Using the XML signature validation classes

To use the XMLSignatureValidator class to validate an XML signature, you must:

  • Create an XMLSignatureValidator object

  • Provide an implementation of the IURIDereferencer interface. The XMLSignatureValidator object calls the IURIDereferencer dereference() method, passing in the URI for each reference in a signature. The dereference() method must resolve the URI and return the referenced data (which could be in the same document as the signature, or could be in an external resource).

  • Set the certificate trust, revocation checking, and reference validation settings of the XMLSignatureValidator object as appropriate for your application.

  • Add event listeners for the complete and error events.

  • Call the verify() method, passing in the signature to validate.

  • Handle the complete and error events and interpret the results.

The following example implements a validate() function that verifies the validity of an XML signature. The XMLSignatureValidator properties are set such that the signing certificate must be in the system trust store, or chain to a certificate in the trust store. The example also assumes that a suitable IURIDereferencer class named XMLDereferencer exists.

private function validate( xmlSignature:XML ):void 
{ 
    var verifier:XMLSignatureValidator = new XMLSignatureValidator(); 
    verifier.addEventListener(Event.COMPLETE, verificationComplete); 
    verifier.addEventListener(ErrorEvent.ERROR, verificationError); 
    try 
    { 
        verifier.uriDereferencer = new XMLDereferencer(); 
 
        verifier.referencesValidationSetting = 
            ReferencesValidationSetting.VALID_IDENTITY; 
        verifier.revocationCheckSetting = RevocationCheckSettings.BEST_EFFORT; 
        verifier.useSystemTrustStore = true; 
         
        //Verify the signature 
        verifier.verify( xmlSignature ); 
    } 
    catch (e:Error) 
        { 
            trace("Verification error.\n" + e); 
        } 
} 
 
//Trace verification results 
private function verificationComplete(event:Event):void 
 
    var signature:XMLSignatureValidator = event.target as XMLSignatureValidator; 
    trace("Signature status: " + signature.validityStatus + "\n"); 
    trace("  Digest status: " + signature.digestStatus + "\n"); 
    trace("  Identity status: " + signature.identityStatus + "\n"); 
    trace("  Reference status: " + signature.referencesStatus + "\n"); 
} 
 
private function verificationError(event:ErrorEvent):void 
{ 
    trace("Verification error.\n" + event.text);                 
}