Sample code for 30+ languages & platforms
SQL Server

Sign Italian SPID Metadata XML

See more XML Digital Signatures Examples

Demonstrates how to create an XML digital signature for Italian SPID Metadata.

Chilkat SQL Server Downloads

SQL Server
-- Important: See this note about string length limitations for strings returned by sp_OAMethod calls.
--
CREATE PROCEDURE ChilkatSample
AS
BEGIN
    DECLARE @hr int
    -- Important: Do not use nvarchar(max).  See the warning about using nvarchar(max).
    DECLARE @sTmp0 nvarchar(4000)
    DECLARE @success int
    SELECT @success = 0

    -- This example assumes the Chilkat API to have been previously unlocked.
    -- See Global Unlock Sample for sample code.

    SELECT @success = 1

    -- Load the XML to be signed.
    DECLARE @sbXml int
    EXEC @hr = sp_OACreate 'Chilkat.StringBuilder', @sbXml OUT
    IF @hr <> 0
    BEGIN
        PRINT 'Failed to create ActiveX component'
        RETURN
    END

    EXEC sp_OAMethod @sbXml, 'LoadFile', @success OUT, 'qa_data/xml_dsig/spid_metadata.xml', 'utf-8'
    IF @success = 0
      BEGIN

        PRINT 'Failed to load the input file.'
        EXEC @hr = sp_OADestroy @sbXml
        RETURN
      END

    -- The XML to sign contains XML such as this:

    -- <?xml version="1.0" encoding="utf-8"?>
    -- <md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" entityID="https://***.it" ID="_AE17AFFF-A600-49D5-B81D-76EEA55B50FF">
    --     <md:SPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol" AuthnRequestsSigned="true" WantAssertionsSigned="true">
    --         <md:KeyDescriptor use="signing">
    --             <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
    --                 <ds:X509Data>
    --                     <ds:X509Certificate>MIIF5...</ds:X509Certificate>
    --                 </ds:X509Data>
    --             </ds:KeyInfo>
    --         </md:KeyDescriptor>
    --         <md:KeyDescriptor use="encryption">
    --             <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
    --                 <ds:X509Data>
    --                     <ds:X509Certificate>MIIF5...</ds:X509Certificate>
    --                 </ds:X509Data>
    --             </ds:KeyInfo>
    --         </md:KeyDescriptor>
    --         <md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://***.it/it-it/spid/logout"/>
    --         <md:NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:transient</md:NameIDFormat>
    --         <md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://***.it/it-it/spid/loginresp" index="0" isDefault="true"/>
    --         <md:AttributeConsumingService index="1">
    --             <md:ServiceName xml:lang="it">Servizi Online</md:ServiceName>
    --             <md:ServiceDescription xml:lang="it">Accesso ai Servizi Online</md:ServiceDescription>
    --             <md:RequestedAttribute Name="spidCode" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic"/>
    --             <md:RequestedAttribute Name="name" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic"/>
    --             <md:RequestedAttribute Name="familyName" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic"/>
    --             <md:RequestedAttribute Name="fiscalNumber" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic"/>
    --         </md:AttributeConsumingService>
    --     </md:SPSSODescriptor>
    --     <md:Organization>
    --         <md:OrganizationName xml:lang="it">SomeCompany s.r.l.</md:OrganizationName>
    --         <md:OrganizationDisplayName xml:lang="it">SomeCompany s.r.l.</md:OrganizationDisplayName>
    --         <md:OrganizationURL xml:lang="it">https://***.it</md:OrganizationURL>
    --     </md:Organization>
    -- </md:EntityDescriptor>

    DECLARE @gen int
    EXEC @hr = sp_OACreate 'Chilkat.XmlDSigGen', @gen OUT

    EXEC sp_OASetProperty @gen, 'SigLocation', 'md:EntityDescriptor|md:SPSSODescriptor'
    EXEC sp_OASetProperty @gen, 'SigLocationMod', 2
    EXEC sp_OASetProperty @gen, 'SignedInfoCanonAlg', 'EXCL_C14N'
    EXEC sp_OASetProperty @gen, 'SignedInfoDigestMethod', 'sha256'

    -- -------- Reference 1 --------
    EXEC sp_OAMethod @gen, 'AddSameDocRef', @success OUT, '_AE17AFFF-A600-49D5-B81D-76EEA55B50FF', 'sha256', 'EXCL_C14N', '', ''

    -- Provide a certificate + private key. (PFX password is test123)
    DECLARE @cert int
    EXEC @hr = sp_OACreate 'Chilkat.Cert', @cert OUT

    EXEC sp_OAMethod @cert, 'LoadPfxFile', @success OUT, 'qa_data/pfx/cert_test123.pfx', 'test123'
    IF @success <> 1
      BEGIN
        EXEC sp_OAGetProperty @cert, 'LastErrorText', @sTmp0 OUT
        PRINT @sTmp0
        EXEC @hr = sp_OADestroy @sbXml
        EXEC @hr = sp_OADestroy @gen
        EXEC @hr = sp_OADestroy @cert
        RETURN
      END
    EXEC sp_OAMethod @gen, 'SetX509Cert', @success OUT, @cert, 1

    EXEC sp_OASetProperty @gen, 'KeyInfoType', 'X509Data+KeyValue'
    EXEC sp_OASetProperty @gen, 'X509Type', 'Certificate'

    EXEC sp_OASetProperty @gen, 'Behaviors', 'IndentedSignature,ForceAddEnvelopedSignatureTransform,OmitAlreadyDefinedSigNamespace'

    -- Sign the XML...
    EXEC sp_OAMethod @gen, 'CreateXmlDSigSb', @success OUT, @sbXml
    IF @success <> 1
      BEGIN
        EXEC sp_OAGetProperty @gen, 'LastErrorText', @sTmp0 OUT
        PRINT @sTmp0
        EXEC @hr = sp_OADestroy @sbXml
        EXEC @hr = sp_OADestroy @gen
        EXEC @hr = sp_OADestroy @cert
        RETURN
      END
    -- -----------------------------------------------

    -- Save the signed XML to a file.
    EXEC sp_OAMethod @sbXml, 'WriteFile', @success OUT, 'qa_output/signedXml.xml', 'utf-8', 0

    EXEC sp_OAMethod @sbXml, 'GetAsString', @sTmp0 OUT
    PRINT @sTmp0

    -- ----------------------------------------
    -- Verify the signatures we just produced...
    DECLARE @verifier int
    EXEC @hr = sp_OACreate 'Chilkat.XmlDSig', @verifier OUT

    EXEC sp_OAMethod @verifier, 'LoadSignatureSb', @success OUT, @sbXml
    IF @success <> 1
      BEGIN
        EXEC sp_OAGetProperty @verifier, 'LastErrorText', @sTmp0 OUT
        PRINT @sTmp0
        EXEC @hr = sp_OADestroy @sbXml
        EXEC @hr = sp_OADestroy @gen
        EXEC @hr = sp_OADestroy @cert
        EXEC @hr = sp_OADestroy @verifier
        RETURN
      END

    DECLARE @numSigs int
    EXEC sp_OAGetProperty @verifier, 'NumSignatures', @numSigs OUT
    DECLARE @verifyIdx int
    SELECT @verifyIdx = 0
    WHILE @verifyIdx < @numSigs
      BEGIN
        EXEC sp_OASetProperty @verifier, 'Selector', @verifyIdx
        DECLARE @verified int
        EXEC sp_OAMethod @verifier, 'VerifySignature', @verified OUT, 1
        IF @verified <> 1
          BEGIN
            EXEC sp_OAGetProperty @verifier, 'LastErrorText', @sTmp0 OUT
            PRINT @sTmp0
            EXEC @hr = sp_OADestroy @sbXml
            EXEC @hr = sp_OADestroy @gen
            EXEC @hr = sp_OADestroy @cert
            EXEC @hr = sp_OADestroy @verifier
            RETURN
          END
        SELECT @verifyIdx = @verifyIdx + 1
      END

    PRINT 'All signatures were successfully verified.'

    EXEC @hr = sp_OADestroy @sbXml
    EXEC @hr = sp_OADestroy @gen
    EXEC @hr = sp_OADestroy @cert
    EXEC @hr = sp_OADestroy @verifier


END
GO