|theObject ||formNodeP||The node that represents the signature item.|
|hashedSecret||r_byte*||The hash of the shared secret that identifies the user. This should be available from a corporate database or other system.
If there is more than one shared secret, you must concatenate the strings with no separating characters and then hash the combined secret. For example, if the secrets were "blue" and "red", you would pass the hash of "bluered" to the function.
If there is no shared secret, pass an empty string.
You must encode the byte array as follows:
Authenticated Clickwrap (HMAC) UTF-8
Signature Pad UTF-16LE
The method for doing this depends on the C library you are using to interface with the API.|
|secretSize ||r_long||The size of the hashed secret, measured in bytes.|
|theCertificate||Certificate*||The server certificate.
If you pass NULL, the function will verify the HMAC signature but will not sign it.
If you pass in a certificate and if the HMAC signature is valid, the function will use the private key of the certificate to digitally sign the HMAC signature. This signature is appended to the signature item, and can be verified using UFLVerifySignature.
|theStatus||SecurityUserStatusType*||This is a status flag that reports whether the operation was successful. Possible values are:
SUSTATUS_OK — the operation was successful.
SUSTATUS_CANCELLED — the operation was cancelled by the user.
SUSTATUS_INPUT_REQUIRED — the operation required user input, but could not receive it (for example, it was run on a server with no user).|
|validateStatus ||r_short*||A constant that indicates whether the HMAC signature is valid. See the Returns section for a complete list.|
r_error checkSignature(formNodeP theSignatureNode, Certificate *theServerCert,
if ((error = UFLGetSignature(theSignatureNode, &theSignatureObject))
fprintf(stderr, "UFLGetSignature error %ld.\n", error);
if ((error = Signature_GetDataByPath(theSignatureObject,
"SigningCert: Subject: CN", NOTOK, &encodedData,
&signerCommonName)) != OK)
fprintf(stderr, "Signature_GetDataByPath error %ld./n", error);
/* Include external code that matches the signer's identity to a hashed
shared secret, sets *hashedSecret to match, and sets secretSize to
the size of the hashed secret. This is most likely a database
if ((error = UFLValidateHMACWithHashedSecret(theSignatureNode,
hashedSecret, secretSize, theServerCert, &theStatus, validation))
fprintf(stderr, "UFLValidateHMACWithHashedSecret error %ld.\n",
/* Check the status in case the process required user input. */
if (theStatus != SUSTATUS_OK)
fprintf(stderr, "User input required to sign form./n");
/* Release the reference to the signature object. */