public class SigningCertificateValidator extends java.lang.Object implements Validator
If the CertificateValues is present, the verifier could get
it from this property or from within the ds:KeyInfo element.
If the CertificateValues element is not present, the verifier
may gain access to the signer's certificate from within the
ds:KeyInfo, if present, or by other means that are out of the
scope of the present document. In addition, the means allowing the verifier
to identify the signer's certificate are out of scope of the present
document.
Once the verifier has gotten the signing certificate, she should check it
against the references present in the ds:SigningCertificate
property, if present. For doing this, and for each reference present in the
property, the verifier should perform the following tasks:
IssuerSerial element, following the
indications given in in XMLDSIG clause 4.4.4 on how to generate the string
corresponding to the issuer"s distinguished name. If they do not match take
the next reference and re-start again in 1. If they match, continue with 2.
ds:KeyInfo contains the
ds:X509IssuerSerial element, check that the issuer and the
serial number indicated in both, that one and IssuerSerial
from SigningCertificate, are the same.
ds:DigestValue is the result of
digesting the certificate with the algorithm indicated in
ds:DigestMethod and base-64 encoding this digest.
If the verifier does not find any reference matching the signing certificate, the validation of this property should be taken as failed.
If SigningCertificate contains references to other
certificates in the path, the verifier should proceed to check
each of the certificates in the certification path against them.
Should this property contain one or more references to certificates other than those present in the certification path, the verifier should assume that a failure has occurred during the validation.
Should one or more certificates in the certification path not be referenced by this property, the verifier should assume that the validation is successful unless the signature policy mandates that references to all the certificates in the certification path "must" be present.
| Constructor and Description |
|---|
SigningCertificateValidator() |
| Modifier and Type | Method and Description |
|---|---|
java.lang.String |
getName() |
ValidationResult |
validate(XMLSignature aSignature,
tr.gov.tubitak.uekae.esya.api.asn.x509.ECertificate aCertificate) |
public ValidationResult validate(XMLSignature aSignature, tr.gov.tubitak.uekae.esya.api.asn.x509.ECertificate aCertificate) throws XMLSignatureException
validate in interface ValidatoraSignature - to be validatedaCertificate - used for signatureXMLSignatureException - if unexpected errors occur on IO, or
crypto operations etc.Copyright © 2025. All rights reserved.