Sample code for 30+ languages & platforms
Delphi ActiveX

Verify XML Signature with External URL References

See more XML Digital Signatures Examples

Demonstrates how to verify an XML digital signature that includes references to URLs where the data to be digested is on a web server.

Chilkat Delphi ActiveX Downloads

Delphi ActiveX
uses
    Winapi.Windows, Winapi.Messages, System.SysUtils, System.Variants, System.Classes, Vcl.Graphics,
    Vcl.Controls, Vcl.Forms, Vcl.Dialogs, Vcl.StdCtrls, Chilkat_TLB;

...

procedure TForm1.Button1Click(Sender: TObject);
var
success: Integer;
verifier: TChilkatXmlDSig;
http: TChilkatHttp;
sbSignedXml: TChilkatStringBuilder;
sbRefUri: TChilkatStringBuilder;
bd: TChilkatBinData;
numRefs: Integer;
i: Integer;
bVerified: Integer;

begin
success := 0;

// This example requires the Chilkat API to have been previously unlocked.
// See Global Unlock Sample for sample code.

// The signed XML we wish to verify contains external references such as this:

//     <ds:Reference Id="xmldsig-e7ae7ce2-9133-4d56-bd97-0a6aef738cc2-ref0" URI="https://www.chilkatsoft.com/images/starfish.jpg">
//       <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
//       <ds:DigestValue>AOU810yJV5Np/DnO29qpObqiTSTTCDvxGsX5ayiTYXI=</ds:DigestValue>
//     </ds:Reference>
//     <ds:Reference Id="xmldsig-e7ae7ce2-9133-4d56-bd97-0a6aef738cc2-ref1" URI="https://www.chilkatsoft.com/hamlet.xml">
//       <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
//       <ds:DigestValue>4sRRyWOzC7EOic4fQ9+Op1pa10DbgoBGjBvkq09LZmE=</ds:DigestValue>
//     </ds:Reference>

verifier := TChilkatXmlDSig.Create(Self);
http := TChilkatHttp.Create(Self);

// First load the signed XML
sbSignedXml := TChilkatStringBuilder.Create(Self);
success := sbSignedXml.LoadFile('qa_data/xml_dsig_verify/signedWithExternalUrlRefs.xml','utf-8');
if (success = 0) then
  begin
    Memo1.Lines.Add('Failed to load signed XML.');
    Exit;
  end;

success := verifier.LoadSignatureSb(sbSignedXml.ControlInterface);
if (success = 0) then
  begin
    Memo1.Lines.Add(verifier.LastErrorText);
    Exit;
  end;

// Iterate over each reference.  If it is an external URL reference, download the data and provide it to the verifier.
sbRefUri := TChilkatStringBuilder.Create(Self);
bd := TChilkatBinData.Create(Self);
numRefs := verifier.NumReferences;
i := 0;
while i < numRefs do
  begin
    if (verifier.IsReferenceExternal(i) = 1) then
      begin
        sbRefUri.Clear();
        sbRefUri.Append(verifier.ReferenceUri(i));
        if (sbRefUri.StartsWith('https://',0) = 1) then
          begin
            Memo1.Lines.Add('External URL Reference: ' + sbRefUri.GetAsString());

            // Download the data at the URL and provide to the verifier.
            success := http.DownloadBd(sbRefUri.GetAsString(),bd.ControlInterface);
            if (success = 0) then
              begin
                Memo1.Lines.Add(http.LastErrorText);
                Exit;
              end;
            success := verifier.SetRefDataBd(i,bd.ControlInterface);
            if (success = 0) then
              begin
                Memo1.Lines.Add(verifier.LastErrorText);
                Exit;
              end;
          end;
      end;
    i := i + 1;
  end;

// Now that we have the external data, verify the signature..
bVerified := verifier.VerifySignature(1);
if (bVerified = 0) then
  begin
    Memo1.Lines.Add(verifier.LastErrorText);
  end;
Memo1.Lines.Add('Signature verified = ' + IntToStr(Ord(bVerified)));
end;