DataFlex
DataFlex
Verify HMAC XML Digital Signature
See more XML Digital Signatures Examples
Demonstrates how to validate an XML digital signature signed with an HMAC key.Chilkat DataFlex Downloads
Use ChilkatAx-win32.pkg
Procedure Test
Boolean iSuccess
String sUrl
Handle hoHttp
Variant vSbXml
Handle hoSbXml
Handle hoVerifier
Boolean iBVerified
String sTemp1
Move False To iSuccess
// This example requires the Chilkat API to have been previously unlocked.
// See Global Unlock Sample for sample code.
// The XML containing the Signature to be verified contains the following:
// <?xml version="1.0" encoding="UTF-8" standalone="no"?>
// <collection Id="root">
// <album>
// <title>Questions, unanswered</title>
// <artist>Steve and the flubberblubs</artist>
// <year>1989</year>
// <t:tracks xmlns:t="http://test.xades4j/tracks">
// <t:song length="4:05" tracknumber="1">
// <t:title>What do you know?</t:title>
// <t:artist>Steve and the flubberblubs</t:artist>
// <t:lastplayed>2006-10-17-08:31</t:lastplayed>
// </t:song>
// <t:song length="3:45" tracknumber="2">
// <t:title>Who do you know?</t:title>
// <t:artist>Steve and the flubberblubs</t:artist>
// <t:lastplayed>2006-10-17-08:35</t:lastplayed>
// </t:song>
// <t:song length="5:14" tracknumber="3">
// <t:title>When do you know?</t:title>
// <t:artist>Steve and the flubberblubs</t:artist>
// <t:lastplayed>2006-10-17-08:39</t:lastplayed>
// </t:song>
// <t:song length="4:19" tracknumber="4">
// <t:title>Do you know?</t:title>
// <t:artist>Steve and the flubberblubs</t:artist>
// <t:lastplayed>2006-10-17-08:44</t:lastplayed>
// </t:song>
// </t:tracks>
// </album>
// <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#"><ds:SignedInfo><ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/><ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#hmac-sha256"/><ds:Reference URI="#root"><ds:Transforms><ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/></ds:Transforms><ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/><ds:DigestValue>rD/g8soqKz8EiPUBhEWfcQacS0ta4ULHX3dKMEH6ZoQ=</ds:DigestValue></ds:Reference></ds:SignedInfo><ds:SignatureValue>R8dXP95VRYJBfL6d0Peogybdk27+R+JIfX8jnVu0NOI=</ds:SignatureValue></ds:Signature></collection>
// The above XML is available at https://www.chilkatsoft.com/exampleData/hmacSigned.xml
// First fetch the XML..
Move "https://www.chilkatsoft.com/exampleData/hmacSigned.xml" To sUrl
Get Create (RefClass(cComChilkatHttp)) To hoHttp
If (Not(IsComObjectCreated(hoHttp))) Begin
Send CreateComObject of hoHttp
End
Get Create (RefClass(cComChilkatStringBuilder)) To hoSbXml
If (Not(IsComObjectCreated(hoSbXml))) Begin
Send CreateComObject of hoSbXml
End
Get pvComObject of hoSbXml to vSbXml
Get ComQuickGetSb Of hoHttp sUrl vSbXml To iSuccess
If (iSuccess <> True) Begin
Get ComLastErrorText Of hoHttp To sTemp1
Showln sTemp1
Procedure_Return
End
Get Create (RefClass(cComChilkatXmlDSig)) To hoVerifier
If (Not(IsComObjectCreated(hoVerifier))) Begin
Send CreateComObject of hoVerifier
End
// Load the XML containing the signature to be verified.
Get pvComObject of hoSbXml to vSbXml
Get ComLoadSignatureSb Of hoVerifier vSbXml To iSuccess
If (iSuccess <> True) Begin
Get ComLastErrorText Of hoVerifier To sTemp1
Showln sTemp1
Procedure_Return
End
// Provide the HMAC key
// The HMAC key for this signature is the us-ascii bytes of the string "secret",
// It can be set in any of the following ways (and also more ways not shown here..)
Get ComSetHmacKey Of hoVerifier "secret" "ascii" To iSuccess
// or
Get ComSetHmacKey Of hoVerifier "c2VjcmV0" "base64" To iSuccess
// or
Get ComSetHmacKey Of hoVerifier "736563726574" "hex" To iSuccess
// Verify the signature
Get ComVerifySignature Of hoVerifier True To iBVerified
Showln "Signature verified = " iBVerified
End_Procedure