(PureBasic) Verify XML Signature with External URL References

Demonstrates how to verify an XML digital signature that includes references to URLs where the data to be digested is on a web server.

Chilkat PureBasic Module Download Chilkat PureBasic Module

IncludeFile "CkBinData.pb"
IncludeFile "CkHttp.pb"
IncludeFile "CkStringBuilder.pb"
IncludeFile "CkXmlDSig.pb"

Procedure ChilkatExample()

    ; This example requires the Chilkat API to have been previously unlocked.
    ; See Global Unlock Sample for sample code.

    ; The signed XML we wish to verify contains external references such as this:

    ;     <ds:Reference Id="xmldsig-e7ae7ce2-9133-4d56-bd97-0a6aef738cc2-ref0" URI="https://www.chilkatsoft.com/images/starfish.jpg">
    ;       <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
    ;       <ds:DigestValue>AOU810yJV5Np/DnO29qpObqiTSTTCDvxGsX5ayiTYXI=</ds:DigestValue>
    ;     </ds:Reference>
    ;     <ds:Reference Id="xmldsig-e7ae7ce2-9133-4d56-bd97-0a6aef738cc2-ref1" URI="https://www.chilkatsoft.com/hamlet.xml">
    ;       <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
    ;       <ds:DigestValue>4sRRyWOzC7EOic4fQ9+Op1pa10DbgoBGjBvkq09LZmE=</ds:DigestValue>
    ;     </ds:Reference>

    verifier.i = CkXmlDSig::ckCreate()
    If verifier.i = 0
        Debug "Failed to create object."
        ProcedureReturn
    EndIf

    http.i = CkHttp::ckCreate()
    If http.i = 0
        Debug "Failed to create object."
        ProcedureReturn
    EndIf

    ; First load the signed XML
    sbSignedXml.i = CkStringBuilder::ckCreate()
    If sbSignedXml.i = 0
        Debug "Failed to create object."
        ProcedureReturn
    EndIf

    success.i = CkStringBuilder::ckLoadFile(sbSignedXml,"qa_data/xml_dsig_verify/signedWithExternalUrlRefs.xml","utf-8")
    If success = 0
        Debug "Failed to load signed XML."
        CkXmlDSig::ckDispose(verifier)
        CkHttp::ckDispose(http)
        CkStringBuilder::ckDispose(sbSignedXml)
        ProcedureReturn
    EndIf

    success = CkXmlDSig::ckLoadSignatureSb(verifier,sbSignedXml)
    If success = 0
        Debug CkXmlDSig::ckLastErrorText(verifier)
        CkXmlDSig::ckDispose(verifier)
        CkHttp::ckDispose(http)
        CkStringBuilder::ckDispose(sbSignedXml)
        ProcedureReturn
    EndIf

    ; Iterate over each reference.  If it is an external URL reference, download the data and provide it to the verifier.
    sbRefUri.i = CkStringBuilder::ckCreate()
    If sbRefUri.i = 0
        Debug "Failed to create object."
        ProcedureReturn
    EndIf

    bd.i = CkBinData::ckCreate()
    If bd.i = 0
        Debug "Failed to create object."
        ProcedureReturn
    EndIf

    numRefs.i = CkXmlDSig::ckNumReferences(verifier)
    i.i = 0
    While i < numRefs
        If CkXmlDSig::ckIsReferenceExternal(verifier,i) = 1
            CkStringBuilder::ckClear(sbRefUri)
            CkStringBuilder::ckAppend(sbRefUri,CkXmlDSig::ckReferenceUri(verifier,i))
            If CkStringBuilder::ckStartsWith(sbRefUri,"https://",0) = 1
                Debug "External URL Reference: " + CkStringBuilder::ckGetAsString(sbRefUri)

                ; Download the data at the URL and provide to the verifier.
                success = CkHttp::ckDownloadBd(http,CkStringBuilder::ckGetAsString(sbRefUri),bd)
                If success = 0
                    Debug CkHttp::ckLastErrorText(http)
                    CkXmlDSig::ckDispose(verifier)
                    CkHttp::ckDispose(http)
                    CkStringBuilder::ckDispose(sbSignedXml)
                    CkStringBuilder::ckDispose(sbRefUri)
                    CkBinData::ckDispose(bd)
                    ProcedureReturn
                EndIf

                success = CkXmlDSig::ckSetRefDataBd(verifier,i,bd)
                If success = 0
                    Debug CkXmlDSig::ckLastErrorText(verifier)
                    CkXmlDSig::ckDispose(verifier)
                    CkHttp::ckDispose(http)
                    CkStringBuilder::ckDispose(sbSignedXml)
                    CkStringBuilder::ckDispose(sbRefUri)
                    CkBinData::ckDispose(bd)
                    ProcedureReturn
                EndIf

            EndIf

        EndIf

        i = i + 1
    Wend

    ; Now that we have the external data, verify the signature..
    bVerified.i = CkXmlDSig::ckVerifySignature(verifier,1)
    If bVerified = 0
        Debug CkXmlDSig::ckLastErrorText(verifier)
    EndIf

    Debug "Signature verified = " + Str(bVerified)


    CkXmlDSig::ckDispose(verifier)
    CkHttp::ckDispose(http)
    CkStringBuilder::ckDispose(sbSignedXml)
    CkStringBuilder::ckDispose(sbRefUri)
    CkBinData::ckDispose(bd)


    ProcedureReturn
EndProcedure