I have a SOAP envelope digitally signed and including an X509
certificate. I'd like to verify the signature using the public key from
the certificate but cannot work out how to get the public key in my
KeySelector implementation
Sun's do***entation at
http://java.sun.com/developer/technicalArticles/xml/dig_signature_api/
gives examples for when the <X509Data> is inside the <KeyInfo> but not
for the construction below.
XML is
<soapenv:Envelope ...>
<soapenv:Header>
<wsse:Security ...>
<wsse:BinarySecurityToken
EncodingType="wsse:Base64Binary"
Id="X509Token"
ValueType="wsse:X509v3">
MIIB9zCCAWCgAwIBAgIERZwdkzANBgkqhkiG9w0BAQUFADBAMQswCQYD
VQQGEwJVUzEfMB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgSW5jLjEQ
MA4GA1UEAxMHTXkgTmFtZTAeFw0wNzAxMDMyMTE4MTFaFw0zMTA4MjUy
...
</wsse:BinarySecurityToken>
<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
...
<ds:KeyInfo>
<wsse:SecurityTokenReference>
<wsse:Reference URI="#X509Token"/>
</wsse:SecurityTokenReference>
</ds:KeyInfo>
</ds:Signature>
....
The above XML is loaded into a org.w3c.dom.Do***ent, I can extract the
BinarySecurityToken into a org.w3c.dom.Node and get at the BASE64 data
using getTextContent() but I can't work out how to extract a
java.security.PublicKey from it.
Can anyone offer me a clue?
