|
Chilkat • HOME • .NET Core C# • Android™ • AutoIt • C • C# • C++ • Chilkat2-Python • CkPython • Classic ASP • DataFlex • Delphi ActiveX • Delphi DLL • Go • Java • Lianja • Mono C# • Node.js • Objective-C • PHP ActiveX • PHP Extension • Perl • PowerBuilder • PowerShell • PureBasic • Ruby • SQL Server • Swift 2 • Swift 3,4,5... • Tcl • Unicode C • Unicode C++ • VB.NET • VBScript • Visual Basic 6.0 • Visual FoxPro • Xojo Plugin
(Tcl) Verify an XML Signature with Multiple ReferencesDemonstrates how to verify an XML digital signature that contains multiple references.
load ./chilkat.dll # This example requires the Chilkat API to have been previously unlocked. # See Global Unlock Sample for sample code. # An example of an enveloping XML signature with mulitple references is available at # https://www.chilkatsoft.com/exampleData/envelopedMultipleRefs.xml # This example will show how to verify the signature and all references, and also how # to verify each reference individually. This is useful to distinguish which part # of the XML signature validation failed. It could be that one or more of the references # failed because of a hash computation mismatch. Or it could be that the signature over # the SignedInfo failed. # First, let's grab the sample XML signature. set http [new_CkHttp] set sbXml [new_CkStringBuilder] set success [CkHttp_QuickGetSb $http "https://www.chilkatsoft.com/exampleData/envelopedMultipleRefs.xml" $sbXml] if {$success != 1} then { puts [CkHttp_lastErrorText $http] delete_CkHttp $http delete_CkStringBuilder $sbXml exit } # Load the XML containing the signature to be verified. set verifier [new_CkXmlDSig] set success [CkXmlDSig_LoadSignatureSb $verifier $sbXml] if {$success != 1} then { puts [CkXmlDSig_lastErrorText $verifier] delete_CkHttp $http delete_CkStringBuilder $sbXml delete_CkXmlDSig $verifier exit } set verifyReferenceDigests 1 # The quick way to validate all references and the signature over the SignedInfo # is to call VerifySignature with verifyReferenceDigests equal to 1. set verified [CkXmlDSig_VerifySignature $verifier $verifyReferenceDigests] puts "Signature and all reference digests verified = $verified" # Let's pretend the call to VerifySignature returned 0. Something did not validate. # Was it one or more of the References that did not hash to the correct value? # Or was it the signature over the SignedInfo that failed? # We can check just the signature over the SignedInfo by passing 0 to VerifySignature. # This allows us to skip the hashing and checking each Reference. set verifyReferenceDigests 0 set signedInfoVerified [CkXmlDSig_VerifySignature $verifier $verifyReferenceDigests] puts "Neglecting the reference hashes, the SignedInfo validation result = $signedInfoVerified" # We can also verify each reference digest separately set numRefs [CkXmlDSig_get_NumReferences $verifier] set i 0 while {$i < $numRefs} { set refDigestVerified [CkXmlDSig_VerifyReferenceDigest $verifier $i] puts "Reference $i digest verified = $refDigestVerified" set i [expr $i + 1] } # For this sample XML signature with 3 References, we get the following output: # Signature and all reference digests verified = True # Neglecting the reference hashes, the SignedInfo validation result = True # Reference 0 digest verified = True # Reference 1 digest verified = True # Reference 2 digest verified = Tru delete_CkHttp $http delete_CkStringBuilder $sbXml delete_CkXmlDSig $verifier |
||||
© 2000-2024 Chilkat Software, Inc. All Rights Reserved.