(JavaScript) Verify XML Signature having KeyInfo / X509Data / X509Certificate

This example demonstrates how to verify an XML Digital Signature where the KeyInfo element contains an X509Data element, which in turn contains an X509Certificate element which contains the base64-encoded certificate.

Note

This example is intended for running within a Chilkat.Js embedded JavaScript engine. All Chilkat JavaScript examples require Chilkat v11.4.0 or greater.

var success = false;

// This example requires the Chilkat API to have been previously unlocked.
// See Global Unlock Sample for sample code.

// The SOAP XML with digital signature verified in this example is available at 
// https://www.chilkatsoft.com/exampleData/sigWithX509Certificate.xml

var signedSoapXmlUrl = "https://www.chilkatsoft.com/exampleData/sigWithX509Certificate.xml";

// First, let's get the signed SOAP XML..
var http = new CkHttp();
var sbXml = new CkStringBuilder();
success = http.QuickGetSb(signedSoapXmlUrl,sbXml);
if (success !== true) {
    console.log(http.LastErrorText);
    return;
}

// The signed XML downloaded from the above URL contains the following.
// Note: Everything we need to verify the signature is already available within the signed XML.
// The KeyInfo part of the Signature contains the X.509 certificate in base64 format,
// and the public key used to verify the signature is contained within the X.509.
// Chilkat automatically fetches and uses the public key from the base64 certificate.
// 

// <?xml version="1.0" encoding="UTF-8" standalone="no" ?>
// <SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/">
//     <SOAP-ENV:Header>
//         <wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" SOAP-ENV:mustUnderstand="1"><ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#"><ds:SignedInfo><ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"><InclusiveNamespaces xmlns="http://www.w3.org/2001/10/xml-exc-c14n#" PrefixList="wsse SOAP-ENV"/></ds:CanonicalizationMethod><ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/><ds:Reference URI="#Body"><ds:Transforms><ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/></ds:Transforms><ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><ds:DigestValue>PIiVPpuMc1jGpWaL8ftzTOcc4gc=</ds:DigestValue></ds:Reference></ds:SignedInfo><ds:SignatureValue>dlSGYRtxv8DiGQ9THPEdPTlbwjkidCUEutVWkqhnjzKOxjl6EZPp6ibf7ogrn1QJAabo7eb/d2UjD8LXzQYB+q9OmN29dsDcg4i9hzpttjU9xt8Sc3IgdaQ+6NXStWd1AKrjNTCY52sOpIWh45uff/yjf9ynsbCo/UR8+hk6ZDCrM78YEyMj52miXzVQtSZ7f+bvWtz8iPppXXC+/zwGPAI9EPC+9uRHRRh4vzGwid+clMmh9FF/0Oe4n0G5dBZvwLPncwOMg0UxLVs63ZRdTCSku4oKReQieqNr7+hzBAKaS8NRpxMtx2XC5aR0wYMkYT9API/vYubeU0L3r4lplw==</ds:SignatureValue><ds:KeyInfo><ds:X509Data><ds:X509Certificate>MIIDgzCCAmugAwIBAgIBADANBgkqhkiG9w0BAQUFADBcMRUwEwYDVQQDDAxUZXN0IENvbXBhbnkxCzAJBgNVBAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMTcwOTEzMDA1NTM1WhcNMTgwOTEzMDA1NTM1WjBcMRUwEwYDVQQDDAxUZXN0IENvbXBhbnkxCzAJBgNVBAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDiWRKlx+88u4SKZnfCMraqMsfJCs6tcz3EjMYTWmRKhhUOE9pDkvZfv0mgF7pNHsTKvFRtoVnEVQaZC5TlHNOGa2QWit9YuruWjW8VSaU4s9gR1/Cg9/Zc8Z0yUEDpsaVnwuoARpVzvzoRzPmTNpMNEcQ07aBjHP7OJrwyvcdqQA1BbfDVMmRmw1d+/i8tyR3cTyzl/3TismN5nrmhGh/ZF75FFA/xDN7PbVYDPowiFnEVHiBrYh2mFTabRUnb7K4oLx+d1L5x3Az299F/HYZlBenXpJLtnCL3+HY6qsGXVbzKjlKNqbXsmlzVkChu093weN/qUvWO2883cEiXmdqxAgMBAAGjUDBOMB0GA1UdDgQWBBRsMy2bxsCKYyUYtTYz/zZbz7Le0zAfBgNVHSMEGDAWgBRsMy2bxsCKYyUYtTYz/zZbz7Le0zAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBBQUAA4IBAQBnFQ+Sc3s8y79DTsA7CvvAFeG/zvWQiu8yUM5LO1QcWeQQj29GMThqrY21dNfkynl7mZUMEeXKvwwzweFCc2odiUPHxoV1G4FEtzNaZ8Ap9jye78YQ8SB8NPQwC7ovecfSqNflT4NMAThSuxpGp8Ugf7a24LXozLzLbCRvG9sLGyRneZbfU8B43ELRLCkjzWR32N7D2pmKk4CEMiW0ScphU1JEHaimneMaTFc63hNzKpuj7+BGv4ZuvB1j/Mbmz53PGgFKnGQHPb2TIvMxyB+lML5vE0Bm8YWtP8DNyx11CCCdBdMWfeta6MjmmqcV5/YEq92c5O2Ql94tWFNLR6wQ</ds:X509Certificate></ds:X509Data></ds:KeyInfo></ds:Signature></wsse:Security>
//     </SOAP-ENV:Header>
//     <SOAP-ENV:Body xmlns:SOAP-SEC="http://schemas.xmlsoap.org/soap/security/2000-12" SOAP-SEC:id="Body">
//         <z:FooBar xmlns:z="http://example.com" />
//     </SOAP-ENV:Body>
// </SOAP-ENV:Envelope>

// To verify this signature, we simply load and verify:
var verifier = new CkXmlDSig();
success = verifier.LoadSignatureSb(sbXml);
if (success !== true) {
    console.log(verifier.LastErrorText);
    return;
}

var bVerified = verifier.VerifySignature(true);
if (bVerified !== true) {
    console.log(verifier.LastErrorText);
    return;
}

console.log("Signature verified!");