Sample code for 30+ languages & platforms
Unicode C

Verify HMAC XML Digital Signature

See more XML Digital Signatures Examples

Demonstrates how to validate an XML digital signature signed with an HMAC key.

Chilkat Unicode C Downloads

Unicode C
#include <C_CkHttpW.h>
#include <C_CkStringBuilderW.h>
#include <C_CkXmlDSigW.h>

void ChilkatSample(void)
    {
    BOOL success;
    const wchar_t *url;
    HCkHttpW http;
    HCkStringBuilderW sbXml;
    HCkXmlDSigW verifier;
    BOOL bVerified;

    success = FALSE;

    // This example requires the Chilkat API to have been previously unlocked.
    // See Global Unlock Sample for sample code.

    // The XML containing the Signature to be verified contains the following:

    // <?xml version="1.0" encoding="UTF-8" standalone="no"?>
    // <collection Id="root">
    // 	<album>
    // 		<title>Questions, unanswered</title>
    // 		<artist>Steve and the flubberblubs</artist>
    // 		<year>1989</year>
    // 		<t:tracks xmlns:t="http://test.xades4j/tracks">
    // 			<t:song length="4:05" tracknumber="1">
    // 				<t:title>What do you know?</t:title>
    // 				<t:artist>Steve and the flubberblubs</t:artist>
    // 				<t:lastplayed>2006-10-17-08:31</t:lastplayed>
    // 			</t:song>
    // 			<t:song length="3:45" tracknumber="2">
    // 				<t:title>Who do you know?</t:title>
    // 				<t:artist>Steve and the flubberblubs</t:artist>
    // 				<t:lastplayed>2006-10-17-08:35</t:lastplayed>
    // 			</t:song>
    // 			<t:song length="5:14" tracknumber="3">
    // 				<t:title>When do you know?</t:title>
    // 				<t:artist>Steve and the flubberblubs</t:artist>
    // 				<t:lastplayed>2006-10-17-08:39</t:lastplayed>
    // 			</t:song>
    // 			<t:song length="4:19" tracknumber="4">
    // 				<t:title>Do you know?</t:title>
    // 				<t:artist>Steve and the flubberblubs</t:artist>
    // 				<t:lastplayed>2006-10-17-08:44</t:lastplayed>
    // 			</t:song>
    // 		</t:tracks>
    // 	</album>
    // <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#"><ds:SignedInfo><ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/><ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#hmac-sha256"/><ds:Reference URI="#root"><ds:Transforms><ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/></ds:Transforms><ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/><ds:DigestValue>rD/g8soqKz8EiPUBhEWfcQacS0ta4ULHX3dKMEH6ZoQ=</ds:DigestValue></ds:Reference></ds:SignedInfo><ds:SignatureValue>R8dXP95VRYJBfL6d0Peogybdk27+R+JIfX8jnVu0NOI=</ds:SignatureValue></ds:Signature></collection>

    // The above XML is available at https://www.chilkatsoft.com/exampleData/hmacSigned.xml
    // First fetch the XML..

    url = L"https://www.chilkatsoft.com/exampleData/hmacSigned.xml";
    http = CkHttpW_Create();
    sbXml = CkStringBuilderW_Create();
    success = CkHttpW_QuickGetSb(http,url,sbXml);
    if (success != TRUE) {
        wprintf(L"%s\n",CkHttpW_lastErrorText(http));
        CkHttpW_Dispose(http);
        CkStringBuilderW_Dispose(sbXml);
        return;
    }

    verifier = CkXmlDSigW_Create();

    // Load the XML containing the signature to be verified.
    success = CkXmlDSigW_LoadSignatureSb(verifier,sbXml);
    if (success != TRUE) {
        wprintf(L"%s\n",CkXmlDSigW_lastErrorText(verifier));
        CkHttpW_Dispose(http);
        CkStringBuilderW_Dispose(sbXml);
        CkXmlDSigW_Dispose(verifier);
        return;
    }

    // Provide the HMAC key
    // The HMAC key for this signature is the us-ascii bytes of the string "secret",
    // It can be set in any of the following ways (and also more ways not shown here..)
    CkXmlDSigW_SetHmacKey(verifier,L"secret",L"ascii");
    // or
    CkXmlDSigW_SetHmacKey(verifier,L"c2VjcmV0",L"base64");
    // or
    CkXmlDSigW_SetHmacKey(verifier,L"736563726574",L"hex");

    // Verify the signature
    bVerified = CkXmlDSigW_VerifySignature(verifier,TRUE);
    wprintf(L"Signature verified = %d\n",bVerified);


    CkHttpW_Dispose(http);
    CkStringBuilderW_Dispose(sbXml);
    CkXmlDSigW_Dispose(verifier);

    }