...
Once the certificate file is locally installed, you can use it to verify the signature on the metadata file. For example, you could use the XmlSecTool (or some similar 3rd-party tool) to verify the signature:
Code Block | ||
---|---|---|
| ||
$ MD_LOCATION=http://md.incommon.org/InCommon/InCommon-metadata.xml
$ MD_PATH=/tmp/InCommon-metadata.xml
$ /usr/bin/curl --silent $MD_LOCATION > $MD_PATH
$ ./xmlsectool.sh --verifySignature --signatureRequired \
--certificate $MD_CERT_PATH --inFile $MD_PATH
INFO XmlSecTool - Reading XML document from file '/tmp/InCommon-metadata.xml'
INFO XmlSecTool - XML document parsed and is well-formed.
INFO XmlSecTool - XML document signature verified.
|
You may also want to schema validate the metadata:
Code Block | ||
---|---|---|
| ||
$ ./xmlsectool.sh --validateSchema \
--schemaDirectory $SCHEMA_DIR --inFile $MD_PATH
INFO XmlSecTool - Reading XML document from file '/tmp/InCommon-metadata.xml'
INFO XmlSecTool - XML document parsed and is well-formed.
INFO XmlSecTool - XML document is schema valid
|
...