|
Chilkat • HOME • .NET Core C# • Android™ • AutoIt • C • C# • C++ • Chilkat2-Python • CkPython • Classic ASP • DataFlex • Delphi ActiveX • Delphi DLL • Go • Java • Lianja • Mono C# • Node.js • Objective-C • PHP ActiveX • PHP Extension • Perl • PowerBuilder • PowerShell • PureBasic • Ruby • SQL Server • Swift 2 • Swift 3,4,5... • Tcl • Unicode C • Unicode C++ • VB.NET • VBScript • Visual Basic 6.0 • Visual FoxPro • Xojo Plugin
(C) Create IRS MeF Login Service Request MessageThis example demonstrates how to create a digitally signed Login Service Request Message. This example used the documentation at https://www.irs.gov/pub/irs-utl/mef-doc-stp_ref_guide.pdf as a guide. It creates signed XML as specified in section 4.1.1 found in Section 4: Example A2A Web Service Messages.
#include <C_CkPfx.h> #include <C_CkCert.h> #include <C_CkBinData.h> #include <C_CkStringBuilder.h> #include <C_CkXml.h> #include <C_CkXmlDSigGen.h> void ChilkatSample(void) { HCkPfx pfx; BOOL success; HCkCert signingCert; HCkBinData bdCert; HCkStringBuilder sbCert64; HCkXml xmlToSign; HCkXmlDSigGen gen; HCkCert cert; HCkXml xmlCustomKeyInfo; HCkStringBuilder sbXml; int nReplaced; // This example requires the Chilkat API to have been previously unlocked. // See Global Unlock Sample for sample code. // -------------------------------------------------------------------------------- // Also see Chilkat's Online WSDL Code Generator // to generate code and SOAP Request and Response XML for each operation in a WSDL. // -------------------------------------------------------------------------------- // The goal of this example is to create signed SOAP XML such as the following: // <?xml version="1.0" encoding="UTF-8"?> // <SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> // <SOAP-ENV:Header> // <wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"> // <wsse:BinarySecurityToken // xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" // EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" // ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" // wsu:Id="CertId-1673181727">MIIHab...n71P</wsse:BinarySecurityToken> // <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#"> // <ds:SignedInfo> // <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/> // <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/> // <ds:Reference URI="#id-1214941501"> // <ds:Transforms> // <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/> // </ds:Transforms> // <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/> // <ds:DigestValue>abcdefghijkLMNOPQRSTUVwxyz012345Em0o3VEOTck=</ds:DigestValue> // </ds:Reference> // <ds:Reference URI="#id-1871558655"> // <ds:Transforms> // <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/> // </ds:Transforms> // <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/> // <ds:DigestValue>abcdefghijkLMNOPQRSTUVwxyz012345Xm5ViA+royg=</ds:DigestValue> // </ds:Reference> // </ds:SignedInfo> // <ds:SignatureValue>abcd...5Nbw==</ds:SignatureValue> // <ds:KeyInfo Id="KeyId-256137097"> // <wsse:SecurityTokenReference xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="STRId-1862925355"> // <wsse:Reference URI="#CertId-1673181727" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"/> // </wsse:SecurityTokenReference> // </ds:KeyInfo> // </ds:Signature> // </wsse:Security> // <ns1:MeFHeader xmlns:ns1="http://www.irs.gov/a2a/mef/MeFHeader.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="id-1214941501"> // <ns1:MessageID>12345202018200000234</ns1:MessageID> // <ns1:Action>Login</ns1:Action> // <ns1:MessageTs>2020-06-30T15:25:42.678Z</ns1:MessageTs> // <ns1:ETIN>12345</ns1:ETIN> // <ns1:SessionKeyCd>Y</ns1:SessionKeyCd> // <ns1:TestCd>P</ns1:TestCd> // <ns1:AppSysID>65432190</ns1:AppSysID> // <ns1:WSDLVersionNum>10.3</ns1:WSDLVersionNum> // <ns1:ClientSoftwareTxt>SOATest</ns1:ClientSoftwareTxt> // </ns1:MeFHeader> // </SOAP-ENV:Header> // <SOAP-ENV:Body xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="id-1871558655"> // <LoginRequest xmlns="http://www.irs.gov/a2a/mef/MeFMSIServices.xsd"/> // </SOAP-ENV:Body> // </SOAP-ENV:Envelope> // ------------------------------------------------------------------------------------------- // First, let's load the certificate + private key to be used for signing (from a PFX). // (It is also possible to use certificates installed on a Windows system, or from other file formats..) pfx = CkPfx_Create(); success = CkPfx_LoadPfxFile(pfx,"qa_data/pfx/cert_test123.pfx","test123"); if (success != TRUE) { printf("%s\n",CkPfx_lastErrorText(pfx)); CkPfx_Dispose(pfx); return; } // We'll be needing the X.509 signing cert as base64 for the BinarySecurityToken, so let's get it now.. // The certificate having the private key should be the 1st in the PFX. signingCert = CkPfx_GetCert(pfx,0); if (CkPfx_getLastMethodSuccess(pfx) != TRUE) { printf("%s\n",CkPfx_lastErrorText(pfx)); CkPfx_Dispose(pfx); return; } bdCert = CkBinData_Create(); CkCert_ExportCertDerBd(signingCert,bdCert); sbCert64 = CkStringBuilder_Create(); CkBinData_GetEncodedSb(bdCert,"base64",sbCert64); // ------------------------------------------------------------------------------------------- // The XML before signing would look like this: // <?xml version="1.0" encoding="UTF-8"?> // <SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> // <SOAP-ENV:Header> // <wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"> // <wsse:BinarySecurityToken // xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" // EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" // ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" // wsu:Id="CertId-1673181727">MIIHab...n71P</wsse:BinarySecurityToken> // </wsse:Security> // <ns1:MeFHeader xmlns:ns1="http://www.irs.gov/a2a/mef/MeFHeader.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="id-1214941501"> // <ns1:MessageID>12345202018200000234</ns1:MessageID> // <ns1:Action>Login</ns1:Action> // <ns1:MessageTs>2020-06-30T15:25:42.678Z</ns1:MessageTs> // <ns1:ETIN>12345</ns1:ETIN> // <ns1:SessionKeyCd>Y</ns1:SessionKeyCd> // <ns1:TestCd>P</ns1:TestCd> // <ns1:AppSysID>65432190</ns1:AppSysID> // <ns1:WSDLVersionNum>10.3</ns1:WSDLVersionNum> // <ns1:ClientSoftwareTxt>SOATest</ns1:ClientSoftwareTxt> // </ns1:MeFHeader> // </SOAP-ENV:Header> // <SOAP-ENV:Body xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="id-1871558655"> // <LoginRequest xmlns="http://www.irs.gov/a2a/mef/MeFMSIServices.xsd"/> // </SOAP-ENV:Body> // </SOAP-ENV:Envelope> // You can use the online XML code generation tool at http://tools.chilkat.io/xmlCreate.cshtml // to generate the following XML creation source code: // Create the XML to be signed... xmlToSign = CkXml_Create(); CkXml_putTag(xmlToSign,"SOAP-ENV:Envelope"); CkXml_AddAttribute(xmlToSign,"xmlns:SOAP-ENV","http://schemas.xmlsoap.org/soap/envelope/"); CkXml_AddAttribute(xmlToSign,"xmlns:xsd","http://www.w3.org/2001/XMLSchema"); CkXml_AddAttribute(xmlToSign,"xmlns:xsi","http://www.w3.org/2001/XMLSchema-instance"); CkXml_UpdateAttrAt(xmlToSign,"SOAP-ENV:Header|wsse:Security",TRUE,"xmlns:wsse","http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"); CkXml_UpdateAttrAt(xmlToSign,"SOAP-ENV:Header|wsse:Security|wsse:BinarySecurityToken",TRUE,"xmlns:wsu","http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"); CkXml_UpdateAttrAt(xmlToSign,"SOAP-ENV:Header|wsse:Security|wsse:BinarySecurityToken",TRUE,"EncodingType","http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary"); CkXml_UpdateAttrAt(xmlToSign,"SOAP-ENV:Header|wsse:Security|wsse:BinarySecurityToken",TRUE,"ValueType","http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"); CkXml_UpdateAttrAt(xmlToSign,"SOAP-ENV:Header|wsse:Security|wsse:BinarySecurityToken",TRUE,"wsu:Id","CertId-1673181727"); CkXml_UpdateChildContent(xmlToSign,"SOAP-ENV:Header|wsse:Security|wsse:BinarySecurityToken",CkStringBuilder_getAsString(sbCert64)); CkXml_UpdateAttrAt(xmlToSign,"SOAP-ENV:Header|ns1:MeFHeader",TRUE,"xmlns:ns1","http://www.irs.gov/a2a/mef/MeFHeader.xsd"); CkXml_UpdateAttrAt(xmlToSign,"SOAP-ENV:Header|ns1:MeFHeader",TRUE,"xmlns:wsu","http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"); CkXml_UpdateAttrAt(xmlToSign,"SOAP-ENV:Header|ns1:MeFHeader",TRUE,"wsu:Id","id-1214941501"); CkXml_UpdateChildContent(xmlToSign,"SOAP-ENV:Header|ns1:MeFHeader|ns1:MessageID","12345202018200000234"); CkXml_UpdateChildContent(xmlToSign,"SOAP-ENV:Header|ns1:MeFHeader|ns1:Action","Login"); CkXml_UpdateChildContent(xmlToSign,"SOAP-ENV:Header|ns1:MeFHeader|ns1:MessageTs","2020-06-30T15:25:42.678Z"); CkXml_UpdateChildContentInt(xmlToSign,"SOAP-ENV:Header|ns1:MeFHeader|ns1:ETIN",12345); CkXml_UpdateChildContent(xmlToSign,"SOAP-ENV:Header|ns1:MeFHeader|ns1:SessionKeyCd","Y"); CkXml_UpdateChildContent(xmlToSign,"SOAP-ENV:Header|ns1:MeFHeader|ns1:TestCd","P"); CkXml_UpdateChildContentInt(xmlToSign,"SOAP-ENV:Header|ns1:MeFHeader|ns1:AppSysID",65432190); CkXml_UpdateChildContent(xmlToSign,"SOAP-ENV:Header|ns1:MeFHeader|ns1:WSDLVersionNum","10.3"); CkXml_UpdateChildContent(xmlToSign,"SOAP-ENV:Header|ns1:MeFHeader|ns1:ClientSoftwareTxt","SOATest"); CkXml_UpdateAttrAt(xmlToSign,"SOAP-ENV:Body",TRUE,"xmlns:wsu","http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"); CkXml_UpdateAttrAt(xmlToSign,"SOAP-ENV:Body",TRUE,"wsu:Id","id-1871558655"); CkXml_UpdateAttrAt(xmlToSign,"SOAP-ENV:Body|LoginRequest",TRUE,"xmlns","http://www.irs.gov/a2a/mef/MeFMSIServices.xsd"); // ------------------------------------------------------------------------------------------- // Setup the XML DSig generator object to create the desired signature. gen = CkXmlDSigGen_Create(); CkXmlDSigGen_putSigLocation(gen,"SOAP-ENV:Envelope|SOAP-ENV:Header|wsse:Security"); CkXmlDSigGen_putSigLocationMod(gen,0); CkXmlDSigGen_putSigNamespacePrefix(gen,"ds"); CkXmlDSigGen_putSigNamespaceUri(gen,"http://www.w3.org/2000/09/xmldsig#"); CkXmlDSigGen_putSignedInfoCanonAlg(gen,"EXCL_C14N"); CkXmlDSigGen_putSignedInfoDigestMethod(gen,"sha256"); // Set the KeyInfoId before adding references.. CkXmlDSigGen_putKeyInfoId(gen,"KeyId-256137097"); // -------- Reference 1 -------- CkXmlDSigGen_AddSameDocRef(gen,"id-1214941501","sha256","EXCL_C14N","",""); // -------- Reference 2 -------- CkXmlDSigGen_AddSameDocRef(gen,"id-1871558655","sha256","EXCL_C14N","",""); // Provide a certificate + private key. (PFX password is test123) cert = CkCert_Create(); success = CkCert_LoadPfxFile(cert,"qa_data/pfx/cert_test123.pfx","test123"); if (success != TRUE) { printf("%s\n",CkCert_lastErrorText(cert)); CkPfx_Dispose(pfx); CkBinData_Dispose(bdCert); CkStringBuilder_Dispose(sbCert64); CkXml_Dispose(xmlToSign); CkXmlDSigGen_Dispose(gen); CkCert_Dispose(cert); return; } CkXmlDSigGen_SetX509Cert(gen,cert,TRUE); CkXmlDSigGen_putKeyInfoType(gen,"Custom"); // Create the custom KeyInfo XML.. xmlCustomKeyInfo = CkXml_Create(); CkXml_putTag(xmlCustomKeyInfo,"wsse:SecurityTokenReference"); CkXml_AddAttribute(xmlCustomKeyInfo,"xmlns:wsu","http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"); CkXml_AddAttribute(xmlCustomKeyInfo,"wsu:Id","STRId-1862925355"); CkXml_UpdateAttrAt(xmlCustomKeyInfo,"wsse:Reference",TRUE,"URI","#CertId-1673181727"); CkXml_UpdateAttrAt(xmlCustomKeyInfo,"wsse:Reference",TRUE,"ValueType","http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"); CkXml_putEmitXmlDecl(xmlCustomKeyInfo,FALSE); CkXmlDSigGen_putCustomKeyInfoXml(gen,CkXml_getXml(xmlCustomKeyInfo)); // ------------------------------------------------------------------------------------------- // Load XML to be signed... sbXml = CkStringBuilder_Create(); CkXml_GetXmlSb(xmlToSign,sbXml); // Update BinarySecurityToken_Base64Binary_Content with the actual X509 of the signing cert. nReplaced = CkStringBuilder_Replace(sbXml,"BinarySecurityToken_Base64Binary_Content",CkCert_getEncoded(cert)); CkXmlDSigGen_putBehaviors(gen,"IndentedSignature"); // Sign the XML... success = CkXmlDSigGen_CreateXmlDSigSb(gen,sbXml); if (success != TRUE) { printf("%s\n",CkXmlDSigGen_lastErrorText(gen)); CkPfx_Dispose(pfx); CkBinData_Dispose(bdCert); CkStringBuilder_Dispose(sbCert64); CkXml_Dispose(xmlToSign); CkXmlDSigGen_Dispose(gen); CkCert_Dispose(cert); CkXml_Dispose(xmlCustomKeyInfo); CkStringBuilder_Dispose(sbXml); return; } // ----------------------------------------------- // Save the signed XML to a file. success = CkStringBuilder_WriteFile(sbXml,"c:/temp/qa_output/signedXml.xml","utf-8",FALSE); printf("%s\n",CkStringBuilder_getAsString(sbXml)); CkPfx_Dispose(pfx); CkBinData_Dispose(bdCert); CkStringBuilder_Dispose(sbCert64); CkXml_Dispose(xmlToSign); CkXmlDSigGen_Dispose(gen); CkCert_Dispose(cert); CkXml_Dispose(xmlCustomKeyInfo); CkStringBuilder_Dispose(sbXml); } |
|||||||
© 2000-2024 Chilkat Software, Inc. All Rights Reserved.