XmlDSig Delphi DLL Reference Documentation
XmlDSig
Current Version: 10.0.0
An API for validating XML Digital Signatures. Use the XmlDSigGen class for creating XML Digital Signatures.
Create/Dispose
var myObject: HCkXmlDSig; begin myObject := CkXmlDSig_Create(); // ... CkXmlDSig_Dispose(myObject); end;
Creates an instance of the HCkXmlDSig object and returns a handle (i.e. a Pointer). The handle is passed in the 1st argument for the functions listed on this page.
Objects created by calling CkXmlDSig_Create must be freed by calling this method. A memory leak occurs if a handle is not disposed by calling this function.
Properties
DebugLogFilePath
procedure CkXmlDSig_putDebugLogFilePath(objHandle: HCkXmlDSig; newPropVal: PWideChar); stdcall;
function CkXmlDSig__debugLogFilePath(objHandle: HCkXmlDSig): PWideChar; stdcall;
If set to a file path, causes each Chilkat method or property call to automatically append it's LastErrorText to the specified log file. The information is appended such that if a hang or crash occurs, it is possible to see the context in which the problem occurred, as well as a history of all Chilkat calls up to the point of the problem. The VerboseLogging property can be set to provide more detailed information.
This property is typically used for debugging the rare cases where a Chilkat method call hangs or generates an exception that halts program execution (i.e. crashes). A hang or crash should generally never happen. The typical causes of a hang are:
- a timeout related property was set to 0 to explicitly indicate that an infinite timeout is desired,
- the hang is actually a hang within an event callback (i.e. it is a hang within the application code), or
- there is an internal problem (bug) in the Chilkat code that causes the hang.
See the notes about PWideChar memory ownership and validity.
ExternalRefDirs
procedure CkXmlDSig_putExternalRefDirs(objHandle: HCkXmlDSig; newPropVal: PWideChar); stdcall;
function CkXmlDSig__externalRefDirs(objHandle: HCkXmlDSig): PWideChar; stdcall;
May contain a set of directory paths specifying where referenced external files are located. Directory paths should be separated using a semicolon character. The default value of this property is the empty string which means no directories are automatically searched.
This property can be used if the external file referenced in the XML signature has the same filename as the file in the local filesystem.
See the notes about PWideChar memory ownership and validity.
IgnoreExternalRefs
procedure CkXmlDSig_putIgnoreExternalRefs(objHandle: HCkXmlDSig; newPropVal: wordbool); stdcall;
If True, then ignore failures caused by external references not being available. This allows for the XML signature to be at least partially validated if the external referenced files are not available. The default value of this property is False.
topLastErrorHtml
function CkXmlDSig__lastErrorHtml(objHandle: HCkXmlDSig): PWideChar; stdcall;
Provides information in HTML format about the last method/property called. If a method call returns a value indicating failure, or behaves unexpectedly, examine this property to get more information.
See the notes about PWideChar memory ownership and validity.
topLastErrorText
function CkXmlDSig__lastErrorText(objHandle: HCkXmlDSig): PWideChar; stdcall;
Provides information in plain-text format about the last method/property called. If a method call returns a value indicating failure, or behaves unexpectedly, examine this property to get more information.
See the notes about PWideChar memory ownership and validity.
LastErrorXml
function CkXmlDSig__lastErrorXml(objHandle: HCkXmlDSig): PWideChar; stdcall;
Provides information in XML format about the last method/property called. If a method call returns a value indicating failure, or behaves unexpectedly, examine this property to get more information.
See the notes about PWideChar memory ownership and validity.
topLastMethodSuccess
procedure CkXmlDSig_putLastMethodSuccess(objHandle: HCkXmlDSig; newPropVal: wordbool); stdcall;
Indicate whether the last method call succeeded or failed. A value of True indicates success, a value of False indicates failure. This property is automatically set for method calls. It is not modified by property accesses. The property is automatically set to indicate success for the following types of method calls:
- Any method that returns a string.
- Any method returning a Chilkat object, binary bytes, or a date/time.
- Any method returning a standard boolean status value where success = True and failure = False.
- Any method returning an integer where failure is defined by a return value less than zero.
Note: Methods that do not fit the above requirements will always set this property equal to True. For example, a method that returns no value (such as a "void" in C++) will technically always succeed.
topNumReferences
The number of data objects referenced in the XML digital signature. A data object may be self-contained within the loaded XML signature, or it may be an external URI reference. An application can check each reference to see if it's external by calling IsReferenceExternal, and can get each reference URI by calling ReferenceUri.
NumSignatures
The number of digital signatures found within the loaded XML. Each digital signature is composed of XML having the following structure:
<Signature ID?> <SignedInfo> <CanonicalizationMethod/> <SignatureMethod/> (<Reference URI? > (<Transforms>)? <DigestMethod> <DigestValue> </Reference>)+ </SignedInfo> <SignatureValue> (<KeyInfo>)? (<Object ID?>)* </Signature>Note: The "Signature" and other XML tags may be namespace prefixed.
The Selector property is used to select which XML signature is in effect when validating or calling other methods or properties.
RefFailReason
Indicates the failure reason for the last call to VerifyReferenceDigest. Possible values are:
- 0: No failure, the reference digest was valid.
- 1: The computed digest differs from the digest stored in the XML.
- 2: An external file is referenced, but it is unavailable for computing the digest.
- 3: The index argument passed to VerifyReferenceDigest was out of range.
- 4: Unable to find the Signature.
- 5: A transformation specified some sort of XML canonicalization that is not supported.
- 99: Unknown. (Should never get this value.)
Selector
procedure CkXmlDSig_putSelector(objHandle: HCkXmlDSig; newPropVal: Integer); stdcall;
If the loaded XML contains multiple signatures, this property can be set to specify which signature is in effect when calling other methods or properties. In most cases, the loaded XML contains a single signature and this property will remain at the default value of 0.
UncommonOptions
procedure CkXmlDSig_putUncommonOptions(objHandle: HCkXmlDSig; newPropVal: PWideChar); stdcall;
function CkXmlDSig__uncommonOptions(objHandle: HCkXmlDSig): PWideChar; stdcall;
This is a catch-all property to be used for uncommon needs. This property defaults to the empty string, and should typically remain empty.
See the notes about PWideChar memory ownership and validity.
topVerboseLogging
procedure CkXmlDSig_putVerboseLogging(objHandle: HCkXmlDSig; newPropVal: wordbool); stdcall;
If set to True, then the contents of LastErrorText (or LastErrorXml, or LastErrorHtml) may contain more verbose information. The default value is False. Verbose logging should only be used for debugging. The potentially large quantity of logged information may adversely affect peformance.
topVersion
function CkXmlDSig__version(objHandle: HCkXmlDSig): PWideChar; stdcall;
Version of the component/library, such as "9.5.0.94"
See the notes about PWideChar memory ownership and validity.
Methods
AddEncapsulatedTimeStamp
json: HCkJsonObject;
sbOut: HCkStringBuilder): wordbool; stdcall;
Adds an EncapsulatedTimeStamp to the signature indicated by the Selector property. The updated signed XML with the added EncapsulatedTimeStamp is returned in sbOut. See the example below for details.
Returns True for success, False for failure.
CanonicalizeFragment
xml: PWideChar;
fragmentId: PWideChar;
version: PWideChar;
prefixList: PWideChar;
withComments: wordbool;
outStr: HCkString): wordbool; stdcall;
function CkXmlDSig__canonicalizeFragment(objHandle: HCkXmlDSig;
xml: PWideChar;
fragmentId: PWideChar;
version: PWideChar;
prefixList: PWideChar;
withComments: wordbool): PWideChar; stdcall;
Applies XML canonicalization to a fragment of the passed-in XML, and returns the canonicalized XML string. The fragmentId identifies the XML element where output begins. It is the XML element having an "id" attribute equal to fragmentId. The version may be one of the following:
- "C14N" -- for Inclusive Canonical XML
- "EXCL_C14N" -- for Exclusive Canonical XML
The prefixList only applies when the version is set to "EXCL_C14N". The prefixList may be an empty string, or a SPACE separated list of namespace prefixes. It is the InclusiveNamespaces PrefixList, which is the list of namespaces that are propagated from ancestor elements for canonicalization purposes.
If withComments is True, then XML comments are included in the output. If withComments is False, then XML comments are excluded from the output.
Returns True for success, False for failure.
See the notes about PWideChar memory ownership and validity.
CanonicalizeXml
xml: PWideChar;
version: PWideChar;
withComments: wordbool;
outStr: HCkString): wordbool; stdcall;
function CkXmlDSig__canonicalizeXml(objHandle: HCkXmlDSig;
xml: PWideChar;
version: PWideChar;
withComments: wordbool): PWideChar; stdcall;
Applies XML canonicalization to the passed-in XML, and returns the canonicalized XML string. The version may be one of the following:
- "C14N" -- for Inclusive Canonical XML
- "EXCL_C14N" -- for Exclusive Canonical XML
If withComments is True, then XML comments are included in the output. If withComments is False, then XML comments are excluded from the output.
Returns True for success, False for failure.
See the notes about PWideChar memory ownership and validity.
GetCerts
Returns the certificates found in the signature indicated by the Selector property. The base64 representation of each certificate is returned.
Returns True for success, False for failure.
GetKeyInfo
Returns the KeyInfo XML for the signature indicated by the Selector property. Returns nil if no KeyInfo exists.
Returns nil on failure
GetPublicKey
Returns the public key from the KeyInfo XML for the signature indicated by the Selector property. Returns nil if no KeyInfo exists, or if no public key is actually contained in the KeyInfo.
Returns nil on failure
topHasEncapsulatedTimeStamp
Returns True if the signature indicated by the Selector property contains an EncapsulatedTimeStamp. Otherwise returns False.
IsReferenceExternal
index: Integer): wordbool; stdcall;
Returns True if the reference at index is external. Each external reference would first need to be provided by the application prior to validating the signature.
LoadSignature
xmlSig: PWideChar): wordbool; stdcall;
Loads an XML document containing 1 or more XML digital signatures. An application would first load XML containing digital signature(s), then validate. After loading, it is also possible to use various methods and properties to get information about the signature, such as the key info, references, etc. If external data is referenced by the signature, it may be necessary to provide the referenced data prior to validating.
Note: When loading an XML document, the Selector property is automatically reset to 0, and the NumSignatures property is set to the number of XML digital signatures found.
Returns True for success, False for failure.
topLoadSignatureBd
Loads an XML document containing one or more XML digital signatures from the contents of a BinData object. An application would first load the XML, then validate. After loading, it is also possible to use various methods and properties to get information about the signature, such as the key info, references, etc. If external data is referenced by the signature, it may be necessary to provide the referenced data prior to validating.
Note: When loading an XML document, the Selector property is automatically reset to 0, and the NumSignatures property is set to the number of XML digital signatures found.
Returns True for success, False for failure.
LoadSignatureSb
sbXmlSig: HCkStringBuilder): wordbool; stdcall;
Loads an XML document containing one or more XML digital signatures from the contents of a StringBuilder object. An application would first load the XML, then validate. After loading, it is also possible to use various methods and properties to get information about the signature, such as the key info, references, etc. If external data is referenced by the signature, it may be necessary to provide the referenced data prior to validating.
Note: When loading an XML document, the Selector property is automatically reset to 0, and the NumSignatures property is set to the number of XML digital signatures found.
Returns True for success, False for failure.
ReferenceUri
index: Integer;
outStr: HCkString): wordbool; stdcall;
function CkXmlDSig__referenceUri(objHandle: HCkXmlDSig;
index: Integer): PWideChar; stdcall;
Returns the URI of the Nth reference specified by index. (The 1st reference is at index 0.) URI's beginning with a pound sign ('#') are internal references.
Returns True for success, False for failure.
See the notes about PWideChar memory ownership and validity.
SetHmacKey
key: PWideChar;
encoding: PWideChar): wordbool; stdcall;
Sets the HMAC key to be used if the Signature used an HMAC signing algorithm. The encoding specifies the encoding of key, and can be "hex", "base64", "ascii", or any of the binary encodings supported by Chilkat in the link below.
Returns True for success, False for failure.
SetHttpObj
Sets the HTTP object to be used to communicate with OCSP responders, CRL distribution points, or timestamp authority (TSA) servers if needed. The http is used to send the requests, and it allows for connection related settings and timeouts to be set. For example, if HTTP or SOCKS proxies are required, these features can be specified on the http.
topSetPublicKey
Sets the public key to be used for verifying the signature indicated by the Selector property. A public key only needs to be explicitly provided by the application for those XML signatures where the public key is not already available within the KeyInfo of the Signature. In some cases, the KeyInfo within the Signature contains information about what public key was used for signing. The application can use this information to retrieve the matching public key and provide it via this method.
Returns True for success, False for failure.
SetRefDataBd
index: Integer;
binData: HCkBinData): wordbool; stdcall;
SetRefDataFile
index: Integer;
path: PWideChar): wordbool; stdcall;
Provides the data for the external reference at index. When validating the signature, the data contained in path will be streamed to compute the digest for validation.
topSetRefDataSb
index: Integer;
sb: HCkStringBuilder;
charset: PWideChar): wordbool; stdcall;
Provides the text data for the external reference at index. The charset specifies the byte representation of the text, such as "utf-8", "utf-16", "windows-1252", etc. (If in doubt, try utf-8 first.)
UseCertVault
certVault: HCkXmlCertVault): wordbool; stdcall;
Adds an XML certificate vault to the object's internal list of sources to be searched for certificates having public keys when verifying an XML signature. A single XML certificate vault may be used. If UseCertVault is called multiple times, only the last certificate vault will be used, as each call to UseCertVault will replace the certificate vault provided in previous calls.
Returns True for success, False for failure.
VerifyReferenceDigest
index: Integer): wordbool; stdcall;
This method allows for an application to verify the digest for each reference separately. This can be helpful if the full XMLDSIG validation fails, then one can test each referenced data's digest to see which, if any, fail to match.
VerifySignature
verifyReferenceDigests: wordbool): wordbool; stdcall;
Verifies the signature indicated by the Selector property. If verifyReferenceDigests is True, then the digest of each Reference within the signature's SignedInfo is also validated.
Returns True for success, False for failure.