Discuss this help topic in SecureBlackbox Forum

XML: Check XAdES signature and analyze result

First, create an instance of TElXAdESVerifier class and assign it to TElXMLVerifier.XAdESProcessor property.

After you verify the signature using TElXMLVerifier.ValidateSignature() method, you can access properties of TElXAdESVerifier class in order to verify them.

First check TElXAdESVerifier.QualifyingProperties property and verify that it's assigned (contains not null/Nothing/nil). If it is not assigned, then there was no XAdES signature in the document.

If QualifyingProperties property is assigned, you can check other properties of XAdES signature.

XAdES validation is performed using TElXAdESVerifier.Validate() method. Before calling this method you should tune-up certificate validator and setup TElXAdESVerifier properties, used in validation process. For example, you can enable OfflineMode property and set ValidationMoment property to check, if the signature contains all revocation information, which is required for signature validation at specific moment of time.

The TElXAdESVerifier.Validate() method returns either valid or invalid, or incomplete result. Incomplete result is returned, if some certificate is self-signed but not explicitly trusted, if the chain couldn't be validated completely etc. Additionally this method returns Reason parameter, which contains extended information about the error (eg. signer certificate invalid, or signature timestamp incomplete and so on). For error diagnostics it makes sense to setup certificate logging for certificate validator object or dump the internal log of the certificate validator in OnAfterCertificateValidate event handler.

How To articles about XML signing (XMLDSig and XAdES)

Discuss this help topic in SecureBlackbox Forum