background image

XML Signature Fails to Validate

<< Creating a Validation Context | Using KeySelectors >>
<< Creating a Validation Context | Using KeySelectors >>
224
J
AVA
XML D
IGITAL
S
IGNATURE
API
We then invoke the
unmarshalXMLSignature
method of the factory to unmar-
shal an
XMLSignature
object, and pass it the validation context we created ear-
lier:
XMLSignature signature =
factory.unmarshalXMLSignature(valContext);
Validating the XML Signature
Now we are ready to validate the signature. We do this by invoking the
validate
method on the
XMLSignature
object, and pass it the validation context as fol-
lows:
boolean coreValidity = signature.validate(valContext);
The
validate
method returns "true" if the signature validates successfully
according to the
core validation rules
in the
W3C XML Signature Recom-
mendation
, and false otherwise.
What If the XML Signature Fails to Validate?
If the
XMLSignature.validate
method returns false, we can try to narrow down
the cause of the failure. There are two phases in core XML Signature validation:
·
Signature validation
(the cryptographic verification of the signature)
·
Reference validation
(the verification of the digest of each reference in
the signature)
Each phase must be successful for the signature to be valid. To check if the sig-
nature failed to cryptographically validate, we can check the status, as follows:
boolean sv =
signature.getSignatureValue().validate(valContext);
System.out.println("signature validation status: " + sv);
We can also iterate over the references and check the validation status of each
one, as follows:
Iterator i =
signature.getSignedInfo().getReferences().iterator();
for (int j=0; i.hasNext(); j++) {
boolean refValid = ((Reference)