Chilkat HOME .NET Core C# Android™ AutoIt C C# C++ Chilkat2-Python CkPython Classic ASP DataFlex Delphi ActiveX Delphi DLL Go Java Lianja Mono C# Node.js Objective-C PHP ActiveX PHP Extension Perl PowerBuilder PowerShell PureBasic Ruby SQL Server Swift 2 Swift 3,4,5... Tcl Unicode C Unicode C++ VB.NET VBScript Visual Basic 6.0 Visual FoxPro Xojo Plugin
(SQL Server) Verify HMAC XML Digital SignatureDemonstrates how to validate an XML digital signature signed with an HMAC key.
-- Important: See this note about string length limitations for strings returned by sp_OAMethod calls. -- CREATE PROCEDURE ChilkatSample AS BEGIN DECLARE @hr int -- Important: Do not use nvarchar(max). See the warning about using nvarchar(max). DECLARE @sTmp0 nvarchar(4000) -- This example requires the Chilkat API to have been previously unlocked. -- See Global Unlock Sample for sample code. -- The XML containing the Signature to be verified contains the following: -- <?xml version="1.0" encoding="UTF-8" standalone="no"?> -- <collection Id="root"> -- <album> -- <title>Questions, unanswered</title> -- <artist>Steve and the flubberblubs</artist> -- <year>1989</year> -- <t:tracks xmlns:t="http://test.xades4j/tracks"> -- <t:song length="4:05" tracknumber="1"> -- <t:title>What do you know?</t:title> -- <t:artist>Steve and the flubberblubs</t:artist> -- <t:lastplayed>2006-10-17-08:31</t:lastplayed> -- </t:song> -- <t:song length="3:45" tracknumber="2"> -- <t:title>Who do you know?</t:title> -- <t:artist>Steve and the flubberblubs</t:artist> -- <t:lastplayed>2006-10-17-08:35</t:lastplayed> -- </t:song> -- <t:song length="5:14" tracknumber="3"> -- <t:title>When do you know?</t:title> -- <t:artist>Steve and the flubberblubs</t:artist> -- <t:lastplayed>2006-10-17-08:39</t:lastplayed> -- </t:song> -- <t:song length="4:19" tracknumber="4"> -- <t:title>Do you know?</t:title> -- <t:artist>Steve and the flubberblubs</t:artist> -- <t:lastplayed>2006-10-17-08:44</t:lastplayed> -- </t:song> -- </t:tracks> -- </album> -- <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#"><ds:SignedInfo><ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/><ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#hmac-sha256"/><ds:Reference URI="#root"><ds:Transforms><ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/></ds:Transforms><ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/><ds:DigestValue>rD/g8soqKz8EiPUBhEWfcQacS0ta4ULHX3dKMEH6ZoQ=</ds:DigestValue></ds:Reference></ds:SignedInfo><ds:SignatureValue>R8dXP95VRYJBfL6d0Peogybdk27+R+JIfX8jnVu0NOI=</ds:SignatureValue></ds:Signature></collection> -- The above XML is available at https://www.chilkatsoft.com/exampleData/hmacSigned.xml -- First fetch the XML.. DECLARE @url nvarchar(4000) SELECT @url = 'https://www.chilkatsoft.com/exampleData/hmacSigned.xml' DECLARE @http int -- Use "Chilkat_9_5_0.Http" for versions of Chilkat < 10.0.0 EXEC @hr = sp_OACreate 'Chilkat.Http', @http OUT IF @hr <> 0 BEGIN PRINT 'Failed to create ActiveX component' RETURN END DECLARE @sbXml int -- Use "Chilkat_9_5_0.StringBuilder" for versions of Chilkat < 10.0.0 EXEC @hr = sp_OACreate 'Chilkat.StringBuilder', @sbXml OUT DECLARE @success int EXEC sp_OAMethod @http, 'QuickGetSb', @success OUT, @url, @sbXml IF @success <> 1 BEGIN EXEC sp_OAGetProperty @http, 'LastErrorText', @sTmp0 OUT PRINT @sTmp0 EXEC @hr = sp_OADestroy @http EXEC @hr = sp_OADestroy @sbXml RETURN END DECLARE @verifier int -- Use "Chilkat_9_5_0.XmlDSig" for versions of Chilkat < 10.0.0 EXEC @hr = sp_OACreate 'Chilkat.XmlDSig', @verifier OUT -- Load the XML containing the signature to be verified. EXEC sp_OAMethod @verifier, 'LoadSignatureSb', @success OUT, @sbXml IF @success <> 1 BEGIN EXEC sp_OAGetProperty @verifier, 'LastErrorText', @sTmp0 OUT PRINT @sTmp0 EXEC @hr = sp_OADestroy @http EXEC @hr = sp_OADestroy @sbXml EXEC @hr = sp_OADestroy @verifier RETURN END -- Provide the HMAC key -- The HMAC key for this signature is the us-ascii bytes of the string "secret", -- It can be set in any of the following ways (and also more ways not shown here..) EXEC sp_OAMethod @verifier, 'SetHmacKey', @success OUT, 'secret', 'ascii' -- or EXEC sp_OAMethod @verifier, 'SetHmacKey', @success OUT, 'c2VjcmV0', 'base64' -- or EXEC sp_OAMethod @verifier, 'SetHmacKey', @success OUT, '736563726574', 'hex' -- Verify the signature DECLARE @bVerified int EXEC sp_OAMethod @verifier, 'VerifySignature', @bVerified OUT, 1 PRINT 'Signature verified = ' + @bVerified EXEC @hr = sp_OADestroy @http EXEC @hr = sp_OADestroy @sbXml EXEC @hr = sp_OADestroy @verifier END GO |
© 2000-2024 Chilkat Software, Inc. All Rights Reserved.