Re: Need lots of help - Validating Signed XML files

[Cláudio Engelsdorff Avila]

For that rovacation lists the URL is
"http://icp-brasil.certisign.com.br/repositorio/index.htm".

Sorry i thought that i had pasted that
link here too.


Thanks in advance








"Martin Labarthe Dubois"
<[EMAIL PROTECTED]> 
06/04/2006 10:39



Please respond to
security-dev@xml.apache.org





To
<security-dev@xml.apache.org>


cc



Subject
Re: Need lots of help - Validating Signed
XML files








I only found the certificate chains there,
but not the revocation lists.
 
----- Original Message ----- 
From: Cláudio
Engelsdorff Avila 
To: security-dev@xml.apache.org

Sent: Thursday, April 06, 2006 10:17 AM
Subject: Re: Need lots of help - Validating Signed
XML files


Yeah it helped for me to see that i'm on the right path.


But i'm stil having some problems trying to open revocation lists and so
forth. 
I got my chain and revocations lists from this URL "http://www.certisign.com.br/suporte/downloads.jsp#icp".


If someone could enlighten me.


Thanks in advance.

                    
             
www.tracesistemas.com.br

www.tracegp.com.br





Milan Tomic <[EMAIL PROTECTED]>

05/04/2006 04:36





Please respond to
security-dev@xml.apache.org






To
security-dev@xml.apache.org



cc



Subject
Re: Need lots of help - Validating Signed
XML files











Take a look at this article:

http://java.sun.com/j2se/1.4.2/docs/guide/security/certpath/CertPathProgGuide.html

Hope it helps,
Milan


--- Cl�udio Engelsdorff Avila <[EMAIL PROTECTED]>
wrote:

> I'm developing an application that signs and validate xml files using
the 
> apache xml security library.
> 
> To sign a file is easy, but the validation part is becoming a real
problem 
> for me.
> 
> I've been able to validate te signature itself, and its expiration
dates, 
> but i need more than just that. I need to validate the certification
chain 
> and rcl files as well.
> To be honest I could find some examples to validate the chain, but
I don't 
> understand how the certification chain really works.
> 
> If you guys could give me some steps to follow would be very nice.
My 
> deadline is coming and i still have some pieces to put together.
> 
> 
> My goals are:
> - Assure that the certicate used was an end user certificate and not
from 
> a certification authority; (Didn't find nothing about this kind of

> validation)
> - Adopt rules defined by RFC 3280 for RCL and chain of trust 
> (certification chain); (Completely lost on this one)
> - Verify if the revogation and chain lists are up to date; (Didn't
get 
> that far on my research)
> - Validate the key type used accept only keys type A; (I didn't find

> anything about this types only when you pucharse your key you choose
this 
> kind of things, at least here on brazil.)
> 
> 
> 
> Thanks in advance.


__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com