Sample code for 30+ languages & platforms
PureBasic

Verify HMAC XML Digital Signature

See more XML Digital Signatures Examples

Demonstrates how to validate an XML digital signature signed with an HMAC key.

Chilkat PureBasic Downloads

PureBasic
IncludeFile "CkHttp.pb"
IncludeFile "CkStringBuilder.pb"
IncludeFile "CkXmlDSig.pb"

Procedure ChilkatExample()

    success.i = 0

    ; This example requires the Chilkat API to have been previously unlocked.
    ; See Global Unlock Sample for sample code.

    ; The XML containing the Signature to be verified contains the following:

    ; <?xml version="1.0" encoding="UTF-8" standalone="no"?>
    ; <collection Id="root">
    ; 	<album>
    ; 		<title>Questions, unanswered</title>
    ; 		<artist>Steve and the flubberblubs</artist>
    ; 		<year>1989</year>
    ; 		<t:tracks xmlns:t="http://test.xades4j/tracks">
    ; 			<t:song length="4:05" tracknumber="1">
    ; 				<t:title>What do you know?</t:title>
    ; 				<t:artist>Steve and the flubberblubs</t:artist>
    ; 				<t:lastplayed>2006-10-17-08:31</t:lastplayed>
    ; 			</t:song>
    ; 			<t:song length="3:45" tracknumber="2">
    ; 				<t:title>Who do you know?</t:title>
    ; 				<t:artist>Steve and the flubberblubs</t:artist>
    ; 				<t:lastplayed>2006-10-17-08:35</t:lastplayed>
    ; 			</t:song>
    ; 			<t:song length="5:14" tracknumber="3">
    ; 				<t:title>When do you know?</t:title>
    ; 				<t:artist>Steve and the flubberblubs</t:artist>
    ; 				<t:lastplayed>2006-10-17-08:39</t:lastplayed>
    ; 			</t:song>
    ; 			<t:song length="4:19" tracknumber="4">
    ; 				<t:title>Do you know?</t:title>
    ; 				<t:artist>Steve and the flubberblubs</t:artist>
    ; 				<t:lastplayed>2006-10-17-08:44</t:lastplayed>
    ; 			</t:song>
    ; 		</t:tracks>
    ; 	</album>
    ; <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#"><ds:SignedInfo><ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/><ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#hmac-sha256"/><ds:Reference URI="#root"><ds:Transforms><ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/></ds:Transforms><ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/><ds:DigestValue>rD/g8soqKz8EiPUBhEWfcQacS0ta4ULHX3dKMEH6ZoQ=</ds:DigestValue></ds:Reference></ds:SignedInfo><ds:SignatureValue>R8dXP95VRYJBfL6d0Peogybdk27+R+JIfX8jnVu0NOI=</ds:SignatureValue></ds:Signature></collection>

    ; The above XML is available at https://www.chilkatsoft.com/exampleData/hmacSigned.xml
    ; First fetch the XML..

    url.s = "https://www.chilkatsoft.com/exampleData/hmacSigned.xml"
    http.i = CkHttp::ckCreate()
    If http.i = 0
        Debug "Failed to create object."
        ProcedureReturn
    EndIf

    sbXml.i = CkStringBuilder::ckCreate()
    If sbXml.i = 0
        Debug "Failed to create object."
        ProcedureReturn
    EndIf

    success = CkHttp::ckQuickGetSb(http,url,sbXml)
    If success <> 1
        Debug CkHttp::ckLastErrorText(http)
        CkHttp::ckDispose(http)
        CkStringBuilder::ckDispose(sbXml)
        ProcedureReturn
    EndIf

    verifier.i = CkXmlDSig::ckCreate()
    If verifier.i = 0
        Debug "Failed to create object."
        ProcedureReturn
    EndIf

    ; Load the XML containing the signature to be verified.
    success = CkXmlDSig::ckLoadSignatureSb(verifier,sbXml)
    If success <> 1
        Debug CkXmlDSig::ckLastErrorText(verifier)
        CkHttp::ckDispose(http)
        CkStringBuilder::ckDispose(sbXml)
        CkXmlDSig::ckDispose(verifier)
        ProcedureReturn
    EndIf

    ; Provide the HMAC key
    ; The HMAC key for this signature is the us-ascii bytes of the string "secret",
    ; It can be set in any of the following ways (and also more ways not shown here..)
    CkXmlDSig::ckSetHmacKey(verifier,"secret","ascii")
    ; or
    CkXmlDSig::ckSetHmacKey(verifier,"c2VjcmV0","base64")
    ; or
    CkXmlDSig::ckSetHmacKey(verifier,"736563726574","hex")

    ; Verify the signature
    bVerified.i = CkXmlDSig::ckVerifySignature(verifier,1)
    Debug "Signature verified = " + Str(bVerified)


    CkHttp::ckDispose(http)
    CkStringBuilder::ckDispose(sbXml)
    CkXmlDSig::ckDispose(verifier)


    ProcedureReturn
EndProcedure