Sample code for 30+ languages & platforms
DataFlex

Verify XML Signature with External URL References

See more XML Digital Signatures Examples

Demonstrates how to verify an XML digital signature that includes references to URLs where the data to be digested is on a web server.

Chilkat DataFlex Downloads

DataFlex
Use ChilkatAx-win32.pkg

Procedure Test
    Boolean iSuccess
    Handle hoVerifier
    Handle hoHttp
    Variant vSbSignedXml
    Handle hoSbSignedXml
    Handle hoSbRefUri
    Variant vBd
    Handle hoBd
    Integer iNumRefs
    Integer i
    Boolean iBVerified
    String sTemp1
    Boolean bTemp1

    Move False To iSuccess

    // This example requires the Chilkat API to have been previously unlocked.
    // See Global Unlock Sample for sample code.

    // The signed XML we wish to verify contains external references such as this:

    //     <ds:Reference Id="xmldsig-e7ae7ce2-9133-4d56-bd97-0a6aef738cc2-ref0" URI="https://www.chilkatsoft.com/images/starfish.jpg">
    //       <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
    //       <ds:DigestValue>AOU810yJV5Np/DnO29qpObqiTSTTCDvxGsX5ayiTYXI=</ds:DigestValue>
    //     </ds:Reference>
    //     <ds:Reference Id="xmldsig-e7ae7ce2-9133-4d56-bd97-0a6aef738cc2-ref1" URI="https://www.chilkatsoft.com/hamlet.xml">
    //       <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
    //       <ds:DigestValue>4sRRyWOzC7EOic4fQ9+Op1pa10DbgoBGjBvkq09LZmE=</ds:DigestValue>
    //     </ds:Reference>

    Get Create (RefClass(cComChilkatXmlDSig)) To hoVerifier
    If (Not(IsComObjectCreated(hoVerifier))) Begin
        Send CreateComObject of hoVerifier
    End
    Get Create (RefClass(cComChilkatHttp)) To hoHttp
    If (Not(IsComObjectCreated(hoHttp))) Begin
        Send CreateComObject of hoHttp
    End

    // First load the signed XML
    Get Create (RefClass(cComChilkatStringBuilder)) To hoSbSignedXml
    If (Not(IsComObjectCreated(hoSbSignedXml))) Begin
        Send CreateComObject of hoSbSignedXml
    End
    Get ComLoadFile Of hoSbSignedXml "qa_data/xml_dsig_verify/signedWithExternalUrlRefs.xml" "utf-8" To iSuccess
    If (iSuccess = False) Begin
        Showln "Failed to load signed XML."
        Procedure_Return
    End

    Get pvComObject of hoSbSignedXml to vSbSignedXml
    Get ComLoadSignatureSb Of hoVerifier vSbSignedXml To iSuccess
    If (iSuccess = False) Begin
        Get ComLastErrorText Of hoVerifier To sTemp1
        Showln sTemp1
        Procedure_Return
    End

    // Iterate over each reference.  If it is an external URL reference, download the data and provide it to the verifier.
    Get Create (RefClass(cComChilkatStringBuilder)) To hoSbRefUri
    If (Not(IsComObjectCreated(hoSbRefUri))) Begin
        Send CreateComObject of hoSbRefUri
    End
    Get Create (RefClass(cComChilkatBinData)) To hoBd
    If (Not(IsComObjectCreated(hoBd))) Begin
        Send CreateComObject of hoBd
    End
    Get ComNumReferences Of hoVerifier To iNumRefs
    Move 0 To i
    While (i < iNumRefs)
        Get ComIsReferenceExternal Of hoVerifier i To bTemp1
        If (bTemp1 = True) Begin
            Send ComClear To hoSbRefUri
            Get ComReferenceUri Of hoVerifier i To sTemp1
            Get ComAppend Of hoSbRefUri sTemp1 To iSuccess
            Get ComStartsWith Of hoSbRefUri "https://" False To bTemp1
            If (bTemp1 = True) Begin
                Get ComGetAsString Of hoSbRefUri To sTemp1
                Showln "External URL Reference: " sTemp1

                // Download the data at the URL and provide to the verifier.
                Get ComGetAsString Of hoSbRefUri To sTemp1
                Get pvComObject of hoBd to vBd
                Get ComDownloadBd Of hoHttp sTemp1 vBd To iSuccess
                If (iSuccess = False) Begin
                    Get ComLastErrorText Of hoHttp To sTemp1
                    Showln sTemp1
                    Procedure_Return
                End

                Get pvComObject of hoBd to vBd
                Get ComSetRefDataBd Of hoVerifier i vBd To iSuccess
                If (iSuccess = False) Begin
                    Get ComLastErrorText Of hoVerifier To sTemp1
                    Showln sTemp1
                    Procedure_Return
                End

            End

        End

        Move (i + 1) To i
    Loop

    // Now that we have the external data, verify the signature..
    Get ComVerifySignature Of hoVerifier True To iBVerified
    If (iBVerified = False) Begin
        Get ComLastErrorText Of hoVerifier To sTemp1
        Showln sTemp1
    End

    Showln "Signature verified = " iBVerified


End_Procedure