Community articleUFLVerifyAllSignatures function
Added by IBM contributorIBM on August 16, 2011
Rate this article 1 starsRate this article 2 starsRate this article 3 starsRate this article 4 starsRate this article 5 stars

No abstract provided.


This function verifies the correctness of all digital signatures in a given form whose root node is provided. It finds all items of type signature and calls UFLVerifySignature for each signature. Errors are logged for all non valid signatures.
This function checks the following conditions for each signature:
  • The signature item contains mimedata.
  • The mimedata contains a hash value and signer certificate.
  • The signer certificate contains the same ID as that recorded in the signature item's signer option.
  • The signer certificate has not expired.


   r_short UFLVerifyAllSignatures(
      formNodeP theForm,
      r_short reportAsErrorsFlag,
      r_short *validSigsFlagPtr


Table 1. Function parameters
theForm formNodePThe form containing the signatures to verify.
reportAsErrorsFlagr_shortSet to OK if you want errors about the signatures to be reported using the Error system, or NOTOK if you want the error code to be only returned through the validSigsFlagPtr.
validSigsFlagPtr r_short*A pointer to a location that stores the result of the signature check. It will be set either to OK if all signatures are valid or to NOTOK if at least one signature is not valid.


OK on success or NOTOK on failure.
Additionally, the validSigsFlagPtr will contain one of the following values:
Table 2. return codes
FormNodeP.UFL_SIGS_OKThe signatures are valid.
FormNodeP.UFL_SIGS_NOTOKOne or more signatures are broken.
FormNodeP.UFL_SIGS_UNVERIFIEDOne or more signatures are unverifiable.
FormNodeP.UFL_SIGS_VERIFIEDBUTNOTAUTHENTICATEDThis value will only be returned on items that have an HMAC signature. It means that the data is valid, but the shared secret could not be checked for validity.


In the following example, UFLVerifyAllSignatures determines whether or not all the signatures in the form are valid. If one or more of the digital signatures are not valid, an error message is displayed.
   r_error checkSignatures(formNodeP form)
   r_error error;
   r_short validFlag;
      error = UFLVerifyAllSignatures(form, OK, &validFlag);
      if (error != OK)
         fprintf(stderr, "UFLVerifyAllSignatures error %hd.\n", error);
/* Report an additional error if not all the signatures are valid. */
      if (validFlag != UFL_SIGS_OK)
         fprintf(stderr, "Not all signatures are valid.\n");

Parent topic:
FormNodeP functions