(Android™) Verify an XML Signature with Multiple References

Demonstrates how to verify an XML digital signature that contains multiple references.

Chilkat Android™ Downloads Android™ Java Libraries Android C/C++ Libraries

// Important: Don't forget to include the call to System.loadLibrary
// as shown at the bottom of this code sample.
package com.test;

import android.app.Activity;
import com.chilkatsoft.*;

import android.widget.TextView;
import android.os.Bundle;

public class SimpleActivity extends Activity {

  private static final String TAG = "Chilkat";

  // Called when the activity is first created.
  @Override
  public void onCreate(Bundle savedInstanceState) {
    super.onCreate(savedInstanceState);

    // This example requires the Chilkat API to have been previously unlocked.
    // See Global Unlock Sample for sample code.

    // An example of an enveloping XML signature with mulitple references is available at
    // https://www.chilkatsoft.com/exampleData/envelopedMultipleRefs.xml

    // This example will show how to verify the signature and all references, and also how
    // to verify each reference individually.  This is useful to distinguish which part
    // of the XML signature validation failed.  It could be that one or more of the references
    // failed because of a hash computation mismatch.  Or it could be that the signature over
    // the SignedInfo failed.  

    // First, let's grab the sample XML signature.
    CkHttp http = new CkHttp();
    CkStringBuilder sbXml = new CkStringBuilder();
    boolean success = http.QuickGetSb("https://www.chilkatsoft.com/exampleData/envelopedMultipleRefs.xml",sbXml);
    if (success != true) {
        Log.i(TAG, http.lastErrorText());
        return;
        }

    // Load the XML containing the signature to be verified.
    CkXmlDSig verifier = new CkXmlDSig();
    success = verifier.LoadSignatureSb(sbXml);
    if (success != true) {
        Log.i(TAG, verifier.lastErrorText());
        return;
        }

    boolean verifyReferenceDigests = true;

    // The quick way to validate all references and the signature over the SignedInfo
    // is to call VerifySignature with verifyReferenceDigests equal to true.
    boolean verified = verifier.VerifySignature(verifyReferenceDigests);
    Log.i(TAG, "Signature and all reference digests verified = " + String.valueOf(verified));

    // Let's pretend the call to VerifySignature returned false.  Something did not validate.
    // Was it one or more of the References that did not hash to the correct value?
    // Or was it the signature over the SignedInfo that failed?
    // We can check just the signature over the SignedInfo by passing false to VerifySignature.
    // This allows us to skip the hashing and checking each Reference.  
    verifyReferenceDigests = false;
    boolean signedInfoVerified = verifier.VerifySignature(verifyReferenceDigests);
    Log.i(TAG, "Neglecting the reference hashes, the SignedInfo validation result = " + String.valueOf(signedInfoVerified));

    // We can also verify each reference digest separately
    int numRefs = verifier.get_NumReferences();
    int i = 0;
    while (i < numRefs) {
        boolean refDigestVerified = verifier.VerifyReferenceDigest(i);
        Log.i(TAG, "Reference " + String.valueOf(i) + " digest verified = " + String.valueOf(refDigestVerified));
        i = i + 1;
        }

    // For this sample XML signature with 3 References, we get the following output:

    // Signature and all reference digests verified = True
    // Neglecting the reference hashes, the SignedInfo validation result = True
    // Reference 0 digest verified = True
    // Reference 1 digest verified = True
    // Reference 2 digest verified = Tru

  }

  static {
      System.loadLibrary("chilkat");

      // Note: If the incorrect library name is passed to System.loadLibrary,
      // then you will see the following error message at application startup:
      //"The application <your-application-name> has stopped unexpectedly. Please try again."
  }
}