Sample code for 30+ languages & platforms
Classic ASP

Verify XML Signature with External URL References

See more XML Digital Signatures Examples

Demonstrates how to verify an XML digital signature that includes references to URLs where the data to be digested is on a web server.

Chilkat Classic ASP Downloads

Classic ASP
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
</head>
<body>
<%
success = 0

' This example requires the Chilkat API to have been previously unlocked.
' See Global Unlock Sample for sample code.

' The signed XML we wish to verify contains external references such as this:

'     <ds:Reference Id="xmldsig-e7ae7ce2-9133-4d56-bd97-0a6aef738cc2-ref0" URI="https://www.chilkatsoft.com/images/starfish.jpg">
'       <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
'       <ds:DigestValue>AOU810yJV5Np/DnO29qpObqiTSTTCDvxGsX5ayiTYXI=</ds:DigestValue>
'     </ds:Reference>
'     <ds:Reference Id="xmldsig-e7ae7ce2-9133-4d56-bd97-0a6aef738cc2-ref1" URI="https://www.chilkatsoft.com/hamlet.xml">
'       <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
'       <ds:DigestValue>4sRRyWOzC7EOic4fQ9+Op1pa10DbgoBGjBvkq09LZmE=</ds:DigestValue>
'     </ds:Reference>

set verifier = Server.CreateObject("Chilkat.XmlDSig")
set http = Server.CreateObject("Chilkat.Http")

' First load the signed XML
set sbSignedXml = Server.CreateObject("Chilkat.StringBuilder")
success = sbSignedXml.LoadFile("qa_data/xml_dsig_verify/signedWithExternalUrlRefs.xml","utf-8")
If (success = 0) Then
    Response.Write "<pre>" & Server.HTMLEncode( "Failed to load signed XML.") & "</pre>"
    Response.End
End If

success = verifier.LoadSignatureSb(sbSignedXml)
If (success = 0) Then
    Response.Write "<pre>" & Server.HTMLEncode( verifier.LastErrorText) & "</pre>"
    Response.End
End If

' Iterate over each reference.  If it is an external URL reference, download the data and provide it to the verifier.
set sbRefUri = Server.CreateObject("Chilkat.StringBuilder")
set bd = Server.CreateObject("Chilkat.BinData")
numRefs = verifier.NumReferences
i = 0
Do While i < numRefs
    If (verifier.IsReferenceExternal(i) = 1) Then
        sbRefUri.Clear 
        success = sbRefUri.Append(verifier.ReferenceUri(i))
        If (sbRefUri.StartsWith("https://",0) = 1) Then
            Response.Write "<pre>" & Server.HTMLEncode( "External URL Reference: " & sbRefUri.GetAsString()) & "</pre>"

            ' Download the data at the URL and provide to the verifier.
            success = http.DownloadBd(sbRefUri.GetAsString(),bd)
            If (success = 0) Then
                Response.Write "<pre>" & Server.HTMLEncode( http.LastErrorText) & "</pre>"
                Response.End
            End If

            success = verifier.SetRefDataBd(i,bd)
            If (success = 0) Then
                Response.Write "<pre>" & Server.HTMLEncode( verifier.LastErrorText) & "</pre>"
                Response.End
            End If

        End If

    End If

    i = i + 1
Loop

' Now that we have the external data, verify the signature..
bVerified = verifier.VerifySignature(1)
If (bVerified = 0) Then
    Response.Write "<pre>" & Server.HTMLEncode( verifier.LastErrorText) & "</pre>"
End If

Response.Write "<pre>" & Server.HTMLEncode( "Signature verified = " & bVerified) & "</pre>"

%>
</body>
</html>