You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@santuario.apache.org by "Wijlens, Joris (J.)" <Jo...@uwv.nl> on 2004/11/02 12:31:39 UTC

Validating references instead of signatures

Hi,

 

I have a signed message with three references identified by URI's\id's. The
verifying application is only interested in two of these references. If the
third reference does exist the verifying application wants to check it. The
verifying application knows which two id's to verify and which one to
optionally verify. In the JavaDoc I see you can verify on the "Reference
level", so I can check only two of the three references in one signature?

 

Roughly my plan is to:

Select the signed element with the an id and the idresolver.

Create XMLSignatureInput with selected element.

Select a Reference element with xpath with the id  

Add the xmlsignatureinput to the refernce and call verify();

 

Is this a good approach or is there a better one? Are there any examples for
it?

 

Thanks,

 

Joris Wijlens