Sample code for 30+ languages & platforms
DataFlex

Signing HTTP Messages

See more RSA Examples

Demonstrates how to sign HTTP messages per draft-cavage-http-signatures-10

Chilkat DataFlex Downloads

DataFlex
Use ChilkatAx-win32.pkg

Procedure Test
    Boolean iSuccess
    Boolean iBCrlf
    Handle hoSbPublicKeyPem
    Handle hoPubKey
    Handle hoSbPrivateKeyPem
    Variant vPrivKey
    Handle hoPrivKey
    Handle hoDtNow
    String sDateStr
    Handle hoRsa
    Handle hoSbStringToSign
    String sB64Signature
    String sTemp1

    Move False To iSuccess

    // This example requires the Chilkat API to have been previously unlocked.
    // See Global Unlock Sample for sample code.

    Move True To iBCrlf
    Get Create (RefClass(cComChilkatStringBuilder)) To hoSbPublicKeyPem
    If (Not(IsComObjectCreated(hoSbPublicKeyPem))) Begin
        Send CreateComObject of hoSbPublicKeyPem
    End
    Get ComAppendLine Of hoSbPublicKeyPem "-----BEGIN PUBLIC KEY-----" iBCrlf To iSuccess
    Get ComAppendLine Of hoSbPublicKeyPem "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDCFENGw33yGihy92pDjZQhl0C3" iBCrlf To iSuccess
    Get ComAppendLine Of hoSbPublicKeyPem "6rPJj+CvfSC8+q28hxA161QFNUd13wuCTUcq0Qd2qsBe/2hFyc2DCJJg0h1L78+6" iBCrlf To iSuccess
    Get ComAppendLine Of hoSbPublicKeyPem "Z4UMR7EOcpfdUE9Hf3m/hs+FUR45uBJeDK1HSFHD8bHKD6kv8FPGfJTotc+2xjJw" iBCrlf To iSuccess
    Get ComAppendLine Of hoSbPublicKeyPem "oYi+1hqp1fIekaxsyQIDAQAB" iBCrlf To iSuccess
    Get ComAppendLine Of hoSbPublicKeyPem "-----END PUBLIC KEY-----" iBCrlf To iSuccess

    Get Create (RefClass(cComChilkatPublicKey)) To hoPubKey
    If (Not(IsComObjectCreated(hoPubKey))) Begin
        Send CreateComObject of hoPubKey
    End
    Get ComGetAsString Of hoSbPublicKeyPem To sTemp1
    Get ComLoadFromString Of hoPubKey sTemp1 To iSuccess

    Get Create (RefClass(cComChilkatStringBuilder)) To hoSbPrivateKeyPem
    If (Not(IsComObjectCreated(hoSbPrivateKeyPem))) Begin
        Send CreateComObject of hoSbPrivateKeyPem
    End
    Get ComAppendLine Of hoSbPrivateKeyPem "-----BEGIN RSA PRIVATE KEY-----" iBCrlf To iSuccess
    Get ComAppendLine Of hoSbPrivateKeyPem "MIICXgIBAAKBgQDCFENGw33yGihy92pDjZQhl0C36rPJj+CvfSC8+q28hxA161QF" iBCrlf To iSuccess
    Get ComAppendLine Of hoSbPrivateKeyPem "NUd13wuCTUcq0Qd2qsBe/2hFyc2DCJJg0h1L78+6Z4UMR7EOcpfdUE9Hf3m/hs+F" iBCrlf To iSuccess
    Get ComAppendLine Of hoSbPrivateKeyPem "UR45uBJeDK1HSFHD8bHKD6kv8FPGfJTotc+2xjJwoYi+1hqp1fIekaxsyQIDAQAB" iBCrlf To iSuccess
    Get ComAppendLine Of hoSbPrivateKeyPem "AoGBAJR8ZkCUvx5kzv+utdl7T5MnordT1TvoXXJGXK7ZZ+UuvMNUCdN2QPc4sBiA" iBCrlf To iSuccess
    Get ComAppendLine Of hoSbPrivateKeyPem "QWvLw1cSKt5DsKZ8UETpYPy8pPYnnDEz2dDYiaew9+xEpubyeW2oH4Zx71wqBtOK" iBCrlf To iSuccess
    Get ComAppendLine Of hoSbPrivateKeyPem "kqwrXa/pzdpiucRRjk6vE6YY7EBBs/g7uanVpGibOVAEsqH1AkEA7DkjVH28WDUg" iBCrlf To iSuccess
    Get ComAppendLine Of hoSbPrivateKeyPem "f1nqvfn2Kj6CT7nIcE3jGJsZZ7zlZmBmHFDONMLUrXR/Zm3pR5m0tCmBqa5RK95u" iBCrlf To iSuccess
    Get ComAppendLine Of hoSbPrivateKeyPem "412jt1dPIwJBANJT3v8pnkth48bQo/fKel6uEYyboRtA5/uHuHkZ6FQF7OUkGogc" iBCrlf To iSuccess
    Get ComAppendLine Of hoSbPrivateKeyPem "mSJluOdc5t6hI1VsLn0QZEjQZMEOWr+wKSMCQQCC4kXJEsHAve77oP6HtG/IiEn7" iBCrlf To iSuccess
    Get ComAppendLine Of hoSbPrivateKeyPem "kpyUXRNvFsDE0czpJJBvL/aRFUJxuRK91jhjC68sA7NsKMGg5OXb5I5Jj36xAkEA" iBCrlf To iSuccess
    Get ComAppendLine Of hoSbPrivateKeyPem "gIT7aFOYBFwGgQAQkWNKLvySgKbAZRTeLBacpHMuQdl1DfdntvAyqpAZ0lY0RKmW" iBCrlf To iSuccess
    Get ComAppendLine Of hoSbPrivateKeyPem "G6aFKaqQfOXKCyWoUiVknQJAXrlgySFci/2ueKlIE1QqIiLSZ8V8OlpFLRnb1pzI" iBCrlf To iSuccess
    Get ComAppendLine Of hoSbPrivateKeyPem "7U1yQXnTAEFYM560yJlzUpOb1V4cScGd365tiSMvxLOvTA==" iBCrlf To iSuccess
    Get ComAppendLine Of hoSbPrivateKeyPem "-----END RSA PRIVATE KEY-----" iBCrlf To iSuccess

    Get Create (RefClass(cComChilkatPrivateKey)) To hoPrivKey
    If (Not(IsComObjectCreated(hoPrivKey))) Begin
        Send CreateComObject of hoPrivKey
    End
    Get ComGetAsString Of hoSbPrivateKeyPem To sTemp1
    Get ComLoadPem Of hoPrivKey sTemp1 To iSuccess

    //    All examples use this request:
    // 
    //    POST /foo?param=value&pet=dog HTTP/1.1
    //    Host: example.com
    //    Date: Sun, 05 Jan 2014 21:31:40 GMT
    //    Content-Type: application/json
    //    Digest: SHA-256=X48E9qOokqqrvdts8nOJRJN3OWDUoyWxBf7kbu9DBPE=
    //    Content-Length: 18
    // 
    //    {"hello": "world"}

    // C.1.  Default Test
    // 
    //    If a list of headers is not included, the date is the only header
    //    that is signed by default.  The string to sign would be:
    // 
    //    date: Sun, 05 Jan 2014 21:31:40 GMT
    // 
    //    The Authorization header would be:
    // 
    //    Authorization: Signature keyId="Test",algorithm="rsa-sha256",
    //    signature="SjWJWbWN7i0wzBvtPl8rbASWz5xQW6mcJmn+ibttBqtifLN7Sazz
    //    6m79cNfwwb8DMJ5cou1s7uEGKKCs+FLEEaDV5lp7q25WqS+lavg7T8hc0GppauB
    //    6hbgEKTwblDHYGEtbGmtdHgVCk9SuS13F0hZ8FD0k/5OxEPXe5WozsbM="
    // 
    //    The Signature header would be:
    // 
    //    Signature: keyId="Test",algorithm="rsa-sha256",
    //    signature="SjWJWbWN7i0wzBvtPl8rbASWz5xQW6mcJmn+ibttBqtifLN7Sazz
    //    6m79cNfwwb8DMJ5cou1s7uEGKKCs+FLEEaDV5lp7q25WqS+lavg7T8hc0GppauB
    //    6hbgEKTwblDHYGEtbGmtdHgVCk9SuS13F0hZ8FD0k/5OxEPXe5WozsbM="
    // 

    Get Create (RefClass(cComCkDateTime)) To hoDtNow
    If (Not(IsComObjectCreated(hoDtNow))) Begin
        Send CreateComObject of hoDtNow
    End
    Get ComSetFromCurrentSystemTime Of hoDtNow To iSuccess
    Get ComGetAsRfc822 Of hoDtNow False To sDateStr

    // To duplicate the above result, we'll hard-code the date string.
    Move "Sun, 05 Jan 2014 21:31:40 GMT" To sDateStr

    Get Create (RefClass(cComChilkatRsa)) To hoRsa
    If (Not(IsComObjectCreated(hoRsa))) Begin
        Send CreateComObject of hoRsa
    End
    Get pvComObject of hoPrivKey to vPrivKey
    Get ComUsePrivateKey Of hoRsa vPrivKey To iSuccess
    If (iSuccess = False) Begin
        Get ComLastErrorText Of hoRsa To sTemp1
        Showln sTemp1
        Procedure_Return
    End

    Get Create (RefClass(cComChilkatStringBuilder)) To hoSbStringToSign
    If (Not(IsComObjectCreated(hoSbStringToSign))) Begin
        Send CreateComObject of hoSbStringToSign
    End
    Get ComAppend Of hoSbStringToSign "date: " To iSuccess
    Get ComAppend Of hoSbStringToSign sDateStr To iSuccess

    Set ComEncodingMode Of hoRsa To "base64"
    Get ComGetAsString Of hoSbStringToSign To sTemp1
    Get ComSignStringENC Of hoRsa sTemp1 "SHA256" To sB64Signature
    Showln sB64Signature
    Showln "---------------------------"

    // The result should be:
    // SjWJWbWN7i0wzBvtPl8rbASW ... FD0k/5OxEPXe5WozsbM=

    // ----------------------------------------------------------------------------------------------------

    // C.2.  Basic Test
    // 
    //    The minimum recommended data to sign is the (request-target), host,
    //    and date.  In this case, the string to sign would be:
    // 
    //    (request-target): post /foo?param=value&pet=dog
    //    host: example.com
    //    date: Sun, 05 Jan 2014 21:31:40 GMT
    // 
    //    The Authorization header would be:
    // 
    //    Authorization: Signature keyId="Test",algorithm="rsa-sha256",
    //    headers="(request-target) host date", signature="qdx+H7PHHDZgy4
    //    y/Ahn9Tny9V3GP6YgBPyUXMmoxWtLbHpUnXS2mg2+SbrQDMCJypxBLSPQR2aAjn
    //    7ndmw2iicw3HMbe8VfEdKFYRqzic+efkb3nndiv/x1xSHDJWeSWkx3ButlYSuBs
    //    kLu6kd9Fswtemr3lgdDEmn04swr2Os0="

    Send ComClear To hoSbStringToSign
    Get ComAppend Of hoSbStringToSign "(request-target): " To iSuccess
    Get ComAppendLine Of hoSbStringToSign "post /foo?param=value&pet=dog" False To iSuccess
    Get ComAppend Of hoSbStringToSign "host: " To iSuccess
    Get ComAppendLine Of hoSbStringToSign "example.com" False To iSuccess
    Get ComAppend Of hoSbStringToSign "date: " To iSuccess
    Get ComAppend Of hoSbStringToSign sDateStr To iSuccess

    Showln "StringToSign:"
    Get ComGetAsString Of hoSbStringToSign To sTemp1
    Showln sTemp1
    Get ComGetAsString Of hoSbStringToSign To sTemp1
    Get ComSignStringENC Of hoRsa sTemp1 "SHA256" To sB64Signature
    Showln sB64Signature
    Showln "---------------------------"

    // The result should be:
    // qdx+H7PHHDZgy4y/Ahn ... mn04swr2Os0=


End_Procedure