(Visual FoxPro) Verify XML Signature with External URL References

Demonstrates how to verify an XML digital signature that includes references to URLs where the data to be digested is on a web server.

Chilkat ActiveX Downloads ActiveX for 32-bit and 64-bit Windows

LOCAL loVerifier
LOCAL loHttp
LOCAL loSbSignedXml
LOCAL lnSuccess
LOCAL loSbRefUri
LOCAL loBd
LOCAL lnNumRefs
LOCAL i
LOCAL lnBVerified

* This example requires the Chilkat API to have been previously unlocked.
* See Global Unlock Sample for sample code.

* The signed XML we wish to verify contains external references such as this:

*     <ds:Reference Id="xmldsig-e7ae7ce2-9133-4d56-bd97-0a6aef738cc2-ref0" URI="https://www.chilkatsoft.com/images/starfish.jpg">
*       <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
*       <ds:DigestValue>AOU810yJV5Np/DnO29qpObqiTSTTCDvxGsX5ayiTYXI=</ds:DigestValue>
*     </ds:Reference>
*     <ds:Reference Id="xmldsig-e7ae7ce2-9133-4d56-bd97-0a6aef738cc2-ref1" URI="https://www.chilkatsoft.com/hamlet.xml">
*       <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
*       <ds:DigestValue>4sRRyWOzC7EOic4fQ9+Op1pa10DbgoBGjBvkq09LZmE=</ds:DigestValue>
*     </ds:Reference>

* For versions of Chilkat < 10.0.0, use CreateObject('Chilkat_9_5_0.XmlDSig')
loVerifier = CreateObject('Chilkat.XmlDSig')
* For versions of Chilkat < 10.0.0, use CreateObject('Chilkat_9_5_0.Http')
loHttp = CreateObject('Chilkat.Http')

* First load the signed XML
* For versions of Chilkat < 10.0.0, use CreateObject('Chilkat_9_5_0.StringBuilder')
loSbSignedXml = CreateObject('Chilkat.StringBuilder')
lnSuccess = loSbSignedXml.LoadFile("qa_data/xml_dsig_verify/signedWithExternalUrlRefs.xml","utf-8")
IF (lnSuccess = 0) THEN
    ? "Failed to load signed XML."
    RELEASE loVerifier
    RELEASE loHttp
    RELEASE loSbSignedXml
    CANCEL
ENDIF

lnSuccess = loVerifier.LoadSignatureSb(loSbSignedXml)
IF (lnSuccess = 0) THEN
    ? loVerifier.LastErrorText
    RELEASE loVerifier
    RELEASE loHttp
    RELEASE loSbSignedXml
    CANCEL
ENDIF

* Iterate over each reference.  If it is an external URL reference, download the data and provide it to the verifier.
* For versions of Chilkat < 10.0.0, use CreateObject('Chilkat_9_5_0.StringBuilder')
loSbRefUri = CreateObject('Chilkat.StringBuilder')
* For versions of Chilkat < 10.0.0, use CreateObject('Chilkat_9_5_0.BinData')
loBd = CreateObject('Chilkat.BinData')
lnNumRefs = loVerifier.NumReferences
i = 0
DO WHILE i < lnNumRefs
    IF (loVerifier.IsReferenceExternal(i) = 1) THEN
        loSbRefUri.Clear()
        loSbRefUri.Append(loVerifier.ReferenceUri(i))
        IF (loSbRefUri.StartsWith("https://",0) = 1) THEN
            ? "External URL Reference: " + loSbRefUri.GetAsString()

            * Download the data at the URL and provide to the verifier.
            lnSuccess = loHttp.DownloadBd(loSbRefUri.GetAsString(),loBd)
            IF (lnSuccess = 0) THEN
                ? loHttp.LastErrorText
                RELEASE loVerifier
                RELEASE loHttp
                RELEASE loSbSignedXml
                RELEASE loSbRefUri
                RELEASE loBd
                CANCEL
            ENDIF

            lnSuccess = loVerifier.SetRefDataBd(i,loBd)
            IF (lnSuccess = 0) THEN
                ? loVerifier.LastErrorText
                RELEASE loVerifier
                RELEASE loHttp
                RELEASE loSbSignedXml
                RELEASE loSbRefUri
                RELEASE loBd
                CANCEL
            ENDIF

        ENDIF

    ENDIF

    i = i + 1
ENDDO

* Now that we have the external data, verify the signature..
lnBVerified = loVerifier.VerifySignature(1)
IF (lnBVerified = 0) THEN
    ? loVerifier.LastErrorText
ENDIF

? "Signature verified = " + STR(lnBVerified)

RELEASE loVerifier
RELEASE loHttp
RELEASE loSbSignedXml
RELEASE loSbRefUri
RELEASE loBd