(PowerBuilder) Verify HMAC XML Digital Signature

Demonstrates how to validate an XML digital signature signed with an HMAC key.

Chilkat ActiveX Downloads ActiveX for 32-bit and 64-bit Windows

integer li_rc
string ls_Url
oleobject loo_Http
oleobject loo_SbXml
integer li_Success
oleobject loo_Verifier
integer li_BVerified

// This example requires the Chilkat API to have been previously unlocked.
// See Global Unlock Sample for sample code.

// The XML containing the Signature to be verified contains the following:

// <?xml version="1.0" encoding="UTF-8" standalone="no"?>
// <collection Id="root">
// 	<album>
// 		<title>Questions, unanswered</title>
// 		<artist>Steve and the flubberblubs</artist>
// 		<year>1989</year>
// 		<t:tracks xmlns:t="http://test.xades4j/tracks">
// 			<t:song length="4:05" tracknumber="1">
// 				<t:title>What do you know?</t:title>
// 				<t:artist>Steve and the flubberblubs</t:artist>
// 				<t:lastplayed>2006-10-17-08:31</t:lastplayed>
// 			</t:song>
// 			<t:song length="3:45" tracknumber="2">
// 				<t:title>Who do you know?</t:title>
// 				<t:artist>Steve and the flubberblubs</t:artist>
// 				<t:lastplayed>2006-10-17-08:35</t:lastplayed>
// 			</t:song>
// 			<t:song length="5:14" tracknumber="3">
// 				<t:title>When do you know?</t:title>
// 				<t:artist>Steve and the flubberblubs</t:artist>
// 				<t:lastplayed>2006-10-17-08:39</t:lastplayed>
// 			</t:song>
// 			<t:song length="4:19" tracknumber="4">
// 				<t:title>Do you know?</t:title>
// 				<t:artist>Steve and the flubberblubs</t:artist>
// 				<t:lastplayed>2006-10-17-08:44</t:lastplayed>
// 			</t:song>
// 		</t:tracks>
// 	</album>
// <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#"><ds:SignedInfo><ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/><ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#hmac-sha256"/><ds:Reference URI="#root"><ds:Transforms><ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/></ds:Transforms><ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/><ds:DigestValue>rD/g8soqKz8EiPUBhEWfcQacS0ta4ULHX3dKMEH6ZoQ=</ds:DigestValue></ds:Reference></ds:SignedInfo><ds:SignatureValue>R8dXP95VRYJBfL6d0Peogybdk27+R+JIfX8jnVu0NOI=</ds:SignatureValue></ds:Signature></collection>

// The above XML is available at https://www.chilkatsoft.com/exampleData/hmacSigned.xml
// First fetch the XML..

ls_Url = "https://www.chilkatsoft.com/exampleData/hmacSigned.xml"
loo_Http = create oleobject
// Use "Chilkat_9_5_0.Http" for versions of Chilkat < 10.0.0
li_rc = loo_Http.ConnectToNewObject("Chilkat.Http")
if li_rc < 0 then
    destroy loo_Http
    MessageBox("Error","Connecting to COM object failed")
    return
end if
loo_SbXml = create oleobject
// Use "Chilkat_9_5_0.StringBuilder" for versions of Chilkat < 10.0.0
li_rc = loo_SbXml.ConnectToNewObject("Chilkat.StringBuilder")

li_Success = loo_Http.QuickGetSb(ls_Url,loo_SbXml)
if li_Success <> 1 then
    Write-Debug loo_Http.LastErrorText
    destroy loo_Http
    destroy loo_SbXml
    return
end if

loo_Verifier = create oleobject
// Use "Chilkat_9_5_0.XmlDSig" for versions of Chilkat < 10.0.0
li_rc = loo_Verifier.ConnectToNewObject("Chilkat.XmlDSig")

// Load the XML containing the signature to be verified.
li_Success = loo_Verifier.LoadSignatureSb(loo_SbXml)
if li_Success <> 1 then
    Write-Debug loo_Verifier.LastErrorText
    destroy loo_Http
    destroy loo_SbXml
    destroy loo_Verifier
    return
end if

// Provide the HMAC key
// The HMAC key for this signature is the us-ascii bytes of the string "secret",
// It can be set in any of the following ways (and also more ways not shown here..)
loo_Verifier.SetHmacKey("secret","ascii")
// or
loo_Verifier.SetHmacKey("c2VjcmV0","base64")
// or
loo_Verifier.SetHmacKey("736563726574","hex")

// Verify the signature
li_BVerified = loo_Verifier.VerifySignature(1)
Write-Debug "Signature verified = " + string(li_BVerified)


destroy loo_Http
destroy loo_SbXml
destroy loo_Verifier