Print Page as PDF
Kernel - Add Digital Signature Validation APIs ICR (7574)

Kernel - Add Digital Signature Validation APIs    ICR (7574)

Name Value
NUMBER 7574
IA # 7574
DATE CREATED 2025/07/23
CUSTODIAL PACKAGE KERNEL
USAGE Supported
TYPE Routine
ROUTINE XUDSIGVALIDATE
NAME Kernel - Add Digital Signature Validation APIs
GENERAL DESCRIPTION 
These Kernel APIs validate XML digital signatures.
STATUS Active
KEYWORDS
  • XML
  • SIGNATURE
EXPIRATION DATE 2027/09/30
ID XUDSIGVALIDATE
COMPONENT/ENTRY POINT
COMPONENT/ENTRY POINT COMPONENT DESCRIPTION VARIABLES
['$$VALIDATESIG(XMLFILEPATH,PUBLICKEYPATH,IDNAME,IDELEMENT,', '.ELAPSEDTIMEMS)'] 
The $$VALIDATESIG^XUDSIGVALIDATE extrinsic function
checks an XML file's digital signature and verifies the signature against a
given public key.  The function returns whether the XML digital signature is
valid.
VARIABLES TYPE VARIABLES DESCRIPTION
XMLFILEPATH Input 
(required) The file path of the signed XML document.
PUBLICKEYPATH Input 
(optional) The file path of the public key that
signed the document. If this parameter is not set, the API will default to
using the public key in the signed XML document.
IDNAME Input 
(optional) If an element of the XML document was
signed, the IdName tells the API to look for attributes with the given name.
IDELEMENT Input 
(optional) The element that was signed.
ELAPSEDTIMEMS Output 
(optional) The amount of time in milliseconds that
the API call took to complete.
returns Output 
Returns:

Success (1) - The digital signature is valid.

Failure (0) - The digital signature is invalid, or an error occurred.

Failure (-1)- The operating system is not supported.
['$$VERIFYCHAIN(CACERT,XMLFILEPATH,TEMPCERTFILEPATH,CHECKIN', 'DCA,.CASUBJECT,.CACONTENTS,.ELAPSEDTIMEMS)'] 
The $$VERIFYCHAIN^XUDSIGVALIDATE extrinsic function
checks whether the certificate contained within a signed XML file was signed
by a specific Certificate Authority (CA).
VARIABLES TYPE VARIABLES DESCRIPTION
CACERT Input 
(required) The file path of the Certificate Authority
Public key.
XMLFILEPATH Input 
(required) The file path of the signed XML document.
TEMPCERTFILEPATH Both 
(optional) When the certificate is extracted from the
XML document specified in the XMLFILEPATH parameter, the certificate is stored
as a temp file on the server. The TEMPCERTFILEPATH parameter allows the user
to specify where the temp file is stored. The only requirement is that the
path begins with /tmp. If no path is specified, the API writes the file to
/tmp. If passed by reference and no path is set, TEMPCERTFILEPATH will be set
to the directory path in /tmp where the file was written to, so that the user
knows where the file has been stored.
CHECKINDCA Input 
(optional) Boolean (1 or 0) that determines whether
the API should search through the certificate bundle provided in CACERT. The
API will look for a certificate whose Subject equals the Issuer of the
certificate in the XML document provided in XMLFILEPATH. If there is a match,
the API will then verify that the CA certificate generated the leaf
certificate. If so, $$VERIFYCHAIN^XUDSIGVALIDATE will return 1. Otherwise, the
API will return 0 or -1.
CASUBJECT Output 
If CHECKINDCA is set to 1, and a CA certificate was
successfully found a validated, then CASUBJECT will be set to the subject of
the CA certificate.
CACONTENT Output 
If CHECKINDCA is set to 1, and a CA certificate was
successfully found a validated, then CASUBJECT will be set to the contents of
the CA certificate.
ELAPSEDTIMEMS Output 
(optional) The amount of time in milliseconds that
the API call took to complete.