C
C
Signing HTTP Messages
See more RSA Examples
Demonstrates how to sign HTTP messages per draft-cavage-http-signatures-10Chilkat C Downloads
#include <C_CkStringBuilder.h>
#include <C_CkPublicKey.h>
#include <C_CkPrivateKey.h>
#include <C_CkDateTime.h>
#include <C_CkRsa.h>
void ChilkatSample(void)
{
BOOL success;
BOOL bCrlf;
HCkStringBuilder sbPublicKeyPem;
HCkPublicKey pubKey;
HCkStringBuilder sbPrivateKeyPem;
HCkPrivateKey privKey;
HCkDateTime dtNow;
const char *dateStr;
HCkRsa rsa;
HCkStringBuilder sbStringToSign;
const char *b64Signature;
success = FALSE;
// This example requires the Chilkat API to have been previously unlocked.
// See Global Unlock Sample for sample code.
bCrlf = TRUE;
sbPublicKeyPem = CkStringBuilder_Create();
CkStringBuilder_AppendLine(sbPublicKeyPem,"-----BEGIN PUBLIC KEY-----",bCrlf);
CkStringBuilder_AppendLine(sbPublicKeyPem,"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDCFENGw33yGihy92pDjZQhl0C3",bCrlf);
CkStringBuilder_AppendLine(sbPublicKeyPem,"6rPJj+CvfSC8+q28hxA161QFNUd13wuCTUcq0Qd2qsBe/2hFyc2DCJJg0h1L78+6",bCrlf);
CkStringBuilder_AppendLine(sbPublicKeyPem,"Z4UMR7EOcpfdUE9Hf3m/hs+FUR45uBJeDK1HSFHD8bHKD6kv8FPGfJTotc+2xjJw",bCrlf);
CkStringBuilder_AppendLine(sbPublicKeyPem,"oYi+1hqp1fIekaxsyQIDAQAB",bCrlf);
CkStringBuilder_AppendLine(sbPublicKeyPem,"-----END PUBLIC KEY-----",bCrlf);
pubKey = CkPublicKey_Create();
CkPublicKey_LoadFromString(pubKey,CkStringBuilder_getAsString(sbPublicKeyPem));
sbPrivateKeyPem = CkStringBuilder_Create();
CkStringBuilder_AppendLine(sbPrivateKeyPem,"-----BEGIN RSA PRIVATE KEY-----",bCrlf);
CkStringBuilder_AppendLine(sbPrivateKeyPem,"MIICXgIBAAKBgQDCFENGw33yGihy92pDjZQhl0C36rPJj+CvfSC8+q28hxA161QF",bCrlf);
CkStringBuilder_AppendLine(sbPrivateKeyPem,"NUd13wuCTUcq0Qd2qsBe/2hFyc2DCJJg0h1L78+6Z4UMR7EOcpfdUE9Hf3m/hs+F",bCrlf);
CkStringBuilder_AppendLine(sbPrivateKeyPem,"UR45uBJeDK1HSFHD8bHKD6kv8FPGfJTotc+2xjJwoYi+1hqp1fIekaxsyQIDAQAB",bCrlf);
CkStringBuilder_AppendLine(sbPrivateKeyPem,"AoGBAJR8ZkCUvx5kzv+utdl7T5MnordT1TvoXXJGXK7ZZ+UuvMNUCdN2QPc4sBiA",bCrlf);
CkStringBuilder_AppendLine(sbPrivateKeyPem,"QWvLw1cSKt5DsKZ8UETpYPy8pPYnnDEz2dDYiaew9+xEpubyeW2oH4Zx71wqBtOK",bCrlf);
CkStringBuilder_AppendLine(sbPrivateKeyPem,"kqwrXa/pzdpiucRRjk6vE6YY7EBBs/g7uanVpGibOVAEsqH1AkEA7DkjVH28WDUg",bCrlf);
CkStringBuilder_AppendLine(sbPrivateKeyPem,"f1nqvfn2Kj6CT7nIcE3jGJsZZ7zlZmBmHFDONMLUrXR/Zm3pR5m0tCmBqa5RK95u",bCrlf);
CkStringBuilder_AppendLine(sbPrivateKeyPem,"412jt1dPIwJBANJT3v8pnkth48bQo/fKel6uEYyboRtA5/uHuHkZ6FQF7OUkGogc",bCrlf);
CkStringBuilder_AppendLine(sbPrivateKeyPem,"mSJluOdc5t6hI1VsLn0QZEjQZMEOWr+wKSMCQQCC4kXJEsHAve77oP6HtG/IiEn7",bCrlf);
CkStringBuilder_AppendLine(sbPrivateKeyPem,"kpyUXRNvFsDE0czpJJBvL/aRFUJxuRK91jhjC68sA7NsKMGg5OXb5I5Jj36xAkEA",bCrlf);
CkStringBuilder_AppendLine(sbPrivateKeyPem,"gIT7aFOYBFwGgQAQkWNKLvySgKbAZRTeLBacpHMuQdl1DfdntvAyqpAZ0lY0RKmW",bCrlf);
CkStringBuilder_AppendLine(sbPrivateKeyPem,"G6aFKaqQfOXKCyWoUiVknQJAXrlgySFci/2ueKlIE1QqIiLSZ8V8OlpFLRnb1pzI",bCrlf);
CkStringBuilder_AppendLine(sbPrivateKeyPem,"7U1yQXnTAEFYM560yJlzUpOb1V4cScGd365tiSMvxLOvTA==",bCrlf);
CkStringBuilder_AppendLine(sbPrivateKeyPem,"-----END RSA PRIVATE KEY-----",bCrlf);
privKey = CkPrivateKey_Create();
CkPrivateKey_LoadPem(privKey,CkStringBuilder_getAsString(sbPrivateKeyPem));
// All examples use this request:
//
// POST /foo?param=value&pet=dog HTTP/1.1
// Host: example.com
// Date: Sun, 05 Jan 2014 21:31:40 GMT
// Content-Type: application/json
// Digest: SHA-256=X48E9qOokqqrvdts8nOJRJN3OWDUoyWxBf7kbu9DBPE=
// Content-Length: 18
//
// {"hello": "world"}
// C.1. Default Test
//
// If a list of headers is not included, the date is the only header
// that is signed by default. The string to sign would be:
//
// date: Sun, 05 Jan 2014 21:31:40 GMT
//
// The Authorization header would be:
//
// Authorization: Signature keyId="Test",algorithm="rsa-sha256",
// signature="SjWJWbWN7i0wzBvtPl8rbASWz5xQW6mcJmn+ibttBqtifLN7Sazz
// 6m79cNfwwb8DMJ5cou1s7uEGKKCs+FLEEaDV5lp7q25WqS+lavg7T8hc0GppauB
// 6hbgEKTwblDHYGEtbGmtdHgVCk9SuS13F0hZ8FD0k/5OxEPXe5WozsbM="
//
// The Signature header would be:
//
// Signature: keyId="Test",algorithm="rsa-sha256",
// signature="SjWJWbWN7i0wzBvtPl8rbASWz5xQW6mcJmn+ibttBqtifLN7Sazz
// 6m79cNfwwb8DMJ5cou1s7uEGKKCs+FLEEaDV5lp7q25WqS+lavg7T8hc0GppauB
// 6hbgEKTwblDHYGEtbGmtdHgVCk9SuS13F0hZ8FD0k/5OxEPXe5WozsbM="
//
dtNow = CkDateTime_Create();
success = CkDateTime_SetFromCurrentSystemTime(dtNow);
dateStr = CkDateTime_getAsRfc822(dtNow,FALSE);
// To duplicate the above result, we'll hard-code the date string.
dateStr = "Sun, 05 Jan 2014 21:31:40 GMT";
rsa = CkRsa_Create();
success = CkRsa_UsePrivateKey(rsa,privKey);
if (success == FALSE) {
printf("%s\n",CkRsa_lastErrorText(rsa));
CkStringBuilder_Dispose(sbPublicKeyPem);
CkPublicKey_Dispose(pubKey);
CkStringBuilder_Dispose(sbPrivateKeyPem);
CkPrivateKey_Dispose(privKey);
CkDateTime_Dispose(dtNow);
CkRsa_Dispose(rsa);
return;
}
sbStringToSign = CkStringBuilder_Create();
CkStringBuilder_Append(sbStringToSign,"date: ");
CkStringBuilder_Append(sbStringToSign,dateStr);
CkRsa_putEncodingMode(rsa,"base64");
b64Signature = CkRsa_signStringENC(rsa,CkStringBuilder_getAsString(sbStringToSign),"SHA256");
printf("%s\n",b64Signature);
printf("---------------------------\n");
// The result should be:
// SjWJWbWN7i0wzBvtPl8rbASW ... FD0k/5OxEPXe5WozsbM=
// ----------------------------------------------------------------------------------------------------
// C.2. Basic Test
//
// The minimum recommended data to sign is the (request-target), host,
// and date. In this case, the string to sign would be:
//
// (request-target): post /foo?param=value&pet=dog
// host: example.com
// date: Sun, 05 Jan 2014 21:31:40 GMT
//
// The Authorization header would be:
//
// Authorization: Signature keyId="Test",algorithm="rsa-sha256",
// headers="(request-target) host date", signature="qdx+H7PHHDZgy4
// y/Ahn9Tny9V3GP6YgBPyUXMmoxWtLbHpUnXS2mg2+SbrQDMCJypxBLSPQR2aAjn
// 7ndmw2iicw3HMbe8VfEdKFYRqzic+efkb3nndiv/x1xSHDJWeSWkx3ButlYSuBs
// kLu6kd9Fswtemr3lgdDEmn04swr2Os0="
CkStringBuilder_Clear(sbStringToSign);
CkStringBuilder_Append(sbStringToSign,"(request-target): ");
CkStringBuilder_AppendLine(sbStringToSign,"post /foo?param=value&pet=dog",FALSE);
CkStringBuilder_Append(sbStringToSign,"host: ");
CkStringBuilder_AppendLine(sbStringToSign,"example.com",FALSE);
CkStringBuilder_Append(sbStringToSign,"date: ");
CkStringBuilder_Append(sbStringToSign,dateStr);
printf("StringToSign:\n");
printf("%s\n",CkStringBuilder_getAsString(sbStringToSign));
b64Signature = CkRsa_signStringENC(rsa,CkStringBuilder_getAsString(sbStringToSign),"SHA256");
printf("%s\n",b64Signature);
printf("---------------------------\n");
// The result should be:
// qdx+H7PHHDZgy4y/Ahn ... mn04swr2Os0=
CkStringBuilder_Dispose(sbPublicKeyPem);
CkPublicKey_Dispose(pubKey);
CkStringBuilder_Dispose(sbPrivateKeyPem);
CkPrivateKey_Dispose(privKey);
CkDateTime_Dispose(dtNow);
CkRsa_Dispose(rsa);
CkStringBuilder_Dispose(sbStringToSign);
}