Sample code for 30+ languages & platforms
VBScript

Verify XML Signature with External URL References

See more XML Digital Signatures Examples

Demonstrates how to verify an XML digital signature that includes references to URLs where the data to be digested is on a web server.

Chilkat VBScript Downloads

VBScript
Dim fso, outFile
Set fso = CreateObject("Scripting.FileSystemObject")
'Create a Unicode (utf-16) output text file.
Set outFile = fso.CreateTextFile("output.txt", True, True)

success = 0

' This example requires the Chilkat API to have been previously unlocked.
' See Global Unlock Sample for sample code.

' The signed XML we wish to verify contains external references such as this:

'     <ds:Reference Id="xmldsig-e7ae7ce2-9133-4d56-bd97-0a6aef738cc2-ref0" URI="https://www.chilkatsoft.com/images/starfish.jpg">
'       <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
'       <ds:DigestValue>AOU810yJV5Np/DnO29qpObqiTSTTCDvxGsX5ayiTYXI=</ds:DigestValue>
'     </ds:Reference>
'     <ds:Reference Id="xmldsig-e7ae7ce2-9133-4d56-bd97-0a6aef738cc2-ref1" URI="https://www.chilkatsoft.com/hamlet.xml">
'       <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
'       <ds:DigestValue>4sRRyWOzC7EOic4fQ9+Op1pa10DbgoBGjBvkq09LZmE=</ds:DigestValue>
'     </ds:Reference>

set verifier = CreateObject("Chilkat.XmlDSig")
set http = CreateObject("Chilkat.Http")

' First load the signed XML
set sbSignedXml = CreateObject("Chilkat.StringBuilder")
success = sbSignedXml.LoadFile("qa_data/xml_dsig_verify/signedWithExternalUrlRefs.xml","utf-8")
If (success = 0) Then
    outFile.WriteLine("Failed to load signed XML.")
    WScript.Quit
End If

success = verifier.LoadSignatureSb(sbSignedXml)
If (success = 0) Then
    outFile.WriteLine(verifier.LastErrorText)
    WScript.Quit
End If

' Iterate over each reference.  If it is an external URL reference, download the data and provide it to the verifier.
set sbRefUri = CreateObject("Chilkat.StringBuilder")
set bd = CreateObject("Chilkat.BinData")
numRefs = verifier.NumReferences
i = 0
Do While i < numRefs
    If (verifier.IsReferenceExternal(i) = 1) Then
        sbRefUri.Clear 
        success = sbRefUri.Append(verifier.ReferenceUri(i))
        If (sbRefUri.StartsWith("https://",0) = 1) Then
            outFile.WriteLine("External URL Reference: " & sbRefUri.GetAsString())

            ' Download the data at the URL and provide to the verifier.
            success = http.DownloadBd(sbRefUri.GetAsString(),bd)
            If (success = 0) Then
                outFile.WriteLine(http.LastErrorText)
                WScript.Quit
            End If

            success = verifier.SetRefDataBd(i,bd)
            If (success = 0) Then
                outFile.WriteLine(verifier.LastErrorText)
                WScript.Quit
            End If

        End If

    End If

    i = i + 1
Loop

' Now that we have the external data, verify the signature..
bVerified = verifier.VerifySignature(1)
If (bVerified = 0) Then
    outFile.WriteLine(verifier.LastErrorText)
End If

outFile.WriteLine("Signature verified = " & bVerified)

outFile.Close