DataFlex
DataFlex
Verify XML Signature with External URL References
See more XML Digital Signatures Examples
Demonstrates how to verify an XML digital signature that includes references to URLs where the data to be digested is on a web server.Chilkat DataFlex Downloads
Use ChilkatAx-win32.pkg
Procedure Test
Boolean iSuccess
Handle hoVerifier
Handle hoHttp
Variant vSbSignedXml
Handle hoSbSignedXml
Handle hoSbRefUri
Variant vBd
Handle hoBd
Integer iNumRefs
Integer i
Boolean iBVerified
String sTemp1
Boolean bTemp1
Move False To iSuccess
// This example requires the Chilkat API to have been previously unlocked.
// See Global Unlock Sample for sample code.
// The signed XML we wish to verify contains external references such as this:
// <ds:Reference Id="xmldsig-e7ae7ce2-9133-4d56-bd97-0a6aef738cc2-ref0" URI="https://www.chilkatsoft.com/images/starfish.jpg">
// <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
// <ds:DigestValue>AOU810yJV5Np/DnO29qpObqiTSTTCDvxGsX5ayiTYXI=</ds:DigestValue>
// </ds:Reference>
// <ds:Reference Id="xmldsig-e7ae7ce2-9133-4d56-bd97-0a6aef738cc2-ref1" URI="https://www.chilkatsoft.com/hamlet.xml">
// <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
// <ds:DigestValue>4sRRyWOzC7EOic4fQ9+Op1pa10DbgoBGjBvkq09LZmE=</ds:DigestValue>
// </ds:Reference>
Get Create (RefClass(cComChilkatXmlDSig)) To hoVerifier
If (Not(IsComObjectCreated(hoVerifier))) Begin
Send CreateComObject of hoVerifier
End
Get Create (RefClass(cComChilkatHttp)) To hoHttp
If (Not(IsComObjectCreated(hoHttp))) Begin
Send CreateComObject of hoHttp
End
// First load the signed XML
Get Create (RefClass(cComChilkatStringBuilder)) To hoSbSignedXml
If (Not(IsComObjectCreated(hoSbSignedXml))) Begin
Send CreateComObject of hoSbSignedXml
End
Get ComLoadFile Of hoSbSignedXml "qa_data/xml_dsig_verify/signedWithExternalUrlRefs.xml" "utf-8" To iSuccess
If (iSuccess = False) Begin
Showln "Failed to load signed XML."
Procedure_Return
End
Get pvComObject of hoSbSignedXml to vSbSignedXml
Get ComLoadSignatureSb Of hoVerifier vSbSignedXml To iSuccess
If (iSuccess = False) Begin
Get ComLastErrorText Of hoVerifier To sTemp1
Showln sTemp1
Procedure_Return
End
// Iterate over each reference. If it is an external URL reference, download the data and provide it to the verifier.
Get Create (RefClass(cComChilkatStringBuilder)) To hoSbRefUri
If (Not(IsComObjectCreated(hoSbRefUri))) Begin
Send CreateComObject of hoSbRefUri
End
Get Create (RefClass(cComChilkatBinData)) To hoBd
If (Not(IsComObjectCreated(hoBd))) Begin
Send CreateComObject of hoBd
End
Get ComNumReferences Of hoVerifier To iNumRefs
Move 0 To i
While (i < iNumRefs)
Get ComIsReferenceExternal Of hoVerifier i To bTemp1
If (bTemp1 = True) Begin
Send ComClear To hoSbRefUri
Get ComReferenceUri Of hoVerifier i To sTemp1
Get ComAppend Of hoSbRefUri sTemp1 To iSuccess
Get ComStartsWith Of hoSbRefUri "https://" False To bTemp1
If (bTemp1 = True) Begin
Get ComGetAsString Of hoSbRefUri To sTemp1
Showln "External URL Reference: " sTemp1
// Download the data at the URL and provide to the verifier.
Get ComGetAsString Of hoSbRefUri To sTemp1
Get pvComObject of hoBd to vBd
Get ComDownloadBd Of hoHttp sTemp1 vBd To iSuccess
If (iSuccess = False) Begin
Get ComLastErrorText Of hoHttp To sTemp1
Showln sTemp1
Procedure_Return
End
Get pvComObject of hoBd to vBd
Get ComSetRefDataBd Of hoVerifier i vBd To iSuccess
If (iSuccess = False) Begin
Get ComLastErrorText Of hoVerifier To sTemp1
Showln sTemp1
Procedure_Return
End
End
End
Move (i + 1) To i
Loop
// Now that we have the external data, verify the signature..
Get ComVerifySignature Of hoVerifier True To iBVerified
If (iBVerified = False) Begin
Get ComLastErrorText Of hoVerifier To sTemp1
Showln sTemp1
End
Showln "Signature verified = " iBVerified
End_Procedure