santuario-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Cláudio Engelsdorff Avila <>
Subject Need lots of help - Validating Signed XML files
Date Tue, 04 Apr 2006 18:44:57 GMT
I'm developing an application that signs and validate xml files using the 
apache xml security library.

To sign a file is easy, but the validation part is becoming a real problem 
for me.

I've been able to validate te signature itself, and its expiration dates, 
but i need more than just that. I need to validate the certification chain 
and rcl files as well.
To be honest I could find some examples to validate the chain, but I don't 
understand how the certification chain really works.

If you guys could give me some steps to follow would be very nice. My 
deadline is coming and i still have some pieces to put together.

My goals are:
- Assure that the certicate used was an end user certificate and not from 
a certification authority; (Didn't find nothing about this kind of 
- Adopt rules defined by RFC 3280 for RCL and chain of trust 
(certification chain); (Completely lost on this one)
- Verify if the revogation and chain lists are up to date; (Didn't get 
that far on my research)
- Validate the key type used accept only keys type A; (I didn't find 
anything about this types only when you pucharse your key you choose this 
kind of things, at least here on brazil.)

Thanks in advance.
View raw message