Integration Server 10.3 | Built-In Services Reference Guide | Security Folder | Summary of Elements in this Folder | pub.security.xml:verifyXML
 
pub.security.xml:verifyXML
WmPublic. Verifies a signed XML document, or node in an XML document, and returns information about the success or failure of the verification.
Input Parameters
xmldata
String Optional. Signed XML that needs to be verified.
xmlStream
InputStream Optional. Signed XML as an input stream that needs to be verified.
Note:
If both xmldata and xmlStream are provided, xmlStream takes precedence.
signatureSelectors
String Array XPaths that are used to identify the signature; can be any valid XPath. Following is an example:
//*[@ID="Sign001"]
nsDecls
Document Optional. Mapping of the namespace prefixes to the namespace URIs. The first column contains the prefixes and the second column contains the corresponding URIs.
noNamespace SchemaLocation
String Optional. Schema location for elements with no namespace. This parameter is used to locate the schema that defines elements without a namespace prefix.
schemaLocations
Document Optional. Holds the schema locations against the namespaces.
encoding
String Optional. Specifies the encoding to use if the encoding cannot be extracted from the XML. If encoding is not specified in the XML document or in the encoding parameter, Integration Server uses UTF-8.
The encoding value must be a valid IANA encoding.
Output Parameters
verifcationResult
Boolean Indicates whether the signed XML is authentic (true) or cannot be verified or shows signs of tampering (false).
failedSignatureSelector
String Conditional. In case of a verification failure (the digests do not equate), indicates which signature selector failed.
failureReason
String Conditional. This output parameter is populated only in the case of a verification failure. Its value indicates whether (1) the signature caused the failure, or (2) the signature is from an untrusted certificate. Possible values are:
*SIGNATURE FAILED
*CERTIFICATE NOT TRUSTED
certMap
Document List Conditional. For each XPath in signatureSelector, certMap contains a document that identifies the XPath and the corresponding signing certificate found at that XPath.
certMap is only returned if certificates were resolved for at least one the XPaths specified in signatureSelector.
If Integration Server encounters a signature failure, Integration Server does not resolve any subsequent XPaths. certMap contains all of the XPaths and corresponding certificates that Integration Server could resolve up to the point of failure.
Usage Notes
If both xmldata and xmlStream are provided, xmlStream takes precedence.
Before pub.security.xml:verifyXML can verify a signature, the partner application's public key must have been made available to Integration Server, either through:
*Integration Server certificate mapping.
*The partner application having sent a copy of its certificate to Integration Server.
For information on Integration Server certificate mapping, refer to webMethods Integration Server Administrator’s Guide.
The pub.security.xml:verifyXML service works as follows:
1. Integration Server receives the signed XML document.
2. Integration Server extracts the public key from the partner application's certificate.
3. Integration Server uses the public key to verify the authenticity of the XML document.