(C) Verify XML Signature with External Data Reference

Demonstrates how to verify an XML digital signature where the data is external. In this case, the data is a JPG file.

This example requires Chilkat v9.5.0.69 or greater.

Chilkat C/C++ Library Downloads
MS Visual C/C++ C++ Builder Linux C/C++ Alpine Linux C/C++	MacOS C/C++ iOS C/C++ Android C/C++ MinGW C/C++

#include <C_CkHttp.h>
#include <C_CkStringBuilder.h>
#include <C_CkXmlDSig.h>
#include <C_CkBinData.h>

void ChilkatSample(void)
    {
    const char *url;
    HCkHttp http;
    HCkStringBuilder sbXml;
    BOOL success;
    HCkXmlDSig verifier;
    const char *refUri;
    HCkBinData jpgData;
    BOOL bVerified;

    // This example requires the Chilkat API to have been previously unlocked.
    // See Global Unlock Sample for sample code.

    // The XML containing the Signature to be verified contains the following:
    // <?xml version="1.0" encoding="UTF-8" standalone="no"?>
    // <abc>
    //   <xyz>
    //     <jpg>
    //         <name>starfish.jpg</name>
    //         <url>https://www.chilkatsoft.com/images/starfish.jpg</url>
    //     <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#"><ds:SignedInfo><ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/><ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/><ds:Reference URI="https://www.chilkatsoft.com/images/starfish.jpg"><ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/><ds:DigestValue>AOU810yJV5Np/DnO29qpObqiTSTTCDvxGsX5ayiTYXI=</ds:DigestValue></ds:Reference></ds:SignedInfo><ds:SignatureValue>MbHOti6nOh9DJP/u7u1+a1u0wRYIGEdaAVk5ehxqeBhcR4qvGvCQ7wLxcfDuwFG2grSg43ANxDYngLqZTeFb5nCfywcuNBQI8FrNRVY5hkyv6kDW1BVN8ot9qPYX9oHxJp1e+nMszIiSxqHX3XDI7YnvFt/0CyeO5JaQQEzXzIwqqb8iUNcH/bJzR6CrTf1hGuQ5MPorG0bRwbYPPHHzipUqHBinK8VbHobnxL7GQHAhR8k9gDD35kZcMxf/74U7pGO19ZzTbdJW5S7q4bVVxvsuU3itTbhHI60pOE14ibrjZtIrPZLVUD3TQqIIF04TChW2NXdYOo3+ij4ZnP8x+g==</ds:SignatureValue><ds:KeyInfo><ds:KeyValue><ds:RSAKeyValue><ds:Modulus>sXeRhM55P13FbpNcXAMR3olbw2Wa6keZIHu5YTZYUBTlYWId+pNiwUz3zFIEo+0IfYR0H27ybIycQO+1IIzJofUFNMAL3tZps2OKPlsjuCPls6kXpXhv/gvhux8LrCtp4PcKWqJ6QVOZKChc7WAx40qFWzHi57ueqRTv3x0kESqGg/VjsqyTEvb55psJO2RsfhLT7+YVh3hImRM3RDaJdkTkPuOxeFyT6N7VXD09329sLuS3QkUbE9zEKDnz9X3d8dEQdJhSI9ba5fxl8R7fu8pB67ElfzFml96X1jLFtzy1pzOT5Fc4ROcaqlYckVzdBq9sxezm6MYmDBjNAcibRw==</ds:Modulus><ds:Exponent>AQAB</ds:Exponent></ds:RSAKeyValue></ds:KeyValue></ds:KeyInfo></ds:Signature></jpg>
    //   </xyz>
    // </abc>

    // The above XML is available at https://www.chilkatsoft.com/exampleData/xmlsig_external_jpg_reference.xml
    // First fetch the XML..

    url = "https://www.chilkatsoft.com/exampleData/xmlsig_external_jpg_reference.xml";
    http = CkHttp_Create();
    sbXml = CkStringBuilder_Create();
    success = CkHttp_QuickGetSb(http,url,sbXml);
    if (success != TRUE) {
        printf("%s\n",CkHttp_lastErrorText(http));
        CkHttp_Dispose(http);
        CkStringBuilder_Dispose(sbXml);
        return;
    }

    verifier = CkXmlDSig_Create();

    // Load the XML containing the signatures to be verified.
    // Note that this particular Signature already contains the RSA public key that will be used
    // for verification.
    success = CkXmlDSig_LoadSignatureSb(verifier,sbXml);
    if (success != TRUE) {
        printf("%s\n",CkXmlDSig_lastErrorText(verifier));
        CkHttp_Dispose(http);
        CkStringBuilder_Dispose(sbXml);
        CkXmlDSig_Dispose(verifier);
        return;
    }

    // Get the Reference URI, which in this case is the URL to the binary data that was hashed.
    // This fetchs the URI attribute value from:  <ds:Reference URI="https://www.chilkatsoft.com/images/starfish.jpg">
    refUri = CkXmlDSig_referenceUri(verifier,0);
    if (CkXmlDSig_getLastMethodSuccess(verifier) != TRUE) {
        printf("No reference URI found.\n");
        CkHttp_Dispose(http);
        CkStringBuilder_Dispose(sbXml);
        CkXmlDSig_Dispose(verifier);
        return;
    }

    // Download the JPG data to be verified.
    jpgData = CkBinData_Create();
    success = CkHttp_QuickGetBd(http,refUri,jpgData);
    if (success != TRUE) {
        printf("%s\n",CkHttp_lastErrorText(http));
        CkHttp_Dispose(http);
        CkStringBuilder_Dispose(sbXml);
        CkXmlDSig_Dispose(verifier);
        CkBinData_Dispose(jpgData);
        return;
    }

    // Provide the JPG data to the verifier
    CkXmlDSig_SetRefDataBd(verifier,0,jpgData);

    // Verify the signature
    bVerified = CkXmlDSig_VerifySignature(verifier,TRUE);
    printf("Signature verified = %d\n",bVerified);


    CkHttp_Dispose(http);
    CkStringBuilder_Dispose(sbXml);
    CkXmlDSig_Dispose(verifier);
    CkBinData_Dispose(jpgData);

    }