DataFlex
DataFlex
Sign with BinarySecurityToken
See more XML Digital Signatures Examples
Demonstrates creating an XML signature using a BinarySecurityToken.Chilkat DataFlex Downloads
Use ChilkatAx-win32.pkg
Procedure Test
Boolean iSuccess
Variant vCert
Handle hoCert
Handle hoXml
Handle hoDt
Variant vBdCert
Handle hoBdCert
Handle hoKeyInfoXml
Handle hoGen
Variant vSbXml
Handle hoSbXml
String sTemp1
Move False To iSuccess
// This example requires the Chilkat API to have been previously unlocked.
// See Global Unlock Sample for sample code.
// -------------------------------------------------------------------------
// Load a cert + private key from a PFX.
Get Create (RefClass(cComChilkatCert)) To hoCert
If (Not(IsComObjectCreated(hoCert))) Begin
Send CreateComObject of hoCert
End
Get ComLoadPfxFile Of hoCert "qa_data/pfx/cert_test123.pfx" "test123" To iSuccess
If (iSuccess <> True) Begin
Get ComLastErrorText Of hoCert To sTemp1
Showln sTemp1
Procedure_Return
End
// -------------------------------------------------------------------------
// Create the XML that is to be signed.
//
// The XML we're creating can be found at Sample Pre-Signed XML with BinarySecurityToken
// The online tool at http://tools.chilkat.io/xmlCreate.cshtml can be used to generate the following XML creation code.
//
Get Create (RefClass(cComChilkatXml)) To hoXml
If (Not(IsComObjectCreated(hoXml))) Begin
Send CreateComObject of hoXml
End
Set ComTag Of hoXml To "S:Envelope"
Get ComAddAttribute Of hoXml "xmlns:S" "http://www.w3.org/2003/05/soap-envelope" To iSuccess
Get ComAddAttribute Of hoXml "xmlns:wsse11" "http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd" To iSuccess
Get ComAddAttribute Of hoXml "xmlns:wsse" "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" To iSuccess
Get ComAddAttribute Of hoXml "xmlns:wsu" "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" To iSuccess
Get ComAddAttribute Of hoXml "xmlns:xs" "http://www.w3.org/2001/XMLSchema" To iSuccess
Get ComAddAttribute Of hoXml "xmlns:ds" "http://www.w3.org/2000/09/xmldsig#" To iSuccess
Get ComAddAttribute Of hoXml "xmlns:exc14n" "http://www.w3.org/2001/10/xml-exc-c14n#" To iSuccess
Get ComUpdateAttrAt Of hoXml "S:Header|To" True "xmlns" "http://www.w3.org/2005/08/addressing" To iSuccess
Get ComUpdateAttrAt Of hoXml "S:Header|To" True "wsu:Id" "_5002" To iSuccess
Send ComUpdateChildContent To hoXml "S:Header|To" "https://XXXXXXXXX"
Get ComUpdateAttrAt Of hoXml "S:Header|Action" True "xmlns" "http://www.w3.org/2005/08/addressing" To iSuccess
Get ComUpdateAttrAt Of hoXml "S:Header|Action" True "xmlns:S" "http://www.w3.org/2003/05/soap-envelope" To iSuccess
Get ComUpdateAttrAt Of hoXml "S:Header|Action" True "S:mustUnderstand" "true" To iSuccess
Send ComUpdateChildContent To hoXml "S:Header|Action" "http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Issue"
Get ComUpdateAttrAt Of hoXml "S:Header|ReplyTo" True "xmlns" "http://www.w3.org/2005/08/addressing" To iSuccess
Send ComUpdateChildContent To hoXml "S:Header|ReplyTo|Address" "http://www.w3.org/2005/08/addressing/anonymous"
Get ComUpdateAttrAt Of hoXml "S:Header|FaultTo" True "xmlns" "http://www.w3.org/2005/08/addressing" To iSuccess
Send ComUpdateChildContent To hoXml "S:Header|FaultTo|Address" "http://www.w3.org/2005/08/addressing/anonymous"
Get ComUpdateAttrAt Of hoXml "S:Header|MessageID" True "xmlns" "http://www.w3.org/2005/08/addressing" To iSuccess
Send ComUpdateChildContent To hoXml "S:Header|MessageID" "uuid:e9033251-4ff0-4618-8baf-4952ab5fd207"
Get ComUpdateAttrAt Of hoXml "S:Header|wsse:Security" True "S:mustUnderstand" "true" To iSuccess
Get ComUpdateAttrAt Of hoXml "S:Header|wsse:Security|wsu:Timestamp" True "xmlns:ns17" "http://docs.oasis-open.org/ws-sx/ws-secureconversation/200512" To iSuccess
Get ComUpdateAttrAt Of hoXml "S:Header|wsse:Security|wsu:Timestamp" True "xmlns:ns16" "http://schemas.xmlsoap.org/soap/envelope/" To iSuccess
Get ComUpdateAttrAt Of hoXml "S:Header|wsse:Security|wsu:Timestamp" True "wsu:Id" "_1" To iSuccess
// Get the current date/time in timestamp format, such as "2018-05-23T02:38:27Z"
Get Create (RefClass(cComCkDateTime)) To hoDt
If (Not(IsComObjectCreated(hoDt))) Begin
Send CreateComObject of hoDt
End
Get ComSetFromCurrentSystemTime Of hoDt To iSuccess
Get ComGetAsTimestamp Of hoDt False To sTemp1
Send ComUpdateChildContent To hoXml "S:Header|wsse:Security|wsu:Timestamp|wsu:Created" sTemp1
// Add 5 minutes.
Get ComAddSeconds Of hoDt 300 To iSuccess
Get ComGetAsTimestamp Of hoDt False To sTemp1
Send ComUpdateChildContent To hoXml "S:Header|wsse:Security|wsu:Timestamp|wsu:Expires" sTemp1
Get ComUpdateAttrAt Of hoXml "S:Header|wsse:Security|wsse:BinarySecurityToken" True "xmlns:ns17" "http://docs.oasis-open.org/ws-sx/ws-secureconversation/200512" To iSuccess
Get ComUpdateAttrAt Of hoXml "S:Header|wsse:Security|wsse:BinarySecurityToken" True "xmlns:ns16" "http://schemas.xmlsoap.org/soap/envelope/" To iSuccess
Get ComUpdateAttrAt Of hoXml "S:Header|wsse:Security|wsse:BinarySecurityToken" True "ValueType" "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" To iSuccess
Get ComUpdateAttrAt Of hoXml "S:Header|wsse:Security|wsse:BinarySecurityToken" True "EncodingType" "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" To iSuccess
Get ComUpdateAttrAt Of hoXml "S:Header|wsse:Security|wsse:BinarySecurityToken" True "wsu:Id" "uuid_43470044-78b4-4b23-926a-b7f590d24cb8" To iSuccess
Get Create (RefClass(cComChilkatBinData)) To hoBdCert
If (Not(IsComObjectCreated(hoBdCert))) Begin
Send CreateComObject of hoBdCert
End
Get pvComObject of hoBdCert to vBdCert
Get ComExportCertDerBd Of hoCert vBdCert To iSuccess
// Get the cert as base64 on one line.
Get ComGetEncoded Of hoBdCert "base64" To sTemp1
Send ComUpdateChildContent To hoXml "S:Header|wsse:Security|wsse:BinarySecurityToken" sTemp1
Get ComUpdateAttrAt Of hoXml "S:Body|RequestSecurityToken" True "xmlns" "http://docs.oasis-open.org/ws-sx/ws-trust/200512" To iSuccess
Send ComUpdateChildContent To hoXml "S:Body|RequestSecurityToken|RequestType" "http://docs.oasis-open.org/ws-sx/ws-trust/200512/Issue"
Get ComUpdateAttrAt Of hoXml "S:Body|RequestSecurityToken|wsp:AppliesTo" True "xmlns:wsp" "http://schemas.xmlsoap.org/ws/2004/09/policy" To iSuccess
Get ComUpdateAttrAt Of hoXml "S:Body|RequestSecurityToken|wsp:AppliesTo|EndpointReference:EndpointReference" True "xmlns:EndpointReference" "http://www.w3.org/2005/08/addressing" To iSuccess
Get ComUpdateAttrAt Of hoXml "S:Body|RequestSecurityToken|wsp:AppliesTo|EndpointReference:EndpointReference" True "xmlns" "http://www.w3.org/2005/08/addressing" To iSuccess
Send ComUpdateChildContent To hoXml "S:Body|RequestSecurityToken|wsp:AppliesTo|EndpointReference:EndpointReference|Address" "https://XXXXXXXXX/services"
Send ComUpdateChildContent To hoXml "S:Body|RequestSecurityToken|TokenType" "http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0"
Get ComUpdateAttrAt Of hoXml "S:Body|RequestSecurityToken|Claims" True "xmlns:i" "http://schemas.xmlsoap.org/ws/2005/05/identity" To iSuccess
Get ComUpdateAttrAt Of hoXml "S:Body|RequestSecurityToken|Claims" True "Dialect" "http://schemas.xmlsoap.org/ws/2005/05/identity" To iSuccess
Get ComUpdateAttrAt Of hoXml "S:Body|RequestSecurityToken|Claims|i:ClaimType" True "Optional" "false" To iSuccess
Get ComUpdateAttrAt Of hoXml "S:Body|RequestSecurityToken|Claims|i:ClaimType" True "Uri" "http://XXXXXXXXX/2008/06/identity/claims/abn" To iSuccess
Get ComUpdateAttrAt Of hoXml "S:Body|RequestSecurityToken|Claims|i:ClaimType[1]" True "Optional" "false" To iSuccess
Get ComUpdateAttrAt Of hoXml "S:Body|RequestSecurityToken|Claims|i:ClaimType[1]" True "Uri" "http://XXXXXXXXX/2008/06/identity/claims/commonname" To iSuccess
Get ComUpdateAttrAt Of hoXml "S:Body|RequestSecurityToken|Claims|i:ClaimType[2]" True "Optional" "false" To iSuccess
Get ComUpdateAttrAt Of hoXml "S:Body|RequestSecurityToken|Claims|i:ClaimType[2]" True "Uri" "http://XXXXXXXXX/2008/06/identity/claims/credentialtype" To iSuccess
Get ComUpdateAttrAt Of hoXml "S:Body|RequestSecurityToken|Claims|i:ClaimType[3]" True "Optional" "false" To iSuccess
Get ComUpdateAttrAt Of hoXml "S:Body|RequestSecurityToken|Claims|i:ClaimType[3]" True "Uri" "http://XXXXXXXXX/2008/06/identity/claims/samlsubjectid" To iSuccess
Get ComUpdateAttrAt Of hoXml "S:Body|RequestSecurityToken|Claims|i:ClaimType[4]" True "Optional" "false" To iSuccess
Get ComUpdateAttrAt Of hoXml "S:Body|RequestSecurityToken|Claims|i:ClaimType[4]" True "Uri" "http://XXXXXXXXX/2008/06/identity/claims/fingerprint" To iSuccess
Get ComUpdateAttrAt Of hoXml "S:Body|RequestSecurityToken|Claims|i:ClaimType[5]" True "Optional" "true" To iSuccess
Get ComUpdateAttrAt Of hoXml "S:Body|RequestSecurityToken|Claims|i:ClaimType[5]" True "Uri" "http://XXXXXXXXX/2008/06/identity/claims/sbr_personid" To iSuccess
Get ComUpdateAttrAt Of hoXml "S:Body|RequestSecurityToken|Claims|i:ClaimType[6]" True "Optional" "true" To iSuccess
Get ComUpdateAttrAt Of hoXml "S:Body|RequestSecurityToken|Claims|i:ClaimType[6]" True "Uri" "http://XXXXXXXXX/2008/06/identity/claims/givennames" To iSuccess
Get ComUpdateAttrAt Of hoXml "S:Body|RequestSecurityToken|Claims|i:ClaimType[7]" True "Optional" "true" To iSuccess
Get ComUpdateAttrAt Of hoXml "S:Body|RequestSecurityToken|Claims|i:ClaimType[7]" True "Uri" "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname" To iSuccess
Get ComUpdateAttrAt Of hoXml "S:Body|RequestSecurityToken|Claims|i:ClaimType[8]" True "Optional" "true" To iSuccess
Get ComUpdateAttrAt Of hoXml "S:Body|RequestSecurityToken|Claims|i:ClaimType[8]" True "Uri" "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress" To iSuccess
Get ComUpdateAttrAt Of hoXml "S:Body|RequestSecurityToken|Claims|i:ClaimType[9]" True "Optional" "true" To iSuccess
Get ComUpdateAttrAt Of hoXml "S:Body|RequestSecurityToken|Claims|i:ClaimType[9]" True "Uri" "http://XXXXXXXXX/2008/06/identity/claims/credentialadministrator" To iSuccess
Get ComUpdateAttrAt Of hoXml "S:Body|RequestSecurityToken|Claims|i:ClaimType[10]" True "Optional" "true" To iSuccess
Get ComUpdateAttrAt Of hoXml "S:Body|RequestSecurityToken|Claims|i:ClaimType[10]" True "Uri" "http://XXXXXXXXX/2008/06/identity/claims/stalecrlminutes" To iSuccess
Get ComUpdateAttrAt Of hoXml "S:Body|RequestSecurityToken|Claims|i:ClaimType[11]" True "Optional" "true" To iSuccess
Get ComUpdateAttrAt Of hoXml "S:Body|RequestSecurityToken|Claims|i:ClaimType[11]" True "Uri" "http://XXXXXXXXX/2008/06/identity/claims/subjectdn" To iSuccess
Get ComUpdateAttrAt Of hoXml "S:Body|RequestSecurityToken|Claims|i:ClaimType[12]" True "Optional" "true" To iSuccess
Get ComUpdateAttrAt Of hoXml "S:Body|RequestSecurityToken|Claims|i:ClaimType[12]" True "Uri" "http://XXXXXXXXX/2008/06/identity/claims/issuerdn" To iSuccess
Get ComUpdateAttrAt Of hoXml "S:Body|RequestSecurityToken|Claims|i:ClaimType[13]" True "Optional" "true" To iSuccess
Get ComUpdateAttrAt Of hoXml "S:Body|RequestSecurityToken|Claims|i:ClaimType[13]" True "Uri" "http://XXXXXXXXX/2008/06/identity/claims/notafterdate" To iSuccess
Get ComUpdateAttrAt Of hoXml "S:Body|RequestSecurityToken|Claims|i:ClaimType[14]" True "Optional" "true" To iSuccess
Get ComUpdateAttrAt Of hoXml "S:Body|RequestSecurityToken|Claims|i:ClaimType[14]" True "Uri" "http://XXXXXXXXX/2008/06/identity/claims/certificateserialnumber" To iSuccess
Get ComUpdateAttrAt Of hoXml "S:Body|RequestSecurityToken|Claims|i:ClaimType[15]" True "Optional" "true" To iSuccess
Get ComUpdateAttrAt Of hoXml "S:Body|RequestSecurityToken|Claims|i:ClaimType[15]" True "Uri" "http://XXXXXXXXX/2008/06/identity/claims/previoussubject" To iSuccess
Get ComSetFromCurrentSystemTime Of hoDt To iSuccess
Get ComUpdateAttrAt Of hoXml "S:Body|RequestSecurityToken|Lifetime|wsu:Created" True "xmlns:wsu" "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" To iSuccess
Get ComGetAsTimestamp Of hoDt False To sTemp1
Send ComUpdateChildContent To hoXml "S:Body|RequestSecurityToken|Lifetime|wsu:Created" sTemp1
// Add 40 minutes.
Get ComAddSeconds Of hoDt 2400 To iSuccess
Get ComUpdateAttrAt Of hoXml "S:Body|RequestSecurityToken|Lifetime|wsu:Expires" True "xmlns:wsu" "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" To iSuccess
Get ComGetAsTimestamp Of hoDt False To sTemp1
Send ComUpdateChildContent To hoXml "S:Body|RequestSecurityToken|Lifetime|wsu:Expires" sTemp1
Send ComUpdateChildContent To hoXml "S:Body|RequestSecurityToken|KeyType" "http://docs.oasis-open.org/ws-sx/ws-trust/200512/SymmetricKey"
Send ComUpdateChildContent To hoXml "S:Body|RequestSecurityToken|KeySize" "512"
// Examine the pre-signed XML
// println xml.GetXml();
// Build the custom KeyInfo XML we'll use:
//
// <wsse:SecurityTokenReference>
// <wsse:Reference URI="#uuid_43470044-78b4-4b23-926a-b7f590d24cb8" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" /></wsse:SecurityTokenReference>
Get Create (RefClass(cComChilkatXml)) To hoKeyInfoXml
If (Not(IsComObjectCreated(hoKeyInfoXml))) Begin
Send CreateComObject of hoKeyInfoXml
End
Set ComTag Of hoKeyInfoXml To "wsse:SecurityTokenReference"
Get ComUpdateAttrAt Of hoKeyInfoXml "wsse:Reference" True "URI" "#uuid_43470044-78b4-4b23-926a-b7f590d24cb8" To iSuccess
Get ComUpdateAttrAt Of hoKeyInfoXml "wsse:Reference" True "ValueType" "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" To iSuccess
// -------------------------------------------------------------------------
// Setup the XML Digital Signature Generator and add the XML Signature.
//
Get Create (RefClass(cComChilkatXmlDSigGen)) To hoGen
If (Not(IsComObjectCreated(hoGen))) Begin
Send CreateComObject of hoGen
End
Set ComSigLocation Of hoGen To "S:Envelope|S:Header|wsse:Security"
Set ComSignedInfoPrefixList Of hoGen To "wsse S"
Get ComAddSameDocRef Of hoGen "_1" "sha1" "EXCL_C14N" "wsu wsse S" "" To iSuccess
Get ComAddSameDocRef Of hoGen "_5002" "sha1" "EXCL_C14N" "S" "" To iSuccess
Set ComKeyInfoType Of hoGen To "Custom"
Set ComEmitXmlDecl Of hoKeyInfoXml To False
Get ComGetXml Of hoKeyInfoXml To sTemp1
Set ComCustomKeyInfoXml Of hoGen To sTemp1
// Specify the cert for signing (which has a private key because it was loaded from a PFX)
Get pvComObject of hoCert to vCert
Get ComSetX509Cert Of hoGen vCert True To iSuccess
// Indicated we want an indented signature for easier human reading.
Set ComBehaviors Of hoGen To "IndentedSignature"
// Sign the XML..
Get Create (RefClass(cComChilkatStringBuilder)) To hoSbXml
If (Not(IsComObjectCreated(hoSbXml))) Begin
Send CreateComObject of hoSbXml
End
Get pvComObject of hoSbXml to vSbXml
Get ComGetXmlSb Of hoXml vSbXml To iSuccess
Get pvComObject of hoSbXml to vSbXml
Get ComCreateXmlDSigSb Of hoGen vSbXml To iSuccess
If (iSuccess <> True) Begin
Get ComLastErrorText Of hoGen To sTemp1
Showln sTemp1
Procedure_Return
End
// Examine the signed XML
Get ComGetAsString Of hoSbXml To sTemp1
Showln sTemp1
// The resulting signature (extracted from the surrounding XML) looks something like this:
// <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
// <ds:SignedInfo>
// <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
// <ec:InclusiveNamespaces xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#" PrefixList="wsse S" />
// </ds:CanonicalizationMethod>
// <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256" />
// <ds:Reference URI="#_1">
// <ds:Transforms>
// <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
// <ec:InclusiveNamespaces xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#" PrefixList="wsu wsse S" />
// </ds:Transform>
// </ds:Transforms>
// <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
// <ds:DigestValue>VAJMC/L/BDvml7Qv5CBMePbKDE8=</ds:DigestValue>
// </ds:Reference>
// <ds:Reference URI="#_5002">
// <ds:Transforms>
// <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
// <ec:InclusiveNamespaces xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#" PrefixList="S" />
// </ds:Transform>
// </ds:Transforms>
// <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
// <ds:DigestValue>sW/QFsk6kGv1dzeu0H9Qc/2kvAQ=</ds:DigestValue>
// </ds:Reference>
// </ds:SignedInfo>
// <ds:SignatureValue>....</ds:SignatureValue>
// <ds:KeyInfo>
// <wsse:SecurityTokenReference>
// <wsse:Reference URI="#uuid_43470044-78b4-4b23-926a-b7f590d24cb8" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" />
// </wsse:SecurityTokenReference>
// </ds:KeyInfo>
// </ds:Signature>
//
End_Procedure