Verify an enveloping signature using a X509 certificate

IMPORT xml

MAIN
  DEFINE doc xml.DomDocument
  DEFINE node xml.DomNode
  DEFINE sig xml.Signature
  DEFINE cert xml.CryptoX509
  DEFINE pub xml.CryptoKey
  # Create DomDocument object
  LET doc = xml.DomDocument.Create()
  # Notice that whitespaces are significants in crytography, 
  # therefore it is recommended to remove unnecessary ones 
  CALL doc.setFeature("whitespace-in-element-content",FALSE)
  TRY
    # Load Signature into a DomDocument object
    CALL doc.load("MyDocumentEnvelopingSignature.xml")
    # Create signature object from DomDocument root node
    LET sig = xml.Signature.CreateFromNode(doc.getDocumentElement())
    # Create X509 certificate 
    LET cert = xml.CryptoX509.Create()
    CALL cert.loadPEM("DSACertificate.crt")
    # Create public key from that X509 certificate 
    LET pub = cert.createPublicKey(
      "http://www.w3.org/2000/09/xmldsig#dsa-sha1")
    # Assign it to the signature 
    CALL sig.setKey(pub)
    # Verify enveloping signature validity 
    LET isVerified = sig.verify(NULL)
    # Notice that if something has been modified in the signature 
    # or if the certificate isn't associated to the 
    # private DSA key of exemple 3,
    # the program will display "FAILED".
    IF isVerified THEN
      DISPLAY "Signature OK"
    ELSE
      DISPLAY "Signature FAILED"
    END IF
  CATCH
    DISPLAY "Unable to verify the enveloping signature :",STATUS
  END TRY
END MAIN
Note: All keys or certificates in PEM or DER format were created with the OpenSSL tool.