Community articleUFLVerifyAllSignatures function
Added by IBM contributorIBM on July 26, 2013
Rate this article 1 starsRate this article 2 starsRate this article 3 starsRate this article 4 starsRate this article 5 stars

Description

This function verifies the correctness of all digital signatures in a given form whose root node is provided. It finds all items of type signature and calls UFLVerifySignature for each signature. Errors are logged for all non valid signatures.
This function checks the following conditions for each signature:
  • The signature item contains mimedata.
  • The mimedata contains a hash value and signer certificate.
  • The signer certificate contains the same ID as that recorded in the signature item's signer option.
  • The signer certificate has not expired.

Function

   r_short UFLVerifyAllSignatures(
      formNodeP theForm,
      r_short reportAsErrorsFlag,
      r_short *validSigsFlagPtr
   );


Parameters

Table 1. Function parameters
ExpressionTypeDescription
theForm formNodePThe form containing the signatures to verify.
reportAsErrorsFlagr_shortSet to OK if you want errors about the signatures to be reported using the Error system, or NOTOK if you want the error code to be only returned through the validSigsFlagPtr.
validSigsFlagPtr r_short*A pointer to a location that stores the result of the signature check. It will be set either to OK if all signatures are valid or to NOTOK if at least one signature is not valid.


Returns

OK on success or NOTOK on failure.
Additionally, the validSigsFlagPtr will contain one of the following values:
Table 2. return codes
CodeStatus
FormNodeP.UFL_SIGS_OKThe signatures are valid.
FormNodeP.UFL_SIGS_NOTOKOne or more signatures are broken.
FormNodeP.UFL_SIGS_UNVERIFIEDOne or more signatures are unverifiable.
FormNodeP.UFL_SIGS_VERIFIEDBUTNOTAUTHENTICATEDThis value will only be returned on items that have an HMAC signature. It means that the data is valid, but the shared secret could not be checked for validity.


Example

In the following example, UFLVerifyAllSignatures determines whether or not all the signatures in the form are valid. If one or more of the digital signatures are not valid, an error message is displayed.
   r_error checkSignatures(formNodeP form)
   {
   r_error error;
   r_short validFlag;
 
      error = UFLVerifyAllSignatures(form, OK, &validFlag);
      if (error != OK)
      {
         fprintf(stderr, "UFLVerifyAllSignatures error %hd.\n", error);
         return(NOTOK);
      }
 
/* Report an additional error if not all the signatures are valid. */
 
      if (validFlag != UFL_SIGS_OK)
      {
         fprintf(stderr, "Not all signatures are valid.\n");
      }
      return(OK);
   }


Parent topic:
FormNodeP functions