如何验证包含认证机构(链)的签名XML文档?

时间:2014-08-25 06:08:49

标签: java xml cryptography x509certificate digital-signature

我正在使用以下标准代码验证签名的XML文件。

 boolean coreValidity = false;
    NodeList nl = doc.getElementsByTagNameNS(XMLSignature.XMLNS, "Signature");       
    if (nl.getLength() == 0) {
        throw new XMLSignatureException("Cannot find Signature element");
    }
    XMLSignatureFactory fac = XMLSignatureFactory.getInstance("DOM");
    for(int itr = 0; itr < nl.getLength(); itr++){
        DOMValidateContext valContext = new DOMValidateContext
            (new KeyValueKeySelector(), nl.item(itr));
        XMLSignature signature = fac.unmarshalXMLSignature(valContext);
        KeyValueKeySelector keyValueKeySelector = new KeyValueKeySelector();
        DOMValidateContext docContext = new DOMValidateContext(keyValueKeySelector, doc.getDocumentElement());
        coreValidity = signature.validate(docContext);            
        if (coreValidity == false) {
                logger.log(Level.INFO ,"Signature failed");
             }
        } else {
            logger.log(Level.INFO ,"Signature passed core validation");
        }

我需要验证包括CA在内的证书链。 需要什么代码?

0 个答案:

没有答案
相关问题
最新问题