Using KeySelectors
VALIDATE
E
XAMPLE
225
i.next()).validate(valContext);
System.out.println("ref["+j+"] validity status: " +
refValid);
}
Using KeySelectors
KeySelectors
are used to find and select keys that are needed to validate an
XMLSignature. Earlier, when we created a
DOMValidateContext
object, we
passed a
KeySelector
object as the first argument:
DOMValidateContext valContext = new DOMValidateContext
(new KeyValueKeySelector(), nl.item(0));
Alternatively, we could have passed a
PublicKey
as the first argument if we
already knew what key is needed to validate the signature. However, we often
don't know.
The
KeyValueKeySelector
is a concrete implementation of the abstract
KeySe-
lector
class.
The
KeyValueKeySelector
implementation tries to find an
appropriate validation key using the data contained in
KeyValue
elements of the
KeyInfo
element of an
XMLSignature
. It does not determine if the key is trusted.
This is a very simple
KeySelector
implementation, designed for illustration
rather than real-world usage. A more practical example of a
KeySelector
is one
that searches a
KeyStore
for trusted keys that match
X509Data
information (for
example,
X509SubjectName
,
X509IssuerSerial
,
X509SKI
,
or
X509Certificate
elements) contained in a
KeyInfo
.
The implementation of the
KeyValueKeySelector
is as follows:
private static class KeyValueKeySelector extends KeySelector {
public KeySelectorResult select(KeyInfo keyInfo,
KeySelector.Purpose purpose,
AlgorithmMethod method,
XMLCryptoContext context)
throws KeySelectorException {
if (keyInfo == null) {
throw new KeySelectorException("Null KeyInfo object!");
}
SignatureMethod sm = (SignatureMethod) method;
List list = keyInfo.getContent();
for (int i = 0; i < list.size(); i++) {
