Sample code for 30+ languages & platforms
DataFlex

Verify XML Digital Signature with an RSA Key

See more XML Digital Signatures Examples

This example demonstrates how to verify an XML signature, where the RSA public key is embedded in the KeyInfo part of the Signature. When this is the case, nothing external is needed to verify the signature.

This example requires Chilkat v9.5.0.69 or greater.

Chilkat DataFlex Downloads

DataFlex
Use ChilkatAx-win32.pkg

Procedure Test
    Boolean iSuccess
    String sUrl
    Handle hoHttp
    Variant vSbXml
    Handle hoSbXml
    Handle hoDsig
    Integer i
    Boolean iBVerifyReferenceDigests
    Boolean iBVerified
    String sTemp1

    Move False To iSuccess

    // This example requires the Chilkat API to have been previously unlocked.
    // See Global Unlock Sample for sample code.

    // The signed XML to be verified in this example contains the following:

    // <?xml version="1.0" encoding="UTF-8"?>
    // <Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
    // <SignedInfo>
    //   <CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315" />
    //   <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
    //   <Reference URI="#object">
    //     <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
    //     <DigestValue>OPnpF/ZNLDxJ/I+1F3iHhlmSwgo=</DigestValue>
    //   </Reference>
    // </SignedInfo>
    // <SignatureValue>nihUFQg4mDhLgecvhIcKb9Gz8VRTOlw+adiZOBBXgK4JodEe5aFfCqm8WcRIT8GLLXSk8PsUP4//SsKqUBQkpotcAqQAhtz2v9kCWdoUDnAOtFZkd/CnsZ1sge0ndha40wWDV+nOWyJxkYgicvB8POYtSmldLLepPGMz+J7/Uws=</SignatureValue>
    // <KeyInfo>
    //   <KeyValue>
    //     <RSAKeyValue><Modulus>4IlzOY3Y9fXoh3Y5f06wBbtTg94Pt6vcfcd1KQ0FLm0S36aGJtTSb6pYKfyX7PqCUQ8wgL6xUJ5GRPEsu9gyz8ZobwfZsGCsvu40CWoT9fcFBZPfXro1Vtlh/xl/yYHm+Gzqh0Bw76xtLHSfLfpVOrmZdwKmSFKMTvNXOFd0V18=</Modulus><Exponent>AQAB</Exponent></RSAKeyValue>
    //   </KeyValue>
    // </KeyInfo>
    // <Object Id="object">some text
    //   with spaces and CR-LF.</Object>
    // </Signature>

    // The above XML is available at https://www.chilkatsoft.com/exampleData/signedSample1.xml
    // Fetch the XML and then verify it..

    Move "https://www.chilkatsoft.com/exampleData/signedSample1.xml" To sUrl
    Get Create (RefClass(cComChilkatHttp)) To hoHttp
    If (Not(IsComObjectCreated(hoHttp))) Begin
        Send CreateComObject of hoHttp
    End
    Get Create (RefClass(cComChilkatStringBuilder)) To hoSbXml
    If (Not(IsComObjectCreated(hoSbXml))) Begin
        Send CreateComObject of hoSbXml
    End
    Get pvComObject of hoSbXml to vSbXml
    Get ComQuickGetSb Of hoHttp sUrl vSbXml To iSuccess
    If (iSuccess <> True) Begin
        Get ComLastErrorText Of hoHttp To sTemp1
        Showln sTemp1
        Procedure_Return
    End

    Get Create (RefClass(cComChilkatXmlDSig)) To hoDsig
    If (Not(IsComObjectCreated(hoDsig))) Begin
        Send CreateComObject of hoDsig
    End

    // First load the XML containing the signatures to be verified.
    // Note that this particular Signature already contains the RSA public key that will be used
    // for verification.
    Get pvComObject of hoSbXml to vSbXml
    Get ComLoadSignatureSb Of hoDsig vSbXml To iSuccess
    If (iSuccess <> True) Begin
        Get ComLastErrorText Of hoDsig To sTemp1
        Showln sTemp1
        Procedure_Return
    End

    // The XML in this example contains only 1 signature.
    // It's possible that an XML document can contain multiple signatures.
    // Each can be verified as follows:
    Move 0 To i
    While (i < (ComNumSignatures(hoDsig)))
        // Select the Nth signature by setting the Selector property.
        Set ComSelector Of hoDsig To i

        // The bVerifyReferenceDigests argument determines if we want
        // to also verify each reference digest.  If set to False,
        // then only the SignedInfo part of the Signature is verified.
        Move True To iBVerifyReferenceDigests
        Get ComVerifySignature Of hoDsig iBVerifyReferenceDigests To iBVerified
        Showln "Signature " (i + 1) " verified = " iBVerified

        Move (i + 1) To i
    Loop



End_Procedure