Verify an enveloped signature using a RSA key

In this example, you verify the document (MyDocumentEnvelopedSignature.xml) signed with a RSA key.

The RSA key was created in Create an enveloped signature using a RSA key.

You need the RSA key ("RSAKey.pem") you used to sign the document in order to verify it. Copy the file named "RSAKey.pem" to a directory where you test the sample code.

All keys or certificates in PEM or DER format were created with the OpenSSL tool. For information on how the OpenSSL tool works, refer to the OpenSSL documentation.

IMPORT xml

MAIN
  DEFINE doc xml.DomDocument
  DEFINE node xml.DomNode
  DEFINE sig xml.Signature
  DEFINE key xml.CryptoKey
  DEFINE list xml.DomNodeList
  DEFINE isVerified INTEGER
  # Create DomDocument object
  LET doc = xml.DomDocument.Create()
  # Notice that whitespaces are significant in cryptography, 
  # therefore it is recommended to remove unnecessary ones 
  CALL doc.setFeature("whitespace-in-element-content",FALSE)
  TRY
    # Load original document with enveloped signature into a DomDocument object
    CALL doc.load("MyDocumentEnvelopedSignature.xml")
    # Because the signature can be anywhere in the original document, 
    # we must first retrieve it
    LET list = doc.getElementsByTagNameNS("Signature",
      "http://www.w3.org/2000/09/xmldsig#")
    IF list.getCount() != 1 THEN
      DISPLAY "Unable to find one Signature node"
      EXIT PROGRAM (-1)
    ELSE
      LET node = list.getItem(1)
    END IF
    # Create RSA key
    LET key = xml.CryptoKey.Create(
      "http://www.w3.org/2000/09/xmldsig#rsa-sha1")
    CALL key.loadPEM("RSAKey.pem")
    # Create signature object from DomNode object and set RSA key to use
    LET sig = xml.Signature.CreateFromNode(node)
    CALL sig.setKey(key)
    # Verify enveloped signature validity of original document
    LET isVerified = sig.verify(doc)
    # Notice that if something has been modified in the node with 
    # attribute 'xml:id="code"' of the original XML document with the 
    # enveloped signature, the program will display "FAILED".
    IF isVerified THEN
      DISPLAY "Signature OK"
    ELSE
      DISPLAY "Signature FAILED"
    END IF
  CATCH
    DISPLAY "Unable to verify the enveloped signature :",status
  END TRY
END MAIN