(DataFlex) Create JWS with Multiple Signatures using the General JSON Serialization Format

Creates a JSON Web Signature (JWS) containing 3 signatures and output using the general JSON serialization format.

Chilkat supports all of the following JWS algorithms:

   +--------------+-------------------------------+--------------------+
   | "alg" Param  | Digital Signature or MAC      | Implementation     |
   | Value        | Algorithm                     | Requirements       |
   +--------------+-------------------------------+--------------------+
   | HS256        | HMAC using SHA-256            | Required           |
   | HS384        | HMAC using SHA-384            | Optional           |
   | HS512        | HMAC using SHA-512            | Optional           |
   | RS256        | RSASSA-PKCS1-v1_5 using       | Recommended        |
   |              | SHA-256                       |                    |
   | RS384        | RSASSA-PKCS1-v1_5 using       | Optional           |
   |              | SHA-384                       |                    |
   | RS512        | RSASSA-PKCS1-v1_5 using       | Optional           |
   |              | SHA-512                       |                    |
   | ES256        | ECDSA using P-256 and SHA-256 | Recommended+       |
   | ES384        | ECDSA using P-384 and SHA-384 | Optional           |
   | ES512        | ECDSA using P-521 and SHA-512 | Optional           |
   | PS256        | RSASSA-PSS using SHA-256 and  | Optional           |
   |              | MGF1 with SHA-256             |                    |
   | PS384        | RSASSA-PSS using SHA-384 and  | Optional           |
   |              | MGF1 with SHA-384             |                    |
   | PS512        | RSASSA-PSS using SHA-512 and  | Optional           |
   |              | MGF1 with SHA-512             |                    |
   +--------------+-------------------------------+--------------------+

Note: This example requires Chilkat v9.5.0.66 or greater.

Chilkat ActiveX Downloads ActiveX for 32-bit and 64-bit Windows

Use ChilkatAx-win32.pkg

Procedure Test
    Handle hoSbRsaJwk
    Boolean iSuccess
    Variant vRsaKey
    Handle hoRsaKey
    Boolean iSuccess
    Handle hoSbEccJwk
    Variant vEccKey
    Handle hoEccKey
    String sHmacKey
    Variant vJwsProtHdr0
    Handle hoJwsProtHdr0
UnprotHdr0    Handle hoJwsUnprotHdr0
    Variant vJwsProtHdr1
    Handle hoJwsProtHdr1
UnprotHdr1    Handle hoJwsUnprotHdr1
ProtHdr2    Handle hoJwsProtHdr2
UnprotHdr2    Handle hoJwsUnprotHdr2
    Handle hoJws
    Boolean iBIncludeBom
    String sPayloadStr
    String sJwsStr
    Handle hoJson
    String sTemp1
    Boolean bTemp1

    // This requires the Chilkat API to have been previously unlocked.
    // See Global Unlock Sample for sample code.

    // Note: This example requires Chilkat v9.5.0.66 or greater.

    // The JWS to be created will contain three signatures.
    // The 1st will use an ECC key, the 2nd an RSA key, and the 3rd an HMAC key.

    // Prepare each key..

    // ---------------------------------------------------
    // Use the following RSA key loaded from JWK format.
    Get Create (RefClass(cComChilkatStringBuilder)) To hoSbRsaJwk
    If (Not(IsComObjectCreated(hoSbRsaJwk))) Begin
        Send CreateComObject of hoSbRsaJwk
    End
    Get ComAppend Of hoSbRsaJwk '{"kty":"RSA",' To iSuccess
    Get ComAppend Of hoSbRsaJwk '"n":"ofgWCuLjybRlzo0tZWJjNiuSfb4p4fAkd_wWJcyQoTbji9k0l8W26mPddx' To iSuccess
    Get ComAppend Of hoSbRsaJwk "HmfHQp-Vaw-4qPCJrcS2mJPMEzP1Pt0Bm4d4QlL-yRT-SFd2lZS-pCgNMs" To iSuccess
    Get ComAppend Of hoSbRsaJwk "D1W_YpRPEwOWvG6b32690r2jZ47soMZo9wGzjb_7OMg0LOL-bSf63kpaSH" To iSuccess
    Get ComAppend Of hoSbRsaJwk "SXndS5z5rexMdbBYUsLA9e-KXBdQOS-UTo7WTBEMa2R2CapHg665xsmtdV" To iSuccess
    Get ComAppend Of hoSbRsaJwk "MTBQY4uDZlxvb3qCo5ZwKh9kG4LT6_I5IhlJH7aGhyxXFvUK-DWNmoudF8" To iSuccess
    Get ComAppend Of hoSbRsaJwk 'NAco9_h9iaGNj8q2ethFkMLs91kzk2PAcDTW9gb54h4FRWyuXpoQ",' To iSuccess
    Get ComAppend Of hoSbRsaJwk '"e":"AQAB",' To iSuccess
    Get ComAppend Of hoSbRsaJwk '"d":"Eq5xpGnNCivDflJsRQBXHx1hdR1k6Ulwe2JZD50LpXyWPEAeP88vLNO97I' To iSuccess
    Get ComAppend Of hoSbRsaJwk "jlA7_GQ5sLKMgvfTeXZx9SE-7YwVol2NXOoAJe46sui395IW_GO-pWJ1O0" To iSuccess
    Get ComAppend Of hoSbRsaJwk "BkTGoVEn2bKVRUCgu-GjBVaYLU6f3l9kJfFNS3E0QbVdxzubSu3Mkqzjkn" To iSuccess
    Get ComAppend Of hoSbRsaJwk "439X0M_V51gfpRLI9JYanrC4D4qAdGcopV_0ZHHzQlBjudU2QvXt4ehNYT" To iSuccess
    Get ComAppend Of hoSbRsaJwk "CBr6XCLQUShb1juUO1ZdiYoFaFQT5Tw8bGUl_x_jTj3ccPDVZFD9pIuhLh" To iSuccess
    Get ComAppend Of hoSbRsaJwk 'BOneufuBiB4cS98l2SR_RQyGWSeWjnczT0QU91p1DhOVRuOopznQ",' To iSuccess
    Get ComAppend Of hoSbRsaJwk '"p":"4BzEEOtIpmVdVEZNCqS7baC4crd0pqnRH_5IB3jw3bcxGn6QLvnEtfdUdi' To iSuccess
    Get ComAppend Of hoSbRsaJwk "YrqBdss1l58BQ3KhooKeQTa9AB0Hw_Py5PJdTJNPY8cQn7ouZ2KKDcmnPG" To iSuccess
    Get ComAppend Of hoSbRsaJwk 'BY5t7yLc1QlQ5xHdwW1VhvKn-nXqhJTBgIPgtldC-KDV5z-y2XDwGUc",' To iSuccess
    Get ComAppend Of hoSbRsaJwk '"q":"uQPEfgmVtjL0Uyyx88GZFF1fOunH3-7cepKmtH4pxhtCoHqpWmT8YAmZxa' To iSuccess
    Get ComAppend Of hoSbRsaJwk "ewHgHAjLYsp1ZSe7zFYHj7C6ul7TjeLQeZD_YwD66t62wDmpe_HlB-TnBA" To iSuccess
    Get ComAppend Of hoSbRsaJwk '-njbglfIsRLtXlnDzQkv5dTltRJ11BKBBypeeF6689rjcJIDEz9RWdc",' To iSuccess
    Get ComAppend Of hoSbRsaJwk '"dp":"BwKfV3Akq5_MFZDFZCnW-wzl-CCo83WoZvnLQwCTeDv8uzluRSnm71I3Q' To iSuccess
    Get ComAppend Of hoSbRsaJwk "CLdhrqE2e9YkxvuxdBfpT_PI7Yz-FOKnu1R6HsJeDCjn12Sk3vmAktV2zb" To iSuccess
    Get ComAppend Of hoSbRsaJwk '34MCdy7cpdTh_YVr7tss2u6vneTwrA86rZtu5Mbr1C1XsmvkxHQAdYo0",' To iSuccess
    Get ComAppend Of hoSbRsaJwk '"dq":"h_96-mK1R_7glhsum81dZxjTnYynPbZpHziZjeeHcXYsXaaMwkOlODsWa' To iSuccess
    Get ComAppend Of hoSbRsaJwk "7I9xXDoRwbKgB719rrmI2oKr6N3Do9U0ajaHF-NKJnwgjMd2w9cjz3_-ky" To iSuccess
    Get ComAppend Of hoSbRsaJwk 'NlxAr2v4IKhGNpmM5iIgOS1VZnOZ68m6_pbLBSp3nssTdlqvd0tIiTHU",' To iSuccess
    Get ComAppend Of hoSbRsaJwk '"qi":"IYd7DHOhrWvxkwPQsRM2tOgrjbcrfvtQJipd-DlcxyVuuM9sQLdgjVk2o' To iSuccess
    Get ComAppend Of hoSbRsaJwk "y26F0EmpScGLq2MowX7fhd_QJQ3ydy5cY7YIBi87w93IKLEdfnbJtoOPLU" To iSuccess
    Get ComAppend Of hoSbRsaJwk 'W0ITrJReOgo1cq9SbsxYawBgfp_gh6A5603k2-ZQwVK0JKSHuLFkuQ3U"' To iSuccess
    Get ComAppend Of hoSbRsaJwk "}" To iSuccess

    Get Create (RefClass(cComChilkatPrivateKey)) To hoRsaKey
    If (Not(IsComObjectCreated(hoRsaKey))) Begin
        Send CreateComObject of hoRsaKey
    End
    // Note: This example loads the RSA key from JWK format.  Any format can be loaded
    // into the private key object. (See the online reference documentation..)
    Get ComGetAsString Of hoSbRsaJwk To sTemp1
    Get ComLoadJwk Of hoRsaKey sTemp1 To iSuccess
    If (iSuccess <> True) Begin
        Get ComLastErrorText Of hoRsaKey To sTemp1
        Showln sTemp1
        Procedure_Return
    End

    // ---------------------------------------------------
    // Use the following ECC key loaded from JWK format.
    Get Create (RefClass(cComChilkatStringBuilder)) To hoSbEccJwk
    If (Not(IsComObjectCreated(hoSbEccJwk))) Begin
        Send CreateComObject of hoSbEccJwk
    End
    Get ComAppend Of hoSbEccJwk '{"kty":"EC",' To iSuccess
    Get ComAppend Of hoSbEccJwk '"crv":"P-256",' To iSuccess
    Get ComAppend Of hoSbEccJwk '"x":"f83OJ3D2xF1Bg8vub9tLe1gHMzV76e8Tus9uPHvRVEU",' To iSuccess
    Get ComAppend Of hoSbEccJwk '"y":"x_FEzRu9m36HLN_tue659LNpXW6pCyStikYjKIWI5a0",' To iSuccess
    Get ComAppend Of hoSbEccJwk '"d":"jpsQnnGQmL-YBIffH1136cspYG6-0iY7X1fCE9-E9LI"' To iSuccess
    Get ComAppend Of hoSbEccJwk "}" To iSuccess

    Get Create (RefClass(cComChilkatPrivateKey)) To hoEccKey
    If (Not(IsComObjectCreated(hoEccKey))) Begin
        Send CreateComObject of hoEccKey
    End
    // Note: This example loads the ECDSA key from JWK format.  Any format can be loaded
    // into the private key object. (See the online reference documentation..)
    Get ComGetAsString Of hoSbEccJwk To sTemp1
    Get ComLoadJwk Of hoEccKey sTemp1 To iSuccess
    If (iSuccess <> True) Begin
        Get ComLastErrorText Of hoEccKey To sTemp1
        Showln sTemp1
        Procedure_Return
    End

    // ---------------------------------------------------
    // The HMAC key (in base64url format)
    Move "AyM1SysPpbyDfgZld3umj1qzKObwVMkoqQ-EstJQLr_T-1qS0gZH75aKtMN3Yj0iPS4hcgUuTwjAzZr1Z9CAow" To sHmacKey

    // ---------------------------------------------------
    // Prepare the headers..
    // RSASSA-PKCS1-v1_5 SHA-256
    Get Create (RefClass(cComChilkatJsonObject)) To hoJwsProtHdr0
    If (Not(IsComObjectCreated(hoJwsProtHdr0))) Begin
        Send CreateComObject of hoJwsProtHdr0
    End
    Get ComAppendString Of hoJwsProtHdr0 "alg" "RS256" To iSuccess
    Get Create (RefClass(cComChilkatJsonObject)) To hoJwsUnprotHdr0
    If (Not(IsComObjectCreated(hoJwsUnprotHdr0))) Begin
        Send CreateComObject of hoJwsUnprotHdr0
    End
    Get ComAppendString Of hoJwsUnprotHdr0 "kid" "myRsaKey" To iSuccess

    // ECDSA using P-256 and SHA-256
    Get Create (RefClass(cComChilkatJsonObject)) To hoJwsProtHdr1
    If (Not(IsComObjectCreated(hoJwsProtHdr1))) Begin
        Send CreateComObject of hoJwsProtHdr1
    End
    Get ComAppendString Of hoJwsProtHdr1 "alg" "ES256" To iSuccess
    Get Create (RefClass(cComChilkatJsonObject)) To hoJwsUnprotHdr1
    If (Not(IsComObjectCreated(hoJwsUnprotHdr1))) Begin
        Send CreateComObject of hoJwsUnprotHdr1
    End
    Get ComAppendString Of hoJwsUnprotHdr1 "kid" "myEcKey" To iSuccess

    // HMAC using SHA-256
    Get Create (RefClass(cComChilkatJsonObject)) To hoJwsProtHdr2
    If (Not(IsComObjectCreated(hoJwsProtHdr2))) Begin
        Send CreateComObject of hoJwsProtHdr2
    End
    Get ComAppendString Of hoJwsProtHdr2 "alg" "HS256" To iSuccess
    Get Create (RefClass(cComChilkatJsonObject)) To hoJwsUnprotHdr2
    If (Not(IsComObjectCreated(hoJwsUnprotHdr2))) Begin
        Send CreateComObject of hoJwsUnprotHdr2
    End
    Get ComAppendString Of hoJwsUnprotHdr2 "kid" "myMacKey" To iSuccess

    // ---------------------------------------------------
    // First set the JWS headers, keys, and payload, then we'll create the JWS...
    Get Create (RefClass(cComChilkatJws)) To hoJws
    If (Not(IsComObjectCreated(hoJws))) Begin
        Send CreateComObject of hoJws
    End

    Get pvComObject of hoJwsProtHdr0 to vJwsProtHdr0
    Get ComSetProtectedHeader Of hoJws 0 vJwsProtHdr0 To iSuccess
    Get pvComObject of hoJwsUnprotHdr0 to vJwsUnprotHdr0
    Get ComSetUnprotectedHeader Of hoJws 0 vJwsUnprotHdr0 To iSuccess
    Get pvComObject of hoJwsProtHdr1 to vJwsProtHdr1
    Get ComSetProtectedHeader Of hoJws 1 vJwsProtHdr1 To iSuccess
    Get pvComObject of hoJwsUnprotHdr1 to vJwsUnprotHdr1
    Get ComSetUnprotectedHeader Of hoJws 1 vJwsUnprotHdr1 To iSuccess
    Get pvComObject of hoJwsProtHdr2 to vJwsProtHdr2
    Get ComSetProtectedHeader Of hoJws 2 vJwsProtHdr2 To iSuccess
    Get pvComObject of hoJwsUnprotHdr2 to vJwsUnprotHdr2
    Get ComSetUnprotectedHeader Of hoJws 2 vJwsUnprotHdr2 To iSuccess

    Get pvComObject of hoRsaKey to vRsaKey
    Get ComSetPrivateKey Of hoJws 0 vRsaKey To iSuccess
    Get pvComObject of hoEccKey to vEccKey
    Get ComSetPrivateKey Of hoJws 1 vEccKey To iSuccess
    Get ComSetMacKey Of hoJws 2 sHmacKey "base64url" To iSuccess

    Move False To iBIncludeBom
    Move "In our village, folks say God crumbles up the old moon into stars." To sPayloadStr
    Get ComSetPayload Of hoJws sPayloadStr "utf-8" iBIncludeBom To iSuccess

    // ---------------------------------------------------
    // Create the JWS.
    // Givent that multiple signatures will exist, only the general JSON serialization 
    // format is possible, and that is what will be produced.
    Get ComCreateJws Of hoJws To sJwsStr
    Get ComLastMethodSuccess Of hoJws To bTemp1
    If (bTemp1 <> True) Begin
        Get ComLastErrorText Of hoJws To sTemp1
        Showln sTemp1
        Procedure_Return
    End

    // The jwsStr is contains JSON in the smallest possible size, which is a single line.
    // To get in human-readable format, load into a Chilkat JSON object and emit..
    Get Create (RefClass(cComChilkatJsonObject)) To hoJson
    If (Not(IsComObjectCreated(hoJson))) Begin
        Send CreateComObject of hoJson
    End
    Get ComLoad Of hoJson sJwsStr To iSuccess
    Set ComEmitCompact Of hoJson To False
    Get ComEmit Of hoJson To sTemp1
    Showln sTemp1

    // Sample output:

    // { 
    //   "payload": "SW4gb3VyIHZpbGxhZ2UsIGZvbGtzIHNheSBHb2QgY3J1bWJsZXMgdXAgdGhlIG9sZCBtb29uIGludG8gc3RhcnMu",
    //   "signatures": [
    //     { 
    //       "protected": "eyJhbGciOiJSUzI1NiJ9",
    //       "header": { 
    //         "kid": "myRsaKey"
    //       },
    //       "signature": "B04c24gSnpVm1Z-_bemfyNMCpZm6Knj1yB-yzaIOvijsWfDgoF_mSJccTIbzapNgwJudnobr5iDOfZWiRR9iqCyDJLe5M1S40vFF7MFEI3JecYRgrRc6n1lTkYLMRyVq48BwbQlmKgPqmK9drun3agklsr0FmgNx65pfmcnlYdXsgwxf8WbgppefrlrMImp-98-dNtBcUL8ce1aOjbcyVFjGMCzpm3JerQqIzWQvEwBstnMEQle73KHcyx_nsTmlzY70CaydbRTsciOATL7WfiMwuX1q9Y2NIpTg3CbOTWKdwjh7iyfiAKQxNBaF2mApnqj9hjpf8GwR-CfxAzJtPg"
    //     },
    //     { 
    //       "protected": "eyJhbGciOiJFUzI1NiJ9",
    //       "header": { 
    //         "kid": "myEcKey"
    //       },
    //       "signature": "2cbugKq0ERaQMh01n2B-86EZFYleeMf8bsccaQMxzOxAg14PxfjR3IImvodTJYqkmfBJYW203etz2-7ZtJUOGw"
    //     },
    //     { 
    //       "protected": "eyJhbGciOiJIUzI1NiJ9",
    //       "header": { 
    //         "kid": "myMacKey"
    //       },
    //       "signature": "e7R9gjx0RsUNa3c7qd8k9mQGEhtcG8vsN1W7jbLb2MA"
    //     }
    //   ]
    // }


End_Procedure