(AutoIt) Signing HTTP Messages

Demonstrates how to sign HTTP messages per draft-cavage-http-signatures-10

For more information, see https://tools.ietf.org/html/draft-cavage-http-signatures-10

Chilkat ActiveX Downloads ActiveX for 32-bit and 64-bit Windows

; This example requires the Chilkat API to have been previously unlocked.
; See Global Unlock Sample for sample code.

Local $bSuccess

Local $bCrlf = True
$oSbPublicKeyPem = ObjCreate("Chilkat_9_5_0.StringBuilder")
$oSbPublicKeyPem.AppendLine("-----BEGIN PUBLIC KEY-----",$bCrlf)
$oSbPublicKeyPem.AppendLine("MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDCFENGw33yGihy92pDjZQhl0C3",$bCrlf)
$oSbPublicKeyPem.AppendLine("6rPJj+CvfSC8+q28hxA161QFNUd13wuCTUcq0Qd2qsBe/2hFyc2DCJJg0h1L78+6",$bCrlf)
$oSbPublicKeyPem.AppendLine("Z4UMR7EOcpfdUE9Hf3m/hs+FUR45uBJeDK1HSFHD8bHKD6kv8FPGfJTotc+2xjJw",$bCrlf)
$oSbPublicKeyPem.AppendLine("oYi+1hqp1fIekaxsyQIDAQAB",$bCrlf)
$oSbPublicKeyPem.AppendLine("-----END PUBLIC KEY-----",$bCrlf)

$oPubKey = ObjCreate("Chilkat_9_5_0.PublicKey")
$oPubKey.LoadFromString($oSbPublicKeyPem.GetAsString())

$oSbPrivateKeyPem = ObjCreate("Chilkat_9_5_0.StringBuilder")
$oSbPrivateKeyPem.AppendLine("-----BEGIN RSA PRIVATE KEY-----",$bCrlf)
$oSbPrivateKeyPem.AppendLine("MIICXgIBAAKBgQDCFENGw33yGihy92pDjZQhl0C36rPJj+CvfSC8+q28hxA161QF",$bCrlf)
$oSbPrivateKeyPem.AppendLine("NUd13wuCTUcq0Qd2qsBe/2hFyc2DCJJg0h1L78+6Z4UMR7EOcpfdUE9Hf3m/hs+F",$bCrlf)
$oSbPrivateKeyPem.AppendLine("UR45uBJeDK1HSFHD8bHKD6kv8FPGfJTotc+2xjJwoYi+1hqp1fIekaxsyQIDAQAB",$bCrlf)
$oSbPrivateKeyPem.AppendLine("AoGBAJR8ZkCUvx5kzv+utdl7T5MnordT1TvoXXJGXK7ZZ+UuvMNUCdN2QPc4sBiA",$bCrlf)
$oSbPrivateKeyPem.AppendLine("QWvLw1cSKt5DsKZ8UETpYPy8pPYnnDEz2dDYiaew9+xEpubyeW2oH4Zx71wqBtOK",$bCrlf)
$oSbPrivateKeyPem.AppendLine("kqwrXa/pzdpiucRRjk6vE6YY7EBBs/g7uanVpGibOVAEsqH1AkEA7DkjVH28WDUg",$bCrlf)
$oSbPrivateKeyPem.AppendLine("f1nqvfn2Kj6CT7nIcE3jGJsZZ7zlZmBmHFDONMLUrXR/Zm3pR5m0tCmBqa5RK95u",$bCrlf)
$oSbPrivateKeyPem.AppendLine("412jt1dPIwJBANJT3v8pnkth48bQo/fKel6uEYyboRtA5/uHuHkZ6FQF7OUkGogc",$bCrlf)
$oSbPrivateKeyPem.AppendLine("mSJluOdc5t6hI1VsLn0QZEjQZMEOWr+wKSMCQQCC4kXJEsHAve77oP6HtG/IiEn7",$bCrlf)
$oSbPrivateKeyPem.AppendLine("kpyUXRNvFsDE0czpJJBvL/aRFUJxuRK91jhjC68sA7NsKMGg5OXb5I5Jj36xAkEA",$bCrlf)
$oSbPrivateKeyPem.AppendLine("gIT7aFOYBFwGgQAQkWNKLvySgKbAZRTeLBacpHMuQdl1DfdntvAyqpAZ0lY0RKmW",$bCrlf)
$oSbPrivateKeyPem.AppendLine("G6aFKaqQfOXKCyWoUiVknQJAXrlgySFci/2ueKlIE1QqIiLSZ8V8OlpFLRnb1pzI",$bCrlf)
$oSbPrivateKeyPem.AppendLine("7U1yQXnTAEFYM560yJlzUpOb1V4cScGd365tiSMvxLOvTA==",$bCrlf)
$oSbPrivateKeyPem.AppendLine("-----END RSA PRIVATE KEY-----",$bCrlf)

$oPrivKey = ObjCreate("Chilkat_9_5_0.PrivateKey")
$oPrivKey.LoadPem($oSbPrivateKeyPem.GetAsString())

;    All examples use this request:
; 
;    POST /foo?param=value&pet=dog HTTP/1.1
;    Host: example.com
;    Date: Sun, 05 Jan 2014 21:31:40 GMT
;    Content-Type: application/json
;    Digest: SHA-256=X48E9qOokqqrvdts8nOJRJN3OWDUoyWxBf7kbu9DBPE=
;    Content-Length: 18
; 
;    {"hello": "world"}

; C.1.  Default Test
; 
;    If a list of headers is not included, the date is the only header
;    that is signed by default.  The string to sign would be:
; 
;    date: Sun, 05 Jan 2014 21:31:40 GMT
; 
;    The Authorization header would be:
; 
;    Authorization: Signature keyId="Test",algorithm="rsa-sha256",
;    signature="SjWJWbWN7i0wzBvtPl8rbASWz5xQW6mcJmn+ibttBqtifLN7Sazz
;    6m79cNfwwb8DMJ5cou1s7uEGKKCs+FLEEaDV5lp7q25WqS+lavg7T8hc0GppauB
;    6hbgEKTwblDHYGEtbGmtdHgVCk9SuS13F0hZ8FD0k/5OxEPXe5WozsbM="
; 
;    The Signature header would be:
; 
;    Signature: keyId="Test",algorithm="rsa-sha256",
;    signature="SjWJWbWN7i0wzBvtPl8rbASWz5xQW6mcJmn+ibttBqtifLN7Sazz
;    6m79cNfwwb8DMJ5cou1s7uEGKKCs+FLEEaDV5lp7q25WqS+lavg7T8hc0GppauB
;    6hbgEKTwblDHYGEtbGmtdHgVCk9SuS13F0hZ8FD0k/5OxEPXe5WozsbM="
; 

$oDtNow = ObjCreate("Chilkat_9_5_0.CkDateTime")
$bSuccess = $oDtNow.SetFromCurrentSystemTime()
Local $sDateStr = $oDtNow.GetAsRfc822(False)

; To duplicate the above result, we'll hard-code the date string.
$sDateStr = "Sun, 05 Jan 2014 21:31:40 GMT"

$oRsa = ObjCreate("Chilkat_9_5_0.Rsa")
$bSuccess = $oRsa.ImportPrivateKeyObj($oPrivKey)
If ($bSuccess = False) Then
    ConsoleWrite($oRsa.LastErrorText & @CRLF)
    Exit
EndIf

$oSbStringToSign = ObjCreate("Chilkat_9_5_0.StringBuilder")
$oSbStringToSign.Append("date: ")
$oSbStringToSign.Append($sDateStr)

$oRsa.EncodingMode = "base64"
Local $sB64Signature = $oRsa.SignStringENC($oSbStringToSign.GetAsString(),"SHA256")
ConsoleWrite($sB64Signature & @CRLF)
ConsoleWrite("---------------------------" & @CRLF)

; The result should be:
; SjWJWbWN7i0wzBvtPl8rbASW ... FD0k/5OxEPXe5WozsbM=

; ----------------------------------------------------------------------------------------------------

; C.2.  Basic Test
; 
;    The minimum recommended data to sign is the (request-target), host,
;    and date.  In this case, the string to sign would be:
; 
;    (request-target): post /foo?param=value&pet=dog
;    host: example.com
;    date: Sun, 05 Jan 2014 21:31:40 GMT
; 
;    The Authorization header would be:
; 
;    Authorization: Signature keyId="Test",algorithm="rsa-sha256",
;    headers="(request-target) host date", signature="qdx+H7PHHDZgy4
;    y/Ahn9Tny9V3GP6YgBPyUXMmoxWtLbHpUnXS2mg2+SbrQDMCJypxBLSPQR2aAjn
;    7ndmw2iicw3HMbe8VfEdKFYRqzic+efkb3nndiv/x1xSHDJWeSWkx3ButlYSuBs
;    kLu6kd9Fswtemr3lgdDEmn04swr2Os0="

$oSbStringToSign.Clear 
$oSbStringToSign.Append("(request-target): ")
$oSbStringToSign.AppendLine("post /foo?param=value&pet=dog",False)
$oSbStringToSign.Append("host: ")
$oSbStringToSign.AppendLine("example.com",False)
$oSbStringToSign.Append("date: ")
$oSbStringToSign.Append($sDateStr)

ConsoleWrite("StringToSign:" & @CRLF)
ConsoleWrite($oSbStringToSign.GetAsString() & @CRLF)
$sB64Signature = $oRsa.SignStringENC($oSbStringToSign.GetAsString(),"SHA256")
ConsoleWrite($sB64Signature & @CRLF)
ConsoleWrite("---------------------------" & @CRLF)

; The result should be:
; qdx+H7PHHDZgy4y/Ahn ... mn04swr2Os0=