To verfify a XML Signature you have to mimik the WSS4J processing (i.e.
re-implment it).
parsing the Security header, locate the Signature related parts, look up
certificates, etc
and the use the XML Security API (of the xmlsec JAR) to perfom the
necessary actions.
If a Signature check fails this raises an excepetion (there can be
several reasons). After a
successful cignature processing WSS4J return the results as usual ->
refer to Javadoc.
Regards,
Werner
________________________________
Von: ext Robert Wierschke [mailto:[EMAIL PROTECTED]
Gesendet: Sonntag, 27. Juli 2008 18:19
An: wss4j-dev
Betreff: How to verify XML Signature?
Hi,
how do I verify a XML Signature in a SOAP message using wss4j?
Regarding to the test cases this is done via the processSecurityHeader
but how does this method tell me whether the signature was correct or
which signature are not? Also this does not remove the Security header
which is a problem because of the mustUnderstand constraint.
Thanks in advance.
regards
robert
