![]() |
Chilkat HOME Android™ AutoIt C C# C++ Chilkat2-Python CkPython Classic ASP DataFlex Delphi DLL Go Java Node.js Objective-C PHP Extension Perl PowerBuilder PowerShell PureBasic Ruby SQL Server Swift Tcl Unicode C Unicode C++ VB.NET VBScript Visual Basic 6.0 Visual FoxPro Xojo Plugin
(Unicode C) Belgium eHealth Platform - checkAccessControlSee more Belgian eHealth Platform ExamplesDemonstrates the checkAccessControl operation of PlatformIntegrationConsumerTest, which requires an X.509 certificate and signature. This tests the validity of your certificate and signature.Note: This example requires Chilkat v11.0.0 or greater. For more information, see https://www.ehealth.fgov.be/ehealthplatform/nl/beveiliging-van-webservices#1
#include <C_CkCertW.h> #include <C_CkXmlW.h> #include <C_CkBinDataW.h> #include <C_CkDateTimeW.h> #include <C_CkXmlDSigGenW.h> #include <C_CkStringBuilderW.h> #include <C_CkHttpW.h> #include <C_CkHttpResponseW.h> void ChilkatSample(void) { BOOL success; HCkCertW cert; HCkXmlW xmlToSign; HCkBinDataW bdCert; HCkDateTimeW dt; HCkXmlDSigGenW gen; HCkXmlW xmlCustomKeyInfo; HCkStringBuilderW sbXml; HCkHttpW http; HCkHttpResponseW resp; success = FALSE; // This example assumes the Chilkat API to have been previously unlocked. // See Global Unlock Sample for sample code. // Provide a certificate + private key. // Note: If your certificate + private key is located on a hardware token or smartcard, you can call a different function to load from smartcard.. cert = CkCertW_Create(); success = CkCertW_LoadPfxFile(cert,L"SSIN=12345678.acc.p12",L"p12_password"); if (success == FALSE) { wprintf(L"%s\n",CkCertW_lastErrorText(cert)); CkCertW_Dispose(cert); return; } // Create the XML to be signed... xmlToSign = CkXmlW_Create(); CkXmlW_putTag(xmlToSign,L"soapenv:Envelope"); CkXmlW_AddAttribute(xmlToSign,L"xmlns:soapenv",L"http://schemas.xmlsoap.org/soap/envelope/"); CkXmlW_AddAttribute(xmlToSign,L"xmlns:urn",L"urn:be:fgov:ehealth:platformintegrationconsumertest:v1"); CkXmlW_AddAttribute(xmlToSign,L"xmlns:urn1",L"urn:be:fgov:ehealth:platformintegrationconsumertest:types:v1"); CkXmlW_UpdateAttrAt(xmlToSign,L"soapenv:Header|wsse:Security",TRUE,L"xmlns:wsse",L"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"); CkXmlW_UpdateAttrAt(xmlToSign,L"soapenv:Header|wsse:Security",TRUE,L"xmlns:wsu",L"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"); CkXmlW_UpdateAttrAt(xmlToSign,L"soapenv:Header|wsse:Security|wsse:BinarySecurityToken",TRUE,L"EncodingType",L"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary"); CkXmlW_UpdateAttrAt(xmlToSign,L"soapenv:Header|wsse:Security|wsse:BinarySecurityToken",TRUE,L"ValueType",L"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"); CkXmlW_UpdateAttrAt(xmlToSign,L"soapenv:Header|wsse:Security|wsse:BinarySecurityToken",TRUE,L"wsu:Id",L"X509-FC77E2C72083DA8E0F16711753508182856"); // --------------------------------------------------------------------------------------------------------------- // A note about the Id's, such as X509-FC77E2C72083DA8E0F16711753508182856, TS-FC77E2C72083DA8E0F16711753508042855, etc. // These Id's simply need to be unique within the XML document. You don't need to generate new Id's every time. // You can use the same Id's in each XML document that is submitted. The purpose of each Id is to // match the XMLDsig Reference to the element in XML being referenced. // In other words, you could use the Id's "mickey_mouse", "donald_duck", and "goofy", and it would work perfectly OK, // as long as no other XML elements also use the Id's "mickey_mouse", "donald_duck", or "goofy" // --------------------------------------------------------------------------------------------------------------- bdCert = CkBinDataW_Create(); CkCertW_ExportCertDerBd(cert,bdCert); CkXmlW_UpdateChildContent(xmlToSign,L"soapenv:Header|wsse:Security|wsse:BinarySecurityToken",CkBinDataW_getEncoded(bdCert,L"base64")); CkXmlW_UpdateAttrAt(xmlToSign,L"soapenv:Header|wsse:Security|wsu:Timestamp",TRUE,L"wsu:Id",L"TS-FC77E2C72083DA8E0F16711753508042855"); dt = CkDateTimeW_Create(); CkDateTimeW_SetFromCurrentSystemTime(dt); CkXmlW_UpdateChildContent(xmlToSign,L"soapenv:Header|wsse:Security|wsu:Timestamp|wsu:Created",CkDateTimeW_getAsTimestamp(dt,FALSE)); CkDateTimeW_AddSeconds(dt,3600); CkXmlW_UpdateChildContent(xmlToSign,L"soapenv:Header|wsse:Security|wsu:Timestamp|wsu:Expires",CkDateTimeW_getAsTimestamp(dt,FALSE)); CkDateTimeW_AddSeconds(dt,-3600); CkXmlW_UpdateAttrAt(xmlToSign,L"soapenv:Body",TRUE,L"wsu:Id",L"id-FC77E2C72083DA8E0F16711753508182859"); CkXmlW_UpdateAttrAt(xmlToSign,L"soapenv:Body",TRUE,L"xmlns:wsu",L"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"); CkXmlW_UpdateChildContent(xmlToSign,L"soapenv:Body|urn:CheckAccessControlRequest|urn1:Message",L"Hello World"); // Create a timestamp with the current date/time in the following format: 2014-12-30T15:29:03.157+01:00 CkXmlW_UpdateChildContent(xmlToSign,L"soapenv:Body|urn:CheckAccessControlRequest|urn1:Timestamp",CkDateTimeW_getAsTimestamp(dt,TRUE)); gen = CkXmlDSigGenW_Create(); CkXmlDSigGenW_putSigLocation(gen,L"soapenv:Envelope|soapenv:Header|wsse:Security|wsse:BinarySecurityToken"); CkXmlDSigGenW_putSigLocationMod(gen,1); CkXmlDSigGenW_putSigId(gen,L"SIG-FC77E2C72083DA8E0F16711753508252860"); CkXmlDSigGenW_putSigNamespacePrefix(gen,L"ds"); CkXmlDSigGenW_putSigNamespaceUri(gen,L"http://www.w3.org/2000/09/xmldsig#"); CkXmlDSigGenW_putSignedInfoPrefixList(gen,L"soapenv urn urn1"); CkXmlDSigGenW_putIncNamespacePrefix(gen,L"ec"); CkXmlDSigGenW_putIncNamespaceUri(gen,L"http://www.w3.org/2001/10/xml-exc-c14n#"); CkXmlDSigGenW_putSignedInfoCanonAlg(gen,L"EXCL_C14N"); CkXmlDSigGenW_putSignedInfoDigestMethod(gen,L"sha256"); // Set the KeyInfoId before adding references.. CkXmlDSigGenW_putKeyInfoId(gen,L"KI-FC77E2C72083DA8E0F16711753508182857"); // -------- Reference 1 -------- CkXmlDSigGenW_AddSameDocRef(gen,L"TS-FC77E2C72083DA8E0F16711753508042855",L"sha256",L"EXCL_C14N",L"wsse soapenv urn urn1",L""); // -------- Reference 2 -------- CkXmlDSigGenW_AddSameDocRef(gen,L"id-FC77E2C72083DA8E0F16711753508182859",L"sha256",L"EXCL_C14N",L"urn urn1",L""); // -------- Reference 3 -------- CkXmlDSigGenW_AddSameDocRef(gen,L"X509-FC77E2C72083DA8E0F16711753508182856",L"sha256",L"EXCL_C14N",L"_EMPTY_",L""); CkXmlDSigGenW_SetX509Cert(gen,cert,TRUE); CkXmlDSigGenW_putKeyInfoType(gen,L"Custom"); // Create the custom KeyInfo XML.. xmlCustomKeyInfo = CkXmlW_Create(); CkXmlW_putTag(xmlCustomKeyInfo,L"wsse:SecurityTokenReference"); CkXmlW_AddAttribute(xmlCustomKeyInfo,L"wsu:Id",L"STR-FC77E2C72083DA8E0F16711753508182858"); CkXmlW_UpdateAttrAt(xmlCustomKeyInfo,L"wsse:Reference",TRUE,L"URI",L"#X509-FC77E2C72083DA8E0F16711753508182856"); CkXmlW_UpdateAttrAt(xmlCustomKeyInfo,L"wsse:Reference",TRUE,L"ValueType",L"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"); CkXmlW_putEmitXmlDecl(xmlCustomKeyInfo,FALSE); CkXmlDSigGenW_putCustomKeyInfoXml(gen,CkXmlW_getXml(xmlCustomKeyInfo)); // Load XML to be signed... sbXml = CkStringBuilderW_Create(); CkXmlW_GetXmlSb(xmlToSign,sbXml); CkXmlDSigGenW_putBehaviors(gen,L"IndentedSignature"); // Sign the XML... success = CkXmlDSigGenW_CreateXmlDSigSb(gen,sbXml); if (success == FALSE) { wprintf(L"%s\n",CkXmlDSigGenW_lastErrorText(gen)); CkCertW_Dispose(cert); CkXmlW_Dispose(xmlToSign); CkBinDataW_Dispose(bdCert); CkDateTimeW_Dispose(dt); CkXmlDSigGenW_Dispose(gen); CkXmlW_Dispose(xmlCustomKeyInfo); CkStringBuilderW_Dispose(sbXml); return; } // ----------------------------------------------- // Send the signed XML... http = CkHttpW_Create(); success = CkHttpW_SetSslClientCert(http,cert); if (success == FALSE) { wprintf(L"%s\n",CkHttpW_lastErrorText(http)); CkCertW_Dispose(cert); CkXmlW_Dispose(xmlToSign); CkBinDataW_Dispose(bdCert); CkDateTimeW_Dispose(dt); CkXmlDSigGenW_Dispose(gen); CkXmlW_Dispose(xmlCustomKeyInfo); CkStringBuilderW_Dispose(sbXml); CkHttpW_Dispose(http); return; } CkHttpW_SetRequestHeader(http,L"Content-Type",L"text/xml"); // Change to services.ehealth.fgov.be for the production environment. resp = CkHttpResponseW_Create(); success = CkHttpW_HttpSb(http,L"POST",L"https://services-acpt.ehealth.fgov.be/PlatformIntegrationConsumerTest/v1",sbXml,L"utf-8",L"application/xml",resp); if (success == FALSE) { wprintf(L"%s\n",CkHttpW_lastErrorText(http)); CkCertW_Dispose(cert); CkXmlW_Dispose(xmlToSign); CkBinDataW_Dispose(bdCert); CkDateTimeW_Dispose(dt); CkXmlDSigGenW_Dispose(gen); CkXmlW_Dispose(xmlCustomKeyInfo); CkStringBuilderW_Dispose(sbXml); CkHttpW_Dispose(http); CkHttpResponseW_Dispose(resp); return; } wprintf(L"%s\n",CkHttpResponseW_bodyStr(resp)); wprintf(L"response status code = %d\n",CkHttpResponseW_getStatusCode(resp)); // A successful response is a 200 status code, with this sample response: // <soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"> // <soapenv:Header xmlns:v1="urn:be:fgov:ehealth:platformintegrationconsumertest:v1" xmlns:v11="urn:be:fgov:ehealth:platformintegrationconsumertest:types:v1"/> // <soapenv:Body xmlns:ic="urn:be:fgov:ehealth:platformintegrationconsumertest:v1" xmlns:type="urn:be:fgov:ehealth:platformintegrationconsumertest:types:v1"> // <ic:CheckAccessControlResponse> // <type:Message>Hello World</type:Message> // <type:Timestamp>2023-09-28T22:17:26.643+02:00</type:Timestamp> // <type:AuthenticatedConsumer>CN="SSIN=aaaaaa", OU=eHealth-platform Belgium, OU=bbbb, OU="SSIN=aaaaaaa", O=Federal Government, C=BE</type:AuthenticatedConsumer> // </ic:CheckAccessControlResponse> // </soapenv:Body> // </soapenv:Envelope> CkCertW_Dispose(cert); CkXmlW_Dispose(xmlToSign); CkBinDataW_Dispose(bdCert); CkDateTimeW_Dispose(dt); CkXmlDSigGenW_Dispose(gen); CkXmlW_Dispose(xmlCustomKeyInfo); CkStringBuilderW_Dispose(sbXml); CkHttpW_Dispose(http); CkHttpResponseW_Dispose(resp); } |
© 2000-2025 Chilkat Software, Inc. All Rights Reserved.