Verifying signature using multi cert PEM #462

niwsa · 2024-04-04T19:20:33Z

niwsa
Apr 4, 2024

When verifying a xml document you can pass the following options to the SignedXml constructor to customize the verify process:
publicCert - [optional] your certificate as a string, a string of multiple certs in PEM format, or a Buffer

I have a few queries related to signature validation:

When trying to verify xml signature using multi cert PEM does the order of certs inside PEM matter ? i.e Should the actual certificate used to sign the xml come first ?
Also would getCertFromKeyInfo returning a multi cert PEM work in a similar manner ?

cjbarth · 2024-04-04T21:28:21Z

cjbarth
Apr 4, 2024
Maintainer

IIRC, the certs will be tried in order until either one of them verifies (success) or there are no more certificates to try (failure). The only affect the order would have would be on performance, but even that would likely be negligible in most scenarios.

2 replies

niwsa Apr 5, 2024
Author

Thanks @cjbarth for the reply. For some reason this was not working as expected for us. I will try to come up with a reproducible test case for this.

srd90 May 22, 2024

Seems that you found solution for this case with: boxyhq/saml20#572

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Verifying signature using multi cert PEM #462

{{title}}

{{editor}}'s edit

{{editor}}'s edit

Replies: 1 comment 2 replies

{{title}}

{{title}}

{{title}}

Select a reply

Verifying signature using multi cert PEM #462

niwsa Apr 4, 2024

Replies: 1 comment · 2 replies

cjbarth Apr 4, 2024 Maintainer

niwsa Apr 5, 2024 Author

srd90 May 22, 2024

niwsa
Apr 4, 2024

Replies: 1 comment 2 replies

cjbarth
Apr 4, 2024
Maintainer

niwsa Apr 5, 2024
Author