VerifySignature Method
Verifies signed XML.
Syntax
ANSI (Cross Platform) int VerifySignature(); Unicode (Windows) INT VerifySignature();
- (void)verifySignature;
#define MID_XMLSIG_VERIFYSIGNATURE 8 IPWORKSENCRYPT_EXTERNAL int IPWORKSENCRYPT_CALL IPWorksEncrypt_XMLSig_Do(void *lpObj, int methid, int cparam, void *param[], int cbparam[], int64 *lpllVal);
Remarks
This method verifies signatures contained in the XML.
When VerifySignature is called, the class will scan the XML document and fire the SignatureInfo event for each signature that is found. When the SignatureInfo event fires the Reference* properties will be populated.
Within the SignatureInfo event the ReferenceXMLElement property must be set to the location of the XML element to which the signature applies. The ReferenceURI property may contain data helpful to locating the XML element.
The ReferenceXMLElement property specifies the XPath to the element. For instance:
| /root/myElement | XPath syntax |
| /root/[1] | XPath syntax using an index |
| /root/ns:myElement | XPath syntax where the element has a namespace |
| myElement | Just the element name |
| @id=myid | Attribute selector: This will select an element with an attribute "id" whose value is "myid". |
| /root/myElement[1]/ns:name2[@attr=attrValue] | XPath syntax using an index and attribute selector |
The signature is verified either using a key parsed from the signed XML, or using the certificate specified by the SignerCert* properties. The class will automatically parse the signer certificate (if present) from the signed XML and populate the SignerCert* properties with the parsed value.
When SignatureInfo fires, if the SignerCertParsed parameter is True the SignerCert* properties may be inspected to see the details of the parsed certificate. If SignerCertParsed is False, then the SignerCert* properties must be set to a valid certificate for signature verification to proceed.
When the SignatureInfo event finishes firing, the certificate present in the SignerCert* properties will be used to verify the signature, whether this is the certificate automatically parsed by the class or a different certificate specified within the event.
If the signature was successfully verified the method will return without error. If the signature was not verified the method fails with an error.
Error Handling (C++)
This method returns a result code; 0 indicates success, while a non-zero error code indicates that this method encountered an error during its execution. If an error occurs, the GetLastError() method can be called to retrieve the associated error message. (Note: This method's result code can also be obtained by calling the GetLastErrorCode() method after it returns.)