Chilkat HOME .NET Core C# Android™ AutoIt C C# C++ Chilkat2-Python CkPython Classic ASP DataFlex Delphi ActiveX Delphi DLL Go Java Lianja Mono C# Node.js Objective-C PHP ActiveX PHP Extension Perl PowerBuilder PowerShell PureBasic Ruby SQL Server Swift 2 Swift 3,4,5... Tcl Unicode C Unicode C++ VB.NET VBScript Visual Basic 6.0 Visual FoxPro Xojo Plugin
(Delphi DLL) Sign Italian SPID Metadata XMLDemonstrates how to create an XML digital signature for Italian SPID Metadata.
uses Winapi.Windows, Winapi.Messages, System.SysUtils, System.Variants, System.Classes, Vcl.Graphics, Vcl.Controls, Vcl.Forms, Vcl.Dialogs, Vcl.StdCtrls, StringBuilder, XmlDSigGen, Cert, XmlDSig; ... procedure TForm1.Button1Click(Sender: TObject); var success: Boolean; sbXml: HCkStringBuilder; gen: HCkXmlDSigGen; cert: HCkCert; verifier: HCkXmlDSig; numSigs: Integer; verifyIdx: Integer; verified: Boolean; begin // This example assumes the Chilkat API to have been previously unlocked. // See Global Unlock Sample for sample code. success := True; // Load the XML to be signed. sbXml := CkStringBuilder_Create(); success := CkStringBuilder_LoadFile(sbXml,'qa_data/xml_dsig/spid_metadata.xml','utf-8'); if (success = False) then begin Memo1.Lines.Add('Failed to load the input file.'); Exit; end; // The XML to sign contains XML such as this: // <?xml version="1.0" encoding="utf-8"?> // <md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" entityID="https://***.it" ID="_AE17AFFF-A600-49D5-B81D-76EEA55B50FF"> // <md:SPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol" AuthnRequestsSigned="true" WantAssertionsSigned="true"> // <md:KeyDescriptor use="signing"> // <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#"> // <ds:X509Data> // <ds:X509Certificate>MIIF5...</ds:X509Certificate> // </ds:X509Data> // </ds:KeyInfo> // </md:KeyDescriptor> // <md:KeyDescriptor use="encryption"> // <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#"> // <ds:X509Data> // <ds:X509Certificate>MIIF5...</ds:X509Certificate> // </ds:X509Data> // </ds:KeyInfo> // </md:KeyDescriptor> // <md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://***.it/it-it/spid/logout"/> // <md:NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:transient</md:NameIDFormat> // <md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://***.it/it-it/spid/loginresp" index="0" isDefault="true"/> // <md:AttributeConsumingService index="1"> // <md:ServiceName xml:lang="it">Servizi Online</md:ServiceName> // <md:ServiceDescription xml:lang="it">Accesso ai Servizi Online</md:ServiceDescription> // <md:RequestedAttribute Name="spidCode" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic"/> // <md:RequestedAttribute Name="name" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic"/> // <md:RequestedAttribute Name="familyName" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic"/> // <md:RequestedAttribute Name="fiscalNumber" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic"/> // </md:AttributeConsumingService> // </md:SPSSODescriptor> // <md:Organization> // <md:OrganizationName xml:lang="it">SomeCompany s.r.l.</md:OrganizationName> // <md:OrganizationDisplayName xml:lang="it">SomeCompany s.r.l.</md:OrganizationDisplayName> // <md:OrganizationURL xml:lang="it">https://***.it</md:OrganizationURL> // </md:Organization> // </md:EntityDescriptor> gen := CkXmlDSigGen_Create(); CkXmlDSigGen_putSigLocation(gen,'md:EntityDescriptor|md:SPSSODescriptor'); CkXmlDSigGen_putSigLocationMod(gen,2); CkXmlDSigGen_putSignedInfoCanonAlg(gen,'EXCL_C14N'); CkXmlDSigGen_putSignedInfoDigestMethod(gen,'sha256'); // -------- Reference 1 -------- CkXmlDSigGen_AddSameDocRef(gen,'_AE17AFFF-A600-49D5-B81D-76EEA55B50FF','sha256','EXCL_C14N','',''); // Provide a certificate + private key. (PFX password is test123) cert := CkCert_Create(); success := CkCert_LoadPfxFile(cert,'qa_data/pfx/cert_test123.pfx','test123'); if (success <> True) then begin Memo1.Lines.Add(CkCert__lastErrorText(cert)); Exit; end; CkXmlDSigGen_SetX509Cert(gen,cert,True); CkXmlDSigGen_putKeyInfoType(gen,'X509Data+KeyValue'); CkXmlDSigGen_putX509Type(gen,'Certificate'); CkXmlDSigGen_putBehaviors(gen,'IndentedSignature,ForceAddEnvelopedSignatureTransform,OmitAlreadyDefinedSigNamespace'); // Sign the XML... success := CkXmlDSigGen_CreateXmlDSigSb(gen,sbXml); if (success <> True) then begin Memo1.Lines.Add(CkXmlDSigGen__lastErrorText(gen)); Exit; end; // ----------------------------------------------- // Save the signed XML to a file. success := CkStringBuilder_WriteFile(sbXml,'qa_output/signedXml.xml','utf-8',False); Memo1.Lines.Add(CkStringBuilder__getAsString(sbXml)); // ---------------------------------------- // Verify the signatures we just produced... verifier := CkXmlDSig_Create(); success := CkXmlDSig_LoadSignatureSb(verifier,sbXml); if (success <> True) then begin Memo1.Lines.Add(CkXmlDSig__lastErrorText(verifier)); Exit; end; numSigs := CkXmlDSig_getNumSignatures(verifier); verifyIdx := 0; while verifyIdx < numSigs do begin CkXmlDSig_putSelector(verifier,verifyIdx); verified := CkXmlDSig_VerifySignature(verifier,True); if (verified <> True) then begin Memo1.Lines.Add(CkXmlDSig__lastErrorText(verifier)); Exit; end; verifyIdx := verifyIdx + 1; end; Memo1.Lines.Add('All signatures were successfully verified.'); CkStringBuilder_Dispose(sbXml); CkXmlDSigGen_Dispose(gen); CkCert_Dispose(cert); CkXmlDSig_Dispose(verifier); end; |
© 2000-2024 Chilkat Software, Inc. All Rights Reserved.