XML: Verify signature
Verification of the signed document consists of two steps - validation of the signature and reference validation.
First you need to load the signature from the document. To do this, call Load() method of TElXMLVerifier class and pass an element, which contains a signature node. The element need not be a signature node itself -- it can contain a signature as one of the children nodes.
Next, call ValidateSignature() method of TElXMLVerifier class. This method will return true if the signature could be verified and was correct. The method will return false in 2 cases - the signature is incorrect (altered, broken etc.) or there's not enough information to validate the signature. KeyDataNeeded property is true if there was not enough information or false if the signature is incorrect.
In case of MAC signature, you need to set the HMAC key, used to decrypt the signature data. To set this key,
In case of the regular signature, you need to provide a certificate or a key against which verification is performed. You will need only a public key or certificate without a private key for verification of the signature. KeyName property of TElXMLVerifier can contain the name of the key, which will help you locate the key. Note, that the presence of this value is optional. Load the key data to the instance of the corresponding key data class and set KeyData property of TElXMLVerifier class to reference the instance of the key data class.
After the key data is set call ValidateSignature() once again.
If the signature contains XAdES information, you should call TElXAdESVerifier.Validate() method to validate it and a signer certificate. If no XAdES information is present, you can get the signer certificate or keydata using TElXMLVerifier.SignerCertificate and/or TElXMLVerifier.SignerKeyData properties, and then, if the signature is signed with a certificate, use TElX509CertificateValidator class to validate a certificate, or check if the key / certificate belongs to this signer in application-defined way (for example, the public key could be stored in database and associated with a customer name).
Reference validation is described in the corresponding how-to article.