Verify an enveloped signature using a RSA key
IMPORT xml
MAIN
DEFINE doc xml.DomDocument
DEFINE node xml.DomNode
DEFINE sig xml.Signature
DEFINE key xml.CryptoKey
DEFINE list xml.DomNodeList
DEFINE isVerified INTEGER
# Create DomDocument object
LET doc = xml.DomDocument.Create()
# Notice that whitespaces are significant in cryptography,
# therefore it is recommended to remove unnecessary ones
CALL doc.setFeature("whitespace-in-element-content",FALSE)
TRY
# Load original document with enveloped signature into a DomDocument object
CALL doc.load("MyDocumentEnvelopedSignature.xml")
# Because the signature can be anywhere in the original document,
# we must first retrieve it
LET list = doc.getElementsByTagNameNS("Signature",
"http://www.w3.org/2000/09/xmldsig#")
IF list.getCount() != 1 THEN
DISPLAY "Unable to find one Signature node"
EXIT PROGRAM (-1)
ELSE
LET node = list.getItem(1)
END IF
# Create RSA key
LET key = xml.CryptoKey.Create(
"http://www.w3.org/2000/09/xmldsig#rsa-sha1")
CALL key.loadPEM("RSAKey.pem")
# Create signature object from DomNode object and set RSA key to use
LET sig = xml.Signature.CreateFromNode(node)
CALL sig.setKey(key)
# Verify enveloped signature validity of original document
LET isVerified = sig.verify(doc)
# Notice that if something has been modified in the node with
# attribute 'xml:id="code"' of the original XML document with the
# enveloped signature, the program will display "FAILED".
IF isVerified THEN
DISPLAY "Signature OK"
ELSE
DISPLAY "Signature FAILED"
END IF
CATCH
DISPLAY "Unable to verify the enveloped signature :",STATUS
END TRY
END MAIN
Note: All keys or certificates in PEM or DER format were
created with the OpenSSL tool.