DataFlex
DataFlex
Sign Italian SPID Metadata XML
See more XML Digital Signatures Examples
Demonstrates how to create an XML digital signature for Italian SPID Metadata.Chilkat DataFlex Downloads
Use ChilkatAx-win32.pkg
Procedure Test
Boolean iSuccess
Variant vSbXml
Handle hoSbXml
Handle hoGen
Variant vCert
Handle hoCert
Handle hoVerifier
Integer iNumSigs
Integer iVerifyIdx
Boolean iVerified
String sTemp1
Move False To iSuccess
// This example assumes the Chilkat API to have been previously unlocked.
// See Global Unlock Sample for sample code.
Move True To iSuccess
// Load the XML to be signed.
Get Create (RefClass(cComChilkatStringBuilder)) To hoSbXml
If (Not(IsComObjectCreated(hoSbXml))) Begin
Send CreateComObject of hoSbXml
End
Get ComLoadFile Of hoSbXml "qa_data/xml_dsig/spid_metadata.xml" "utf-8" To iSuccess
If (iSuccess = False) Begin
Showln "Failed to load the input file."
Procedure_Return
End
// The XML to sign contains XML such as this:
// <?xml version="1.0" encoding="utf-8"?>
// <md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" entityID="https://***.it" ID="_AE17AFFF-A600-49D5-B81D-76EEA55B50FF">
// <md:SPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol" AuthnRequestsSigned="true" WantAssertionsSigned="true">
// <md:KeyDescriptor use="signing">
// <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
// <ds:X509Data>
// <ds:X509Certificate>MIIF5...</ds:X509Certificate>
// </ds:X509Data>
// </ds:KeyInfo>
// </md:KeyDescriptor>
// <md:KeyDescriptor use="encryption">
// <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
// <ds:X509Data>
// <ds:X509Certificate>MIIF5...</ds:X509Certificate>
// </ds:X509Data>
// </ds:KeyInfo>
// </md:KeyDescriptor>
// <md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://***.it/it-it/spid/logout"/>
// <md:NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:transient</md:NameIDFormat>
// <md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://***.it/it-it/spid/loginresp" index="0" isDefault="true"/>
// <md:AttributeConsumingService index="1">
// <md:ServiceName xml:lang="it">Servizi Online</md:ServiceName>
// <md:ServiceDescription xml:lang="it">Accesso ai Servizi Online</md:ServiceDescription>
// <md:RequestedAttribute Name="spidCode" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic"/>
// <md:RequestedAttribute Name="name" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic"/>
// <md:RequestedAttribute Name="familyName" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic"/>
// <md:RequestedAttribute Name="fiscalNumber" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic"/>
// </md:AttributeConsumingService>
// </md:SPSSODescriptor>
// <md:Organization>
// <md:OrganizationName xml:lang="it">SomeCompany s.r.l.</md:OrganizationName>
// <md:OrganizationDisplayName xml:lang="it">SomeCompany s.r.l.</md:OrganizationDisplayName>
// <md:OrganizationURL xml:lang="it">https://***.it</md:OrganizationURL>
// </md:Organization>
// </md:EntityDescriptor>
Get Create (RefClass(cComChilkatXmlDSigGen)) To hoGen
If (Not(IsComObjectCreated(hoGen))) Begin
Send CreateComObject of hoGen
End
Set ComSigLocation Of hoGen To "md:EntityDescriptor|md:SPSSODescriptor"
Set ComSigLocationMod Of hoGen To 2
Set ComSignedInfoCanonAlg Of hoGen To "EXCL_C14N"
Set ComSignedInfoDigestMethod Of hoGen To "sha256"
// -------- Reference 1 --------
Get ComAddSameDocRef Of hoGen "_AE17AFFF-A600-49D5-B81D-76EEA55B50FF" "sha256" "EXCL_C14N" "" "" To iSuccess
// Provide a certificate + private key. (PFX password is test123)
Get Create (RefClass(cComChilkatCert)) To hoCert
If (Not(IsComObjectCreated(hoCert))) Begin
Send CreateComObject of hoCert
End
Get ComLoadPfxFile Of hoCert "qa_data/pfx/cert_test123.pfx" "test123" To iSuccess
If (iSuccess <> True) Begin
Get ComLastErrorText Of hoCert To sTemp1
Showln sTemp1
Procedure_Return
End
Get pvComObject of hoCert to vCert
Get ComSetX509Cert Of hoGen vCert True To iSuccess
Set ComKeyInfoType Of hoGen To "X509Data+KeyValue"
Set ComX509Type Of hoGen To "Certificate"
Set ComBehaviors Of hoGen To "IndentedSignature,ForceAddEnvelopedSignatureTransform,OmitAlreadyDefinedSigNamespace"
// Sign the XML...
Get pvComObject of hoSbXml to vSbXml
Get ComCreateXmlDSigSb Of hoGen vSbXml To iSuccess
If (iSuccess <> True) Begin
Get ComLastErrorText Of hoGen To sTemp1
Showln sTemp1
Procedure_Return
End
// -----------------------------------------------
// Save the signed XML to a file.
Get ComWriteFile Of hoSbXml "qa_output/signedXml.xml" "utf-8" False To iSuccess
Get ComGetAsString Of hoSbXml To sTemp1
Showln sTemp1
// ----------------------------------------
// Verify the signatures we just produced...
Get Create (RefClass(cComChilkatXmlDSig)) To hoVerifier
If (Not(IsComObjectCreated(hoVerifier))) Begin
Send CreateComObject of hoVerifier
End
Get pvComObject of hoSbXml to vSbXml
Get ComLoadSignatureSb Of hoVerifier vSbXml To iSuccess
If (iSuccess <> True) Begin
Get ComLastErrorText Of hoVerifier To sTemp1
Showln sTemp1
Procedure_Return
End
Get ComNumSignatures Of hoVerifier To iNumSigs
Move 0 To iVerifyIdx
While (iVerifyIdx < iNumSigs)
Set ComSelector Of hoVerifier To iVerifyIdx
Get ComVerifySignature Of hoVerifier True To iVerified
If (iVerified <> True) Begin
Get ComLastErrorText Of hoVerifier To sTemp1
Showln sTemp1
Procedure_Return
End
Move (iVerifyIdx + 1) To iVerifyIdx
Loop
Showln "All signatures were successfully verified."
End_Procedure