Sample code for 30+ languages & platforms
Lianja

Verify XML Signature with External URL References

See more XML Digital Signatures Examples

Demonstrates how to verify an XML digital signature that includes references to URLs where the data to be digested is on a web server.

Chilkat Lianja Downloads

Lianja
llSuccess = .F.

// This example requires the Chilkat API to have been previously unlocked.
// See Global Unlock Sample for sample code.

// The signed XML we wish to verify contains external references such as this:

//     <ds:Reference Id="xmldsig-e7ae7ce2-9133-4d56-bd97-0a6aef738cc2-ref0" URI="https://www.chilkatsoft.com/images/starfish.jpg">
//       <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
//       <ds:DigestValue>AOU810yJV5Np/DnO29qpObqiTSTTCDvxGsX5ayiTYXI=</ds:DigestValue>
//     </ds:Reference>
//     <ds:Reference Id="xmldsig-e7ae7ce2-9133-4d56-bd97-0a6aef738cc2-ref1" URI="https://www.chilkatsoft.com/hamlet.xml">
//       <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
//       <ds:DigestValue>4sRRyWOzC7EOic4fQ9+Op1pa10DbgoBGjBvkq09LZmE=</ds:DigestValue>
//     </ds:Reference>

loVerifier = createobject("CkXmlDSig")
loHttp = createobject("CkHttp")

// First load the signed XML
loSbSignedXml = createobject("CkStringBuilder")
llSuccess = loSbSignedXml.LoadFile("qa_data/xml_dsig_verify/signedWithExternalUrlRefs.xml","utf-8")
if (llSuccess = .F.) then
    ? "Failed to load signed XML."
    release loVerifier
    release loHttp
    release loSbSignedXml
    return
endif

llSuccess = loVerifier.LoadSignatureSb(loSbSignedXml)
if (llSuccess = .F.) then
    ? loVerifier.LastErrorText
    release loVerifier
    release loHttp
    release loSbSignedXml
    return
endif

// Iterate over each reference.  If it is an external URL reference, download the data and provide it to the verifier.
loSbRefUri = createobject("CkStringBuilder")
loBd = createobject("CkBinData")
lnNumRefs = loVerifier.NumReferences
i = 0
do while i < lnNumRefs
    if (loVerifier.IsReferenceExternal(i) = .T.) then
        loSbRefUri.Clear()
        loSbRefUri.Append(loVerifier.ReferenceUri(i))
        if (loSbRefUri.StartsWith("https://",.F.) = .T.) then
            ? "External URL Reference: " + loSbRefUri.GetAsString()

            // Download the data at the URL and provide to the verifier.
            llSuccess = loHttp.DownloadBd(loSbRefUri.GetAsString(),loBd)
            if (llSuccess = .F.) then
                ? loHttp.LastErrorText
                release loVerifier
                release loHttp
                release loSbSignedXml
                release loSbRefUri
                release loBd
                return
            endif

            llSuccess = loVerifier.SetRefDataBd(i,loBd)
            if (llSuccess = .F.) then
                ? loVerifier.LastErrorText
                release loVerifier
                release loHttp
                release loSbSignedXml
                release loSbRefUri
                release loBd
                return
            endif

        endif

    endif

    i = i + 1
enddo

// Now that we have the external data, verify the signature..
llBVerified = loVerifier.VerifySignature(.T.)
if (llBVerified = .F.) then
    ? loVerifier.LastErrorText
endif

? "Signature verified = " + str(llBVerified)


release loVerifier
release loHttp
release loSbSignedXml
release loSbRefUri
release loBd