Sample code for 30+ languages & platforms
SQL Server

Create IRS MeF Login Service Request Message

See more XML Digital Signatures Examples

This example demonstrates how to create a digitally signed Login Service Request Message.

This example used the documentation at https://www.irs.gov/pub/irs-utl/mef-doc-stp_ref_guide.pdf as a guide.

It creates signed XML as specified in section 4.1.1 found in Section 4: Example A2A Web Service Messages.

Chilkat SQL Server Downloads

SQL Server
-- Important: See this note about string length limitations for strings returned by sp_OAMethod calls.
--
CREATE PROCEDURE ChilkatSample
AS
BEGIN
    DECLARE @hr int
    -- Important: Do not use nvarchar(max).  See the warning about using nvarchar(max).
    DECLARE @sTmp0 nvarchar(4000)
    DECLARE @success int
    SELECT @success = 0

    -- This example requires the Chilkat API to have been previously unlocked.
    -- See Global Unlock Sample for sample code.

    -- --------------------------------------------------------------------------------
    -- Also see Chilkat's Online WSDL Code Generator
    -- to generate code and SOAP Request and Response XML for each operation in a WSDL.
    -- --------------------------------------------------------------------------------

    -- The goal of this example is to create signed SOAP XML such as the following:

    -- <?xml version="1.0" encoding="UTF-8"?>
    -- <SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
    --     <SOAP-ENV:Header>
    --         <wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
    --             <wsse:BinarySecurityToken 
    -- 		xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
    -- 		EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary"
    -- 		ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"
    -- 		wsu:Id="CertId-1673181727">MIIHab...n71P</wsse:BinarySecurityToken>
    --             <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
    --                 <ds:SignedInfo>
    --                     <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
    --                     <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
    --                     <ds:Reference URI="#id-1214941501">
    --                         <ds:Transforms>
    --                             <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
    --                         </ds:Transforms>
    --                         <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
    --                         <ds:DigestValue>abcdefghijkLMNOPQRSTUVwxyz012345Em0o3VEOTck=</ds:DigestValue>
    --                     </ds:Reference>
    --                     <ds:Reference URI="#id-1871558655">
    --                         <ds:Transforms>
    --                             <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
    --                         </ds:Transforms>
    --                         <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
    --                         <ds:DigestValue>abcdefghijkLMNOPQRSTUVwxyz012345Xm5ViA+royg=</ds:DigestValue>
    --                     </ds:Reference>
    --                 </ds:SignedInfo>
    --                 <ds:SignatureValue>abcd...5Nbw==</ds:SignatureValue>
    --                 <ds:KeyInfo Id="KeyId-256137097">
    --                     <wsse:SecurityTokenReference xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="STRId-1862925355">
    --                         <wsse:Reference URI="#CertId-1673181727" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"/>
    --                     </wsse:SecurityTokenReference>
    --                 </ds:KeyInfo>
    --             </ds:Signature>
    --         </wsse:Security>
    --         <ns1:MeFHeader xmlns:ns1="http://www.irs.gov/a2a/mef/MeFHeader.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="id-1214941501">
    --             <ns1:MessageID>12345202018200000234</ns1:MessageID>
    --             <ns1:Action>Login</ns1:Action>
    --             <ns1:MessageTs>2020-06-30T15:25:42.678Z</ns1:MessageTs>
    --             <ns1:ETIN>12345</ns1:ETIN>
    --             <ns1:SessionKeyCd>Y</ns1:SessionKeyCd>
    --             <ns1:TestCd>P</ns1:TestCd>
    --             <ns1:AppSysID>65432190</ns1:AppSysID>
    --             <ns1:WSDLVersionNum>10.3</ns1:WSDLVersionNum>
    --             <ns1:ClientSoftwareTxt>SOATest</ns1:ClientSoftwareTxt>
    --         </ns1:MeFHeader>
    --     </SOAP-ENV:Header>
    --     <SOAP-ENV:Body xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="id-1871558655">
    --         <LoginRequest xmlns="http://www.irs.gov/a2a/mef/MeFMSIServices.xsd"/>
    --     </SOAP-ENV:Body>
    -- </SOAP-ENV:Envelope>

    -- -------------------------------------------------------------------------------------------

    -- First, let's load the certificate + private key to be used for signing (from a PFX).
    -- (It is also possible to use certificates installed on a Windows system, or from other file formats..)
    DECLARE @pfx int
    EXEC @hr = sp_OACreate 'Chilkat.Pfx', @pfx OUT
    IF @hr <> 0
    BEGIN
        PRINT 'Failed to create ActiveX component'
        RETURN
    END

    EXEC sp_OAMethod @pfx, 'LoadPfxFile', @success OUT, 'qa_data/pfx/cert_test123.pfx', 'test123'
    IF @success = 0
      BEGIN
        EXEC sp_OAGetProperty @pfx, 'LastErrorText', @sTmp0 OUT
        PRINT @sTmp0
        EXEC @hr = sp_OADestroy @pfx
        RETURN
      END

    -- We'll be needing the X.509 signing cert as base64 for the BinarySecurityToken, so let's get it now..
    -- The certificate having the private key should be the 1st in the PFX.

    DECLARE @signingCert int
    EXEC @hr = sp_OACreate 'Chilkat.Cert', @signingCert OUT

    EXEC sp_OAMethod @pfx, 'CertAt', @success OUT, 0, @signingCert
    IF @success = 0
      BEGIN
        EXEC sp_OAGetProperty @pfx, 'LastErrorText', @sTmp0 OUT
        PRINT @sTmp0
        EXEC @hr = sp_OADestroy @pfx
        EXEC @hr = sp_OADestroy @signingCert
        RETURN
      END

    DECLARE @bdCert int
    EXEC @hr = sp_OACreate 'Chilkat.BinData', @bdCert OUT

    EXEC sp_OAMethod @signingCert, 'ExportCertDerBd', @success OUT, @bdCert
    DECLARE @sbCert64 int
    EXEC @hr = sp_OACreate 'Chilkat.StringBuilder', @sbCert64 OUT

    EXEC sp_OAMethod @bdCert, 'GetEncodedSb', @success OUT, 'base64', @sbCert64

    -- -------------------------------------------------------------------------------------------
    -- The XML before signing would look like this:

    -- <?xml version="1.0" encoding="UTF-8"?>
    -- <SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
    --     <SOAP-ENV:Header>
    --         <wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
    --             <wsse:BinarySecurityToken 
    -- 		xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
    -- 		EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary"
    -- 		ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"
    -- 		wsu:Id="CertId-1673181727">MIIHab...n71P</wsse:BinarySecurityToken>
    --         </wsse:Security>
    --         <ns1:MeFHeader xmlns:ns1="http://www.irs.gov/a2a/mef/MeFHeader.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="id-1214941501">
    --             <ns1:MessageID>12345202018200000234</ns1:MessageID>
    --             <ns1:Action>Login</ns1:Action>
    --             <ns1:MessageTs>2020-06-30T15:25:42.678Z</ns1:MessageTs>
    --             <ns1:ETIN>12345</ns1:ETIN>
    --             <ns1:SessionKeyCd>Y</ns1:SessionKeyCd>
    --             <ns1:TestCd>P</ns1:TestCd>
    --             <ns1:AppSysID>65432190</ns1:AppSysID>
    --             <ns1:WSDLVersionNum>10.3</ns1:WSDLVersionNum>
    --             <ns1:ClientSoftwareTxt>SOATest</ns1:ClientSoftwareTxt>
    --         </ns1:MeFHeader>
    --     </SOAP-ENV:Header>
    --     <SOAP-ENV:Body xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="id-1871558655">
    --         <LoginRequest xmlns="http://www.irs.gov/a2a/mef/MeFMSIServices.xsd"/>
    --     </SOAP-ENV:Body>
    -- </SOAP-ENV:Envelope>

    -- You can use the online XML code generation tool at http://tools.chilkat.io/xmlCreate.cshtml
    -- to generate the following XML creation source code:

    -- Create the XML to be signed...
    DECLARE @xmlToSign int
    EXEC @hr = sp_OACreate 'Chilkat.Xml', @xmlToSign OUT

    EXEC sp_OASetProperty @xmlToSign, 'Tag', 'SOAP-ENV:Envelope'
    EXEC sp_OAMethod @xmlToSign, 'AddAttribute', @success OUT, 'xmlns:SOAP-ENV', 'http://schemas.xmlsoap.org/soap/envelope/'
    EXEC sp_OAMethod @xmlToSign, 'AddAttribute', @success OUT, 'xmlns:xsd', 'http://www.w3.org/2001/XMLSchema'
    EXEC sp_OAMethod @xmlToSign, 'AddAttribute', @success OUT, 'xmlns:xsi', 'http://www.w3.org/2001/XMLSchema-instance'
    EXEC sp_OAMethod @xmlToSign, 'UpdateAttrAt', @success OUT, 'SOAP-ENV:Header|wsse:Security', 1, 'xmlns:wsse', 'http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd'
    EXEC sp_OAMethod @xmlToSign, 'UpdateAttrAt', @success OUT, 'SOAP-ENV:Header|wsse:Security|wsse:BinarySecurityToken', 1, 'xmlns:wsu', 'http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd'
    EXEC sp_OAMethod @xmlToSign, 'UpdateAttrAt', @success OUT, 'SOAP-ENV:Header|wsse:Security|wsse:BinarySecurityToken', 1, 'EncodingType', 'http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary'
    EXEC sp_OAMethod @xmlToSign, 'UpdateAttrAt', @success OUT, 'SOAP-ENV:Header|wsse:Security|wsse:BinarySecurityToken', 1, 'ValueType', 'http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3'
    EXEC sp_OAMethod @xmlToSign, 'UpdateAttrAt', @success OUT, 'SOAP-ENV:Header|wsse:Security|wsse:BinarySecurityToken', 1, 'wsu:Id', 'CertId-1673181727'
    EXEC sp_OAMethod @sbCert64, 'GetAsString', @sTmp0 OUT
    EXEC sp_OAMethod @xmlToSign, 'UpdateChildContent', NULL, 'SOAP-ENV:Header|wsse:Security|wsse:BinarySecurityToken', @sTmp0
    EXEC sp_OAMethod @xmlToSign, 'UpdateAttrAt', @success OUT, 'SOAP-ENV:Header|ns1:MeFHeader', 1, 'xmlns:ns1', 'http://www.irs.gov/a2a/mef/MeFHeader.xsd'
    EXEC sp_OAMethod @xmlToSign, 'UpdateAttrAt', @success OUT, 'SOAP-ENV:Header|ns1:MeFHeader', 1, 'xmlns:wsu', 'http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd'
    EXEC sp_OAMethod @xmlToSign, 'UpdateAttrAt', @success OUT, 'SOAP-ENV:Header|ns1:MeFHeader', 1, 'wsu:Id', 'id-1214941501'
    EXEC sp_OAMethod @xmlToSign, 'UpdateChildContent', NULL, 'SOAP-ENV:Header|ns1:MeFHeader|ns1:MessageID', '12345202018200000234'
    EXEC sp_OAMethod @xmlToSign, 'UpdateChildContent', NULL, 'SOAP-ENV:Header|ns1:MeFHeader|ns1:Action', 'Login'
    EXEC sp_OAMethod @xmlToSign, 'UpdateChildContent', NULL, 'SOAP-ENV:Header|ns1:MeFHeader|ns1:MessageTs', '2020-06-30T15:25:42.678Z'
    EXEC sp_OAMethod @xmlToSign, 'UpdateChildContentInt', NULL, 'SOAP-ENV:Header|ns1:MeFHeader|ns1:ETIN', 12345
    EXEC sp_OAMethod @xmlToSign, 'UpdateChildContent', NULL, 'SOAP-ENV:Header|ns1:MeFHeader|ns1:SessionKeyCd', 'Y'
    EXEC sp_OAMethod @xmlToSign, 'UpdateChildContent', NULL, 'SOAP-ENV:Header|ns1:MeFHeader|ns1:TestCd', 'P'
    EXEC sp_OAMethod @xmlToSign, 'UpdateChildContentInt', NULL, 'SOAP-ENV:Header|ns1:MeFHeader|ns1:AppSysID', 65432190
    EXEC sp_OAMethod @xmlToSign, 'UpdateChildContent', NULL, 'SOAP-ENV:Header|ns1:MeFHeader|ns1:WSDLVersionNum', '10.3'
    EXEC sp_OAMethod @xmlToSign, 'UpdateChildContent', NULL, 'SOAP-ENV:Header|ns1:MeFHeader|ns1:ClientSoftwareTxt', 'SOATest'
    EXEC sp_OAMethod @xmlToSign, 'UpdateAttrAt', @success OUT, 'SOAP-ENV:Body', 1, 'xmlns:wsu', 'http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd'
    EXEC sp_OAMethod @xmlToSign, 'UpdateAttrAt', @success OUT, 'SOAP-ENV:Body', 1, 'wsu:Id', 'id-1871558655'
    EXEC sp_OAMethod @xmlToSign, 'UpdateAttrAt', @success OUT, 'SOAP-ENV:Body|LoginRequest', 1, 'xmlns', 'http://www.irs.gov/a2a/mef/MeFMSIServices.xsd'

    -- -------------------------------------------------------------------------------------------
    -- Setup the XML DSig generator object to create the desired signature.

    DECLARE @gen int
    EXEC @hr = sp_OACreate 'Chilkat.XmlDSigGen', @gen OUT

    EXEC sp_OASetProperty @gen, 'SigLocation', 'SOAP-ENV:Envelope|SOAP-ENV:Header|wsse:Security'
    EXEC sp_OASetProperty @gen, 'SigLocationMod', 0
    EXEC sp_OASetProperty @gen, 'SigNamespacePrefix', 'ds'
    EXEC sp_OASetProperty @gen, 'SigNamespaceUri', 'http://www.w3.org/2000/09/xmldsig#'
    EXEC sp_OASetProperty @gen, 'SignedInfoCanonAlg', 'EXCL_C14N'
    EXEC sp_OASetProperty @gen, 'SignedInfoDigestMethod', 'sha256'

    -- Set the KeyInfoId before adding references..
    EXEC sp_OASetProperty @gen, 'KeyInfoId', 'KeyId-256137097'

    -- -------- Reference 1 --------
    EXEC sp_OAMethod @gen, 'AddSameDocRef', @success OUT, 'id-1214941501', 'sha256', 'EXCL_C14N', '', ''

    -- -------- Reference 2 --------
    EXEC sp_OAMethod @gen, 'AddSameDocRef', @success OUT, 'id-1871558655', 'sha256', 'EXCL_C14N', '', ''

    -- Provide a certificate + private key. (PFX password is test123)
    DECLARE @cert int
    EXEC @hr = sp_OACreate 'Chilkat.Cert', @cert OUT

    EXEC sp_OAMethod @cert, 'LoadPfxFile', @success OUT, 'qa_data/pfx/cert_test123.pfx', 'test123'
    IF @success = 0
      BEGIN
        EXEC sp_OAGetProperty @cert, 'LastErrorText', @sTmp0 OUT
        PRINT @sTmp0
        EXEC @hr = sp_OADestroy @pfx
        EXEC @hr = sp_OADestroy @signingCert
        EXEC @hr = sp_OADestroy @bdCert
        EXEC @hr = sp_OADestroy @sbCert64
        EXEC @hr = sp_OADestroy @xmlToSign
        EXEC @hr = sp_OADestroy @gen
        EXEC @hr = sp_OADestroy @cert
        RETURN
      END

    EXEC sp_OAMethod @gen, 'SetX509Cert', @success OUT, @cert, 1

    EXEC sp_OASetProperty @gen, 'KeyInfoType', 'Custom'

    -- Create the custom KeyInfo XML..
    DECLARE @xmlCustomKeyInfo int
    EXEC @hr = sp_OACreate 'Chilkat.Xml', @xmlCustomKeyInfo OUT

    EXEC sp_OASetProperty @xmlCustomKeyInfo, 'Tag', 'wsse:SecurityTokenReference'
    EXEC sp_OAMethod @xmlCustomKeyInfo, 'AddAttribute', @success OUT, 'xmlns:wsu', 'http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd'
    EXEC sp_OAMethod @xmlCustomKeyInfo, 'AddAttribute', @success OUT, 'wsu:Id', 'STRId-1862925355'
    EXEC sp_OAMethod @xmlCustomKeyInfo, 'UpdateAttrAt', @success OUT, 'wsse:Reference', 1, 'URI', '#CertId-1673181727'
    EXEC sp_OAMethod @xmlCustomKeyInfo, 'UpdateAttrAt', @success OUT, 'wsse:Reference', 1, 'ValueType', 'http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3'

    EXEC sp_OASetProperty @xmlCustomKeyInfo, 'EmitXmlDecl', 0
    EXEC sp_OAMethod @xmlCustomKeyInfo, 'GetXml', @sTmp0 OUT
    EXEC sp_OASetProperty @gen, 'CustomKeyInfoXml', @sTmp0

    -- -------------------------------------------------------------------------------------------
    -- Load XML to be signed...
    DECLARE @sbXml int
    EXEC @hr = sp_OACreate 'Chilkat.StringBuilder', @sbXml OUT

    EXEC sp_OAMethod @xmlToSign, 'GetXmlSb', @success OUT, @sbXml

    -- Update BinarySecurityToken_Base64Binary_Content with the actual X509 of the signing cert.
    DECLARE @nReplaced int
    EXEC sp_OAMethod @cert, 'GetEncoded', @sTmp0 OUT
    EXEC sp_OAMethod @sbXml, 'Replace', @nReplaced OUT, 'BinarySecurityToken_Base64Binary_Content', @sTmp0

    EXEC sp_OASetProperty @gen, 'Behaviors', 'IndentedSignature'

    -- Sign the XML...
    EXEC sp_OAMethod @gen, 'CreateXmlDSigSb', @success OUT, @sbXml
    IF @success = 0
      BEGIN
        EXEC sp_OAGetProperty @gen, 'LastErrorText', @sTmp0 OUT
        PRINT @sTmp0
        EXEC @hr = sp_OADestroy @pfx
        EXEC @hr = sp_OADestroy @signingCert
        EXEC @hr = sp_OADestroy @bdCert
        EXEC @hr = sp_OADestroy @sbCert64
        EXEC @hr = sp_OADestroy @xmlToSign
        EXEC @hr = sp_OADestroy @gen
        EXEC @hr = sp_OADestroy @cert
        EXEC @hr = sp_OADestroy @xmlCustomKeyInfo
        EXEC @hr = sp_OADestroy @sbXml
        RETURN
      END

    -- -----------------------------------------------

    -- Save the signed XML to a file.
    EXEC sp_OAMethod @sbXml, 'WriteFile', @success OUT, 'c:/temp/qa_output/signedXml.xml', 'utf-8', 0

    EXEC sp_OAMethod @sbXml, 'GetAsString', @sTmp0 OUT
    PRINT @sTmp0

    EXEC @hr = sp_OADestroy @pfx
    EXEC @hr = sp_OADestroy @signingCert
    EXEC @hr = sp_OADestroy @bdCert
    EXEC @hr = sp_OADestroy @sbCert64
    EXEC @hr = sp_OADestroy @xmlToSign
    EXEC @hr = sp_OADestroy @gen
    EXEC @hr = sp_OADestroy @cert
    EXEC @hr = sp_OADestroy @xmlCustomKeyInfo
    EXEC @hr = sp_OADestroy @sbXml


END
GO