Sample code for 30+ languages & platforms
Objective-C

Verify an XML Signature with Multiple References

See more XML Digital Signatures Examples

Demonstrates how to verify an XML digital signature that contains multiple references.

Chilkat Objective-C Downloads

Objective-C
#import <CkoHttp.h>
#import <CkoStringBuilder.h>
#import <CkoXmlDSig.h>

BOOL success = NO;

// This example requires the Chilkat API to have been previously unlocked.
// See Global Unlock Sample for sample code.

// An example of an enveloping XML signature with mulitple references is available at
// https://www.chilkatsoft.com/exampleData/envelopedMultipleRefs.xml

// This example will show how to verify the signature and all references, and also how
// to verify each reference individually.  This is useful to distinguish which part
// of the XML signature validation failed.  It could be that one or more of the references
// failed because of a hash computation mismatch.  Or it could be that the signature over
// the SignedInfo failed.  

// First, let's grab the sample XML signature.
CkoHttp *http = [[CkoHttp alloc] init];
CkoStringBuilder *sbXml = [[CkoStringBuilder alloc] init];
success = [http QuickGetSb: @"https://www.chilkatsoft.com/exampleData/envelopedMultipleRefs.xml" sbContent: sbXml];
if (success != YES) {
    NSLog(@"%@",http.LastErrorText);
    return;
}

// Load the XML containing the signature to be verified.
CkoXmlDSig *verifier = [[CkoXmlDSig alloc] init];
success = [verifier LoadSignatureSb: sbXml];
if (success != YES) {
    NSLog(@"%@",verifier.LastErrorText);
    return;
}

BOOL verifyReferenceDigests = YES;

// The quick way to validate all references and the signature over the SignedInfo
// is to call VerifySignature with verifyReferenceDigests equal to YES.
BOOL verified = [verifier VerifySignature: verifyReferenceDigests];
NSLog(@"%@%d",@"Signature and all reference digests verified = ",verified);

// Let's pretend the call to VerifySignature returned NO.  Something did not validate.
// Was it one or more of the References that did not hash to the correct value?
// Or was it the signature over the SignedInfo that failed?
// We can check just the signature over the SignedInfo by passing NO to VerifySignature.
// This allows us to skip the hashing and checking each Reference.  
verifyReferenceDigests = NO;
BOOL signedInfoVerified = [verifier VerifySignature: verifyReferenceDigests];
NSLog(@"%@%d",@"Neglecting the reference hashes, the SignedInfo validation result = ",signedInfoVerified);

// We can also verify each reference digest separately
int numRefs = [verifier.NumReferences intValue];
int i = 0;
while (i < numRefs) {
    BOOL refDigestVerified = [verifier VerifyReferenceDigest: [NSNumber numberWithInt: i]];
    NSLog(@"%@%d%@%d",@"Reference ",i,@" digest verified = ",refDigestVerified);
    i = i + 1;
}

// For this sample XML signature with 3 References, we get the following output:

// Signature and all reference digests verified = True
// Neglecting the reference hashes, the SignedInfo validation result = True
// Reference 0 digest verified = True
// Reference 1 digest verified = True
// Reference 2 digest verified = Tru