound to a > <digital-certificate> > XML structure, but this var is not used anywhere? Am I missing some > under-the-hood magic here? > > Finally, how could I use crypto:validate-signature() to validate an XML sig > that does not contain KeyInfo, assuming I have the matching X.509 cert in > the local keystore? > > Thanks, > Olaf > > ------------------------------------------------------------ > ------------------ > Check out the vibrant tech community on one of the world's most > engaging tech sites, Slashdot.org! http://sdm.link/slashdot > _______________________________________________ > Exist-open mailing list > Exi...@li... > https://lists.sourceforge.net/lists/listinfo/exist-open > -- Adam Retter eXist Developer { United Kingdom } ad...@ex... irc://irc.freenode.net/existdb |
