(C++) Verify XML Signature with External URL References

Demonstrates how to verify an XML digital signature that includes references to URLs where the data to be digested is on a web server.

Chilkat C/C++ Library Downloads
MS Visual C/C++ C++ Builder Linux C/C++ Alpine Linux C/C++	MacOS C/C++ iOS C/C++ Android C/C++ MinGW C/C++

#include <CkXmlDSig.h>
#include <CkHttp.h>
#include <CkStringBuilder.h>
#include <CkBinData.h>

void ChilkatSample(void)
    {
    // This example requires the Chilkat API to have been previously unlocked.
    // See Global Unlock Sample for sample code.

    // The signed XML we wish to verify contains external references such as this:

    //     <ds:Reference Id="xmldsig-e7ae7ce2-9133-4d56-bd97-0a6aef738cc2-ref0" URI="https://www.chilkatsoft.com/images/starfish.jpg">
    //       <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
    //       <ds:DigestValue>AOU810yJV5Np/DnO29qpObqiTSTTCDvxGsX5ayiTYXI=</ds:DigestValue>
    //     </ds:Reference>
    //     <ds:Reference Id="xmldsig-e7ae7ce2-9133-4d56-bd97-0a6aef738cc2-ref1" URI="https://www.chilkatsoft.com/hamlet.xml">
    //       <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
    //       <ds:DigestValue>4sRRyWOzC7EOic4fQ9+Op1pa10DbgoBGjBvkq09LZmE=</ds:DigestValue>
    //     </ds:Reference>

    CkXmlDSig verifier;
    CkHttp http;

    // First load the signed XML
    CkStringBuilder sbSignedXml;
    bool success = sbSignedXml.LoadFile("qa_data/xml_dsig_verify/signedWithExternalUrlRefs.xml","utf-8");
    if (success == false) {
        std::cout << "Failed to load signed XML." << "\r\n";
        return;
    }

    success = verifier.LoadSignatureSb(sbSignedXml);
    if (success == false) {
        std::cout << verifier.lastErrorText() << "\r\n";
        return;
    }

    // Iterate over each reference.  If it is an external URL reference, download the data and provide it to the verifier.
    CkStringBuilder sbRefUri;
    CkBinData bd;
    int numRefs = verifier.get_NumReferences();
    int i = 0;
    while (i < numRefs) {
        if (verifier.IsReferenceExternal(i) == true) {
            sbRefUri.Clear();
            sbRefUri.Append(verifier.referenceUri(i));
            if (sbRefUri.StartsWith("https://",false) == true) {
                std::cout << "External URL Reference: " << sbRefUri.getAsString() << "\r\n";

                // Download the data at the URL and provide to the verifier.
                success = http.DownloadBd(sbRefUri.getAsString(),bd);
                if (success == false) {
                    std::cout << http.lastErrorText() << "\r\n";
                    return;
                }

                success = verifier.SetRefDataBd(i,bd);
                if (success == false) {
                    std::cout << verifier.lastErrorText() << "\r\n";
                    return;
                }

            }

        }

        i = i + 1;
    }

    // Now that we have the external data, verify the signature..
    bool bVerified = verifier.VerifySignature(true);
    if (bVerified == false) {
        std::cout << verifier.lastErrorText() << "\r\n";
    }

    std::cout << "Signature verified = " << bVerified << "\r\n";
    }