Verify an enveloping signature using a X509 certificate
IMPORT xml
MAIN
DEFINE doc xml.DomDocument
DEFINE sig xml.Signature
DEFINE cert xml.CryptoX509
DEFINE pub xml.CryptoKey
DEFINE isVerified INTEGER
# Create DomDocument object
LET doc = xml.DomDocument.Create()
# Notice that whitespaces are significant in cryptography,
# therefore it is recommended to remove unnecessary ones
CALL doc.setFeature("whitespace-in-element-content",FALSE)
TRY
# Load Signature into a DomDocument object
CALL doc.load("MyDocumentEnvelopingSignature.xml")
# Create signature object from DomDocument root node
LET sig = xml.Signature.CreateFromNode(doc.getDocumentElement())
# Create X509 certificate
LET cert = xml.CryptoX509.Create()
CALL cert.loadPEM("DSACertificate.crt")
# Create public key from that X509 certificate
LET pub = cert.createPublicKey(
"http://www.w3.org/2000/09/xmldsig#dsa-sha1")
# Assign it to the signature
CALL sig.setKey(pub)
# Verify enveloping signature validity
LET isVerified = sig.verify(NULL)
# Notice that if something has been modified in the signature
# or if the certificate isn't associated to the
# private DSA key of example 3,
# the program will display "FAILED".
IF isVerified THEN
DISPLAY "Signature OK"
ELSE
DISPLAY "Signature FAILED"
END IF
CATCH
DISPLAY "Unable to verify the enveloping signature :",STATUS
END TRY
END MAIN
Note: All keys or certificates in PEM or DER format were
created with the OpenSSL tool.