JScript Source: getVerifyingCert.js
[This sample code uses features that were implemented in MSXML 5.0 for Microsoft Office Applications. XML digital signatures are not supported in MXSML 6.0 and later.]
var xmldoc, xmldsig;
NOKEYINFO = 0;
KEYVALUE = 1;
CERTIFICATES = 2;
PURGE = 4;
DSIGNS = "xmlns:ds='http://www.w3.org/2000/09/xmldsig#'";
outfile = "signature_signed.rsa.cert.xml";
if (InitXML())
{
wki = CERTIFICATES|KEYVALUE|PURGE;
if (LoadXML(outfile)) {
alert("Verifying " + outfile+"...\n");
VerifyXML(wki);
}
}
///////// Helper functions: /////////
function alert(str) { WScript.echo(str); }
///////// Set signature for signing. ////////
function InitXML()
{
try {
xmldoc = new ActiveXObject("Msxml2.DOMDOcument.5.0");
xmldsig= new ActiveXObject("Msxml2.MXDigitalSignature.5.0");
}
catch (e) {
alert("Installation of mxsml5 is required to run this app.\n");
return false;
}
xmldoc.async = false;
xmldoc.preserveWhiteSpace = true;
xmldoc.validateOnParse = false;
xmldoc.resolveExternals = false;
return true;
}
function LoadXML(file)
{
if (xmldoc == null) {
alert("must instantiate xml dom\n");
return false;
}
if (!xmldoc.load(file)) {
alert("Can't load "+ file + "\n");
return false;
}
xmldoc.setProperty("SelectionNamespaces", DSIGNS);
xmldsig.signature = xmldoc.selectSingleNode(".//ds:Signature");
return true;
}
function VerifyXML(fwWriteKeyInfo)
{
if (!xmldsig.signature) {
alert("Invalid signature.\n");
return false;
}
var xpath = "";
switch ( fwWriteKeyInfo&CERTIFICATES )
{
case CERTIFICATES:
xpath = ".//ds:KeyInfo/ds:X509Data";
break;
case KEYVALUE:
xpath = ".//ds:KeyInfo/ds:KeyValue";
break;
}
var oKeyInfo = xmldoc.selectSingleNode(xpath);
if (!oKeyInfo) {
alert("Invalid <KeyInfo> element.\n");
return false;
}
var oKey = xmldsig.createKeyFromNode(oKeyInfo);
if (!oKey)
{
alert("Failed to create key from <KeyInfo>\n");
return false;
}
var oVerifiedKey = xmldsig.verify(oKey);
if (oVerifiedKey == null) {
alert("Signature not verified.\n");
return false;
}
alert("\nSignature verified on the data.\n");
if ((fwWriteKeyInfo & CERTIFICATES) == CERTIFICATES)
{
if (IsCertificateValid(oVerifiedKey))
alert("Certificate used is valid.\n");
}
return true;
}
function IsCertificateValid(oKey)
{
if (!oKey)
{
alert("invalid key object.\n");
return false;
}
// Retrieve the certificate from the key that
// has been used to verify a signature.
var oCert = oKey.getVerifyingCertificate();
if (!oCert)
{
alert("invalid verifying certificate\n");
return false;
}
// Need to walk up through the certificate's trust chain.
var oChain = new ActiveXObject("CAPICOM.Chain.2");
if (!oChain)
{
alert("invalid chain object.\n");
return false;
}
// Build a trust chain starting from oCert
status = oChain.build(oCert);
if (!status)
{
alert("broken trust chain. error="+status+"\n");
return false;
}
// Walk through the trust chain
alert("Examining certificate chain:\n");
for (i=1; i<=oChain.Certificates.count; i++)
{
alert(" Certificate No. "+i+":\n");
oCert = oChain.Certificates.item(i);
alert(" subject: "+oCert.SubjectName);
alert(" issuer: "+oCert.IssuerName);
alert("\n");
}
// Examine the root certificate in the chain
oCert = oChain.Certificates.item(oChain.Certificates.count);
alert("Display the Root Certificate:\n");
alert(" subject: " + oCert.SubjectName);
alert(" issuer: " + oCert.IssuerName);
alert("\n");
return true;
}
Try It!
Ensure that you have completed all the procedures in Getting Started with XML Digital Signatures.
Copy the signature_signed.rsa.cert.xml and paste it into a text file. Save the file as signature_signed.rsa.cert.xml.
Copy the JScript listing above, and paste it into a text file. Save the file as getVerifyingCert.js, in the same directory where you saved signature_signed.rsa.cert.xml.
From a command prompt, navigate to this directory, then type "cscript getVerifyingCert.js".
Note
Under operating systems other than Windows 2000 or Windows XP, you might need to install Windows Scripting Host (to run wscript.exe or cscript.exe), if it is not already installed.
Verify that your output is similar to that listed in the Output topic.