Sample code for 30+ languages & platforms
SQL Server

Verify XML Signature with External URL References

See more XML Digital Signatures Examples

Demonstrates how to verify an XML digital signature that includes references to URLs where the data to be digested is on a web server.

Chilkat SQL Server Downloads

SQL Server
-- Important: See this note about string length limitations for strings returned by sp_OAMethod calls.
--
CREATE PROCEDURE ChilkatSample
AS
BEGIN
    DECLARE @hr int
    DECLARE @iTmp0 int
    -- Important: Do not use nvarchar(max).  See the warning about using nvarchar(max).
    DECLARE @sTmp0 nvarchar(4000)
    DECLARE @success int
    SELECT @success = 0

    -- This example requires the Chilkat API to have been previously unlocked.
    -- See Global Unlock Sample for sample code.

    -- The signed XML we wish to verify contains external references such as this:

    --     <ds:Reference Id="xmldsig-e7ae7ce2-9133-4d56-bd97-0a6aef738cc2-ref0" URI="https://www.chilkatsoft.com/images/starfish.jpg">
    --       <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
    --       <ds:DigestValue>AOU810yJV5Np/DnO29qpObqiTSTTCDvxGsX5ayiTYXI=</ds:DigestValue>
    --     </ds:Reference>
    --     <ds:Reference Id="xmldsig-e7ae7ce2-9133-4d56-bd97-0a6aef738cc2-ref1" URI="https://www.chilkatsoft.com/hamlet.xml">
    --       <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
    --       <ds:DigestValue>4sRRyWOzC7EOic4fQ9+Op1pa10DbgoBGjBvkq09LZmE=</ds:DigestValue>
    --     </ds:Reference>

    DECLARE @verifier int
    EXEC @hr = sp_OACreate 'Chilkat.XmlDSig', @verifier OUT
    IF @hr <> 0
    BEGIN
        PRINT 'Failed to create ActiveX component'
        RETURN
    END

    DECLARE @http int
    EXEC @hr = sp_OACreate 'Chilkat.Http', @http OUT

    -- First load the signed XML
    DECLARE @sbSignedXml int
    EXEC @hr = sp_OACreate 'Chilkat.StringBuilder', @sbSignedXml OUT

    EXEC sp_OAMethod @sbSignedXml, 'LoadFile', @success OUT, 'qa_data/xml_dsig_verify/signedWithExternalUrlRefs.xml', 'utf-8'
    IF @success = 0
      BEGIN

        PRINT 'Failed to load signed XML.'
        EXEC @hr = sp_OADestroy @verifier
        EXEC @hr = sp_OADestroy @http
        EXEC @hr = sp_OADestroy @sbSignedXml
        RETURN
      END

    EXEC sp_OAMethod @verifier, 'LoadSignatureSb', @success OUT, @sbSignedXml
    IF @success = 0
      BEGIN
        EXEC sp_OAGetProperty @verifier, 'LastErrorText', @sTmp0 OUT
        PRINT @sTmp0
        EXEC @hr = sp_OADestroy @verifier
        EXEC @hr = sp_OADestroy @http
        EXEC @hr = sp_OADestroy @sbSignedXml
        RETURN
      END

    -- Iterate over each reference.  If it is an external URL reference, download the data and provide it to the verifier.
    DECLARE @sbRefUri int
    EXEC @hr = sp_OACreate 'Chilkat.StringBuilder', @sbRefUri OUT

    DECLARE @bd int
    EXEC @hr = sp_OACreate 'Chilkat.BinData', @bd OUT

    DECLARE @numRefs int
    EXEC sp_OAGetProperty @verifier, 'NumReferences', @numRefs OUT
    DECLARE @i int
    SELECT @i = 0
    WHILE @i < @numRefs
      BEGIN
        EXEC sp_OAMethod @verifier, 'IsReferenceExternal', @iTmp0 OUT, @i
        IF @iTmp0 = 1
          BEGIN
            EXEC sp_OAMethod @sbRefUri, 'Clear', NULL
            EXEC sp_OAMethod @verifier, 'ReferenceUri', @sTmp0 OUT, @i
            EXEC sp_OAMethod @sbRefUri, 'Append', @success OUT, @sTmp0
            EXEC sp_OAMethod @sbRefUri, 'StartsWith', @iTmp0 OUT, 'https://', 0
            IF @iTmp0 = 1
              BEGIN

                EXEC sp_OAMethod @sbRefUri, 'GetAsString', @sTmp0 OUT
                PRINT 'External URL Reference: ' + @sTmp0

                -- Download the data at the URL and provide to the verifier.
                EXEC sp_OAMethod @sbRefUri, 'GetAsString', @sTmp0 OUT
                EXEC sp_OAMethod @http, 'DownloadBd', @success OUT, @sTmp0, @bd
                IF @success = 0
                  BEGIN
                    EXEC sp_OAGetProperty @http, 'LastErrorText', @sTmp0 OUT
                    PRINT @sTmp0
                    EXEC @hr = sp_OADestroy @verifier
                    EXEC @hr = sp_OADestroy @http
                    EXEC @hr = sp_OADestroy @sbSignedXml
                    EXEC @hr = sp_OADestroy @sbRefUri
                    EXEC @hr = sp_OADestroy @bd
                    RETURN
                  END
                EXEC sp_OAMethod @verifier, 'SetRefDataBd', @success OUT, @i, @bd
                IF @success = 0
                  BEGIN
                    EXEC sp_OAGetProperty @verifier, 'LastErrorText', @sTmp0 OUT
                    PRINT @sTmp0
                    EXEC @hr = sp_OADestroy @verifier
                    EXEC @hr = sp_OADestroy @http
                    EXEC @hr = sp_OADestroy @sbSignedXml
                    EXEC @hr = sp_OADestroy @sbRefUri
                    EXEC @hr = sp_OADestroy @bd
                    RETURN
                  END
              END
          END
        SELECT @i = @i + 1
      END

    -- Now that we have the external data, verify the signature..
    DECLARE @bVerified int
    EXEC sp_OAMethod @verifier, 'VerifySignature', @bVerified OUT, 1
    IF @bVerified = 0
      BEGIN
        EXEC sp_OAGetProperty @verifier, 'LastErrorText', @sTmp0 OUT
        PRINT @sTmp0
      END

    PRINT 'Signature verified = ' + @bVerified

    EXEC @hr = sp_OADestroy @verifier
    EXEC @hr = sp_OADestroy @http
    EXEC @hr = sp_OADestroy @sbSignedXml
    EXEC @hr = sp_OADestroy @sbRefUri
    EXEC @hr = sp_OADestroy @bd


END
GO