XMLSig Bean
Properties Methods Events Configuration Settings Errors
The XMLSig component is used to sign XML and verify signed XML.
Syntax
IPWorksEncrypt.Xmlsig
Remarks
The XMLSig component provides an easy to use API for signing and verifying signed XML. The Sign method will create signed XML with an enveloped signature. The VerifySignature method will attempt to verify the signature(s) within a XML document.
Sign
Before calling Sign specify the XML to sign by calling SetInputStream or setting InputFile, or InputXML.
The References property must be set. At least one reference must be set. A reference defines the XML element to sign, and the options that specify how it is transformed and hashed during the signing process.
Set Certificate to a certificate with private key.
Optionally set the CanonicalizationMethod. This determines how the signature itself is canonicalized. SigningAlgorithm defines the algorithm used to sign. The SignatureXPath property may be set to specify the location in the XML document where the signature will be placed.
Lastly, call Sign to sign the XML.
The following properties are applicable when calling this method:
- CanonicalizationMethod
- Certificate (required)
- References (required)
- SignatureXPath
- SigningAlgorithm
Input and Output Properties
The bean will determine the source and destination of the input and output based on which properties are set.
The order in which the input properties are checked is as follows:
When a valid source is found the search stops. The order in which the output properties are checked is as follows:- SetOutputStream
- OutputFile
- OutputXML: The output data is written to this property if no other destination is specified.
Verify a Signature
When VerifySignature is called, the bean will scan the XML document and fire the SignatureInfo event for each signature that is found. When the SignatureInfo event fires the References collection will be populated.
Within the SignatureInfo event the XMLElement field must be set to the location of the XML element to which the signature applies. The URI field may contain data helpful to locating the XML element.
The XMLElement field specifies the XPath to the element. For instance:
/root/myElement | XPath syntax |
/root/[1] | XPath syntax using an index |
/root/ns:myElement | XPath syntax where the element has a namespace |
myElement | Just the element name |
@id=myid | Attribute selector: This will select an element with an attribute "id" whose value is "myid". |
/root/myElement[1]/ns:name2[@attr=attrValue] | XPath syntax using an index and attribute selector |
The signature is verified either using a key parsed from the signed XML, or using the certificate specified by the SignerCert property. The bean will automatically parse the signer certificate (if present) from the signed XML and populate the SignerCert property with the parsed value.
When SignatureInfo fires, if the SignerCertParsed parameter is True the SignerCert property may be inspected to see the details of the parsed certificate. If SignerCertParsed is False, then the SignerCert property must be set to a valid certificate for signature verification to proceed.
When the SignatureInfo event finishes firing, the certificate present in the SignerCert property will be used to verify the signature, whether this is the certificate automatically parsed by the bean or a different certificate specified within the event.
If the signature was successfully verified the method will return without error. If the signature was not verified the method throws an exception.
Property List
The following is the full list of the properties of the bean with short descriptions. Click on the links for further details.
CanonicalizationMethod | The canonicalization method applied to the signature. |
Certificate | The certificate used for signing. |
HMACKey | The HMAC key used with the 'HMAC-SHA1' signing algorithm. |
InputFile | The XML file to process. |
InputXML | The XML to process. |
OutputFile | The output file. |
OutputXML | The output XML after processing. |
Overwrite | Indicates whether or not the component should overwrite files. |
References | A collection of references. |
SignatureXPath | The XPath of the signature. |
SignerCert | The certificate used for signature verification. |
SigningAlgorithm | The signing algorithm. |
Method List
The following is the full list of the methods of the bean with short descriptions. Click on the links for further details.
config | Sets or retrieves a configuration setting . |
doEvents | Processes events from the internal message queue. |
reset | Resets the component. |
setInputStream | Sets the stream from which the component will read data to sign or verify. |
setOutputStream | The stream to which the component will write the signed or verified XML. |
sign | Signs the XML. |
verifySignature | Verifies signed XML. |
Event List
The following is the full list of the events fired by the bean with short descriptions. Click on the links for further details.
Error | Information about errors during data delivery. |
Progress | Fired as progress is made. |
SignatureInfo | Fired when a signature is found. |
Status | Provides information about the current operation. |
Configuration Settings
The following is a list of configuration settings for the bean with short descriptions. Click on the links for further details.
KeyName | The name of the key used to sign the XML. |
LogLevel | Specifies the level of detail that is logged. |
NormalizeLineEndings | Whether to normalize line endings when calculating the reference digest. |
PreserveWhitespace | Whether to preserve whitespace in the signature. |
SignatureRelationship | Whether the signature is a child or sibling of the SignatureXPath. |
ReadFromProgressEvent | Whether to read input data from inside the progress event. |
WriteToProgressEvent | Whether to write output data so it is accessible from inside the progress event. |
SignerCertCount | The number of parsed signer certificates when verifying a signature. |
SignerCertEncoded[i] | The parsed signer certificate. |
SignWithCryptoAPI | Whether to use the Crypto API for signing operations. |
CodePage | The system code page used for Unicode to Multibyte translations. |