santuario-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Cláudio Engelsdorff Avila <claudio.av...@tracesistemas.com>
Subject Re: Need lots of help - Validating Signed XML files
Date Thu, 06 Apr 2006 13:17:40 GMT
Yeah it helped for me to see that i'm on the right path.

But i'm stil having some problems trying to open revocation lists and so 
forth.
I got my chain and revocations lists from this URL 
"http://www.certisign.com.br/suporte/downloads.jsp#icp".

If someone could enlighten me.

Thanks in advance.

 
www.tracesistemas.com.br 
www.tracegp.com.br



Milan Tomic <tomicmilan@yahoo.com> 
05/04/2006 04:36
Please respond to
security-dev@xml.apache.org


To
security-dev@xml.apache.org
cc

Subject
Re: Need lots of help - Validating Signed XML files







Take a look at this article:

http://java.sun.com/j2se/1.4.2/docs/guide/security/certpath/CertPathProgGuide.html


Hope it helps,
Milan


--- Cl�udio Engelsdorff Avila <claudio.avila@tracesistemas.com> wrote:

> I'm developing an application that signs and validate xml files using 
the 
> apache xml security library.
> 
> To sign a file is easy, but the validation part is becoming a real 
problem 
> for me.
> 
> I've been able to validate te signature itself, and its expiration 
dates, 
> but i need more than just that. I need to validate the certification 
chain 
> and rcl files as well.
> To be honest I could find some examples to validate the chain, but I 
don't 
> understand how the certification chain really works.
> 
> If you guys could give me some steps to follow would be very nice. My 
> deadline is coming and i still have some pieces to put together.
> 
> 
> My goals are:
> - Assure that the certicate used was an end user certificate and not 
from 
> a certification authority; (Didn't find nothing about this kind of 
> validation)
> - Adopt rules defined by RFC 3280 for RCL and chain of trust 
> (certification chain); (Completely lost on this one)
> - Verify if the revogation and chain lists are up to date; (Didn't get 
> that far on my research)
> - Validate the key type used accept only keys type A; (I didn't find 
> anything about this types only when you pucharse your key you choose 
this 
> kind of things, at least here on brazil.)
> 
> 
> 
> Thanks in advance.


__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 


Mime
View raw message