EldoS | Feel safer!

Software components for data protection, secure storage and transfer

[Java] Check if an XML file is signed

Also by EldoS: MsgConnect
Cross-platform protocol-independent communication framework for building peer-to-peer and client-server applications and middleware components.
#30047
Posted: 07/16/2014 06:11:41
by Mickaël Bénès (Standard support level)
Joined: 02/26/2013
Posts: 74

Hello.

I would like to know if it is possible to just check wether an XML file is signed or not. I noticed that when you use TElXMLVerifier.Load() with an unsigned file, an SecureBlackbox.XML.EElXMLSecurityError occurs. So I did this to check if an XML file is signed :
Code
public static boolean fileIsSigned(File fileToVerify) throws Exception {
      TElXMLDOMDocument xml   = new TElXMLDOMDocument();
      xml.LoadFromFile( fileToVerify.getAbsolutePath() );
      
      TElXAdESVerifier xadesVerifier   = new TElXAdESVerifier();
      xadesVerifier.SetIgnoreChainValidationErrors(true);
      TElXMLVerifier xmlVerifier      = new TElXMLVerifier();
      TElXMLDOMNode sigNode         = xml.GetDocumentElement();
      
      xmlVerifier.SetXAdESProcessor(xadesVerifier);
      
      try {
         xmlVerifier.Load((TElXMLDOMElement) sigNode);
         return true;
      }
      catch (Exception e) {
         if (e instanceof SecureBlackbox.XML.EElXMLSecurityError) {
            return false;
         }
         
         throw e;
      }
   }
But I'm almost sure that this isn't the right way to do it.

Thank you for your help.

Mickaël Bénès

EDIT : FYI, I don't want to verify the signature yet, I just need a function to check if a given file is XAdES signed.
#30050
Posted: 07/16/2014 07:23:55
by Dmytro Bogatskyy (EldoS Corp.)

Thank you for contacting us.

You can use XPath expression to select all Signature elements, and then try to load each found signature and check if it has XAdES info or not. For example:
Code
        TElXMLNamespaceMap NSMap = new TElXMLNamespaceMap();
        NSMap.addNamespace("ds", SBXMLDefs.xmlSignatureNamespace);
        TElXMLNodeSet NodeSet = _XMLDocument.selectNodes("//ds:Signature", NSMap);
        try
        {
            for (int i = 0; i < NodeSet.getCount(); i++)
            {
                if (NodeSet.getNode(i).getClass().isInstance(TElXMLDOMElement.class))
                {
                   // has signature
                   TElXMLVerifier Verifier = new TElXMLVerifier();
                   TElXAdESVerifier XAdESVerifier = new TElXAdESVerifier();
                   try
                   {
                      Verifier.setXAdESProcessor(XAdESVerifier);
                      Verifier.load((TElXMLDOMElement)NodeSet.getNode(i));
                      if (XAdESVerifier.getIsEnabled())
                      // has XAdES
                      ;
                   }
                   finally
                   {
                      Verifier.Free();
                      XAdESVerifier.Free();
                   }
                }
            }
        }
        finally
        {
            NodeSet.Free();
        }
#30053
Posted: 07/16/2014 08:57:24
by Mickaël Bénès (Standard support level)
Joined: 02/26/2013
Posts: 74

Thank you for the quick answer.

The code that you gave me works fine, except for this line :
Code
if (NodeSet.getNode(i).getClass().isInstance(TElXMLDOMElement.class))
This always returns false.
The signature I perform are done on the document, not on a node. Maybe this explain why ?

Mickaël Bénès
#30055
Posted: 07/16/2014 10:43:07
by Dmytro Bogatskyy (EldoS Corp.)

Hello,

Correction, of course it should be:
Code
if (NodeSet.getNode(i) instanceof TElXMLDOMElement)
#30056
Posted: 07/16/2014 10:51:37
by Mickaël Bénès (Standard support level)
Joined: 02/26/2013
Posts: 74

Didn't know there was a difference between intenceof and getClass().isInstance().

Thank you !
Also by EldoS: CallbackRegistry
A component to monitor and control Windows registry access and create virtual registry keys.

Reply

Statistics

Topic viewed 651 times

Number of guests: 1, registered members: 0, in total hidden: 0




|

Back to top

As of July 15, 2016 EldoS Corporation will operate as a division of /n software inc. For more information, please read the announcement.

Got it!