Visual FoxPro
Visual FoxPro
eHealth.gov.be RequestSecurityToken
Request a security token for use with the eHealth.gov.be SOAP web services.Chilkat Visual FoxPro Downloads
LOCAL lnSuccess
LOCAL loCert
LOCAL loXmlToSign
LOCAL loBdCert
LOCAL loDt
LOCAL loGen
LOCAL loXmlCustomKeyInfo
LOCAL loSbXml
LOCAL loHttp
LOCAL lcUrl
LOCAL loResp
LOCAL lnResponseStatus
LOCAL loBdSecToken
lnSuccess = 0
* This requires the Chilkat API to have been previously unlocked.
* See Global Unlock Sample for sample code.
* Provide a certificate + private key.
* Note: If your certificate + private key is located on a hardware token or smartcard, you can call a different function to load from smartcard..
loCert = CreateObject('Chilkat.Cert')
lnSuccess = loCert.LoadPfxFile("SSIN=12345678.acc.p12","p12_password")
IF (lnSuccess = 0) THEN
? loCert.LastErrorText
RELEASE loCert
CANCEL
ENDIF
* Create the following XML to be signed..
* <?xml version="1.0" encoding="UTF-8"?>
* <soapenv:Envelope xmlns:ns="http://docs.oasis-open.org/ws-sx/ws-trust/200512" xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
* <soapenv:Header>
* <wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
* xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
* <wsse:BinarySecurityToken EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary"
* ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"
* wsu:Id="X509-4A13D668E59AAC4F3816750824965588">{organization certificate}</wsse:BinarySecurityToken>
* <wsu:Timestamp wsu:Id="TS-4A13D668E59AAC4F3816750824965567">
* <wsu:Created>2023-02-01T12:42:11.156Z</wsu:Created>
* <wsu:Expires>2023-02-01T12:58:51.156Z</wsu:Expires>
* </wsu:Timestamp>
* </wsse:Security>
* </soapenv:Header>
* <soapenv:Body wsu:Id="id-4A13D668E59AAC4F38167508249655911" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
* <wst:RequestSecurityToken Context="RC-302613de-a809-46b5-931a-0a55bfca5937"
* xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706"
* xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
* xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/08/addressing"
* xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"
* xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
* xmlns:wst="http://docs.oasis-open.org/ws-sx/ws-trust/200512">
* <wst:TokenType>http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1</wst:TokenType>
* <wst:RequestType>http://docs.oasis-open.org/ws-sx/ws-trust/200512/Issue</wst:RequestType>
* <wst:Claims Dialect="http://docs.oasis-open.org/wsfed/authorization/200706/authclaims">
* <auth:ClaimType Uri="urn:be:fgov:kbo-bce:organization:cbe-number">
* <auth:Value>{cbenumber}</auth:Value>
* </auth:ClaimType>
* <auth:ClaimType Uri="urn:be:fgov:ehealth:1.0:certificateholder:enterprise:cbe-number">
* <auth:Value>{cbenumber}</auth:Value>
* </auth:ClaimType>
* </wst:Claims>
* <wst:Lifetime>
* <wsu:Created>2023-02-01T08:30:10+02:00</wsu:Created>
* <wsu:Expires>2023-02-01T09:30:10+02:00</wsu:Expires>
* </wst:Lifetime>
* <wst:KeyType>http://docs.oasis-open.org/ws-sx/wstrust/200512/PublicKey</wst:KeyType>
* </wst:RequestSecurityToken>
* </soapenv:Body>
* </soapenv:Envelope>
loXmlToSign = CreateObject('Chilkat.Xml')
loXmlToSign.Tag = "soapenv:Envelope"
loXmlToSign.AddAttribute("xmlns:ns","http://docs.oasis-open.org/ws-sx/ws-trust/200512")
loXmlToSign.AddAttribute("xmlns:soapenv","http://schemas.xmlsoap.org/soap/envelope/")
loXmlToSign.UpdateAttrAt("soapenv:Header|wsse:Security",1,"xmlns:wsse","http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd")
loXmlToSign.UpdateAttrAt("soapenv:Header|wsse:Security",1,"xmlns:wsu","http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd")
loXmlToSign.UpdateAttrAt("soapenv:Header|wsse:Security|wsse:BinarySecurityToken",1,"EncodingType","http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary")
loXmlToSign.UpdateAttrAt("soapenv:Header|wsse:Security|wsse:BinarySecurityToken",1,"ValueType","http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3")
loXmlToSign.UpdateAttrAt("soapenv:Header|wsse:Security|wsse:BinarySecurityToken",1,"wsu:Id","X509-4A13D668E59AAC4F3816750824965588")
loBdCert = CreateObject('Chilkat.BinData')
loCert.ExportCertDerBd(loBdCert)
loXmlToSign.UpdateChildContent("soapenv:Header|wsse:Security|wsse:BinarySecurityToken",loBdCert.GetEncoded("base64"))
loXmlToSign.UpdateAttrAt("soapenv:Header|wsse:Security|wsu:Timestamp",1,"wsu:Id","TS-4A13D668E59AAC4F3816750824965567")
loDt = CreateObject('Chilkat.CkDateTime')
loDt.SetFromCurrentSystemTime()
loXmlToSign.UpdateChildContent("soapenv:Header|wsse:Security|wsu:Timestamp|wsu:Created",loDt.GetAsTimestamp(0))
loDt.AddSeconds(300)
loXmlToSign.UpdateChildContent("soapenv:Header|wsse:Security|wsu:Timestamp|wsu:Expires",loDt.GetAsTimestamp(0))
loDt.AddSeconds(-300)
loXmlToSign.UpdateAttrAt("soapenv:Body",1,"wsu:Id","id-4A13D668E59AAC4F38167508249655911")
loXmlToSign.UpdateAttrAt("soapenv:Body",1,"xmlns:wsu","http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd")
loXmlToSign.UpdateAttrAt("soapenv:Body|wst:RequestSecurityToken",1,"Context","RC-302613de-a809-46b5-931a-0a55bfca5937")
loXmlToSign.UpdateAttrAt("soapenv:Body|wst:RequestSecurityToken",1,"xmlns:auth","http://docs.oasis-open.org/wsfed/authorization/200706")
loXmlToSign.UpdateAttrAt("soapenv:Body|wst:RequestSecurityToken",1,"xmlns:ds","http://www.w3.org/2000/09/xmldsig#")
loXmlToSign.UpdateAttrAt("soapenv:Body|wst:RequestSecurityToken",1,"xmlns:wsa","http://schemas.xmlsoap.org/ws/2004/08/addressing")
loXmlToSign.UpdateAttrAt("soapenv:Body|wst:RequestSecurityToken",1,"xmlns:wsp","http://schemas.xmlsoap.org/ws/2004/09/policy")
loXmlToSign.UpdateAttrAt("soapenv:Body|wst:RequestSecurityToken",1,"xmlns:wsse","http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd")
loXmlToSign.UpdateAttrAt("soapenv:Body|wst:RequestSecurityToken",1,"xmlns:wst","http://docs.oasis-open.org/ws-sx/ws-trust/200512")
loXmlToSign.UpdateChildContent("soapenv:Body|wst:RequestSecurityToken|wst:TokenType","http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1")
loXmlToSign.UpdateChildContent("soapenv:Body|wst:RequestSecurityToken|wst:RequestType","http://docs.oasis-open.org/ws-sx/ws-trust/200512/Issue")
lnSuccess = loXmlToSign.UpdateAttrAt("soapenv:Body|wst:RequestSecurityToken|wst:Claims",1,"Dialect","http://docs.oasis-open.org/wsfed/authorization/200706/authclaims")
lnSuccess = loXmlToSign.UpdateAttrAt("soapenv:Body|wst:RequestSecurityToken|wst:Claims|auth:ClaimType[1]",1,"Uri","urn:be:fgov:ehealth:1.0:certificateholder:person:ssin")
loXmlToSign.UpdateChildContent("soapenv:Body|wst:RequestSecurityToken|wst:KeyType","http://docs.oasis-open.org/ws-sx/wstrust/200512/PublicKey")
loGen = CreateObject('Chilkat.XmlDSigGen')
loGen.SigLocation = "soapenv:Envelope|soapenv:Header|wsse:Security|wsse:BinarySecurityToken"
loGen.SigLocationMod = 1
loGen.SigId = "SIG-4A13D668E59AAC4F38167508249656212"
loGen.SigNamespacePrefix = "ds"
loGen.SigNamespaceUri = "http://www.w3.org/2000/09/xmldsig#"
loGen.SignedInfoPrefixList = "soapenv urn urn1"
loGen.IncNamespacePrefix = "ec"
loGen.IncNamespaceUri = "http://www.w3.org/2001/10/xml-exc-c14n#"
loGen.SignedInfoCanonAlg = "EXCL_C14N"
loGen.SignedInfoDigestMethod = "sha256"
* Set the KeyInfoId before adding references..
loGen.KeyInfoId = "KI-4A13D668E59AAC4F3816750824965589"
* -------- Reference 1 --------
loGen.AddSameDocRef("TS-4A13D668E59AAC4F3816750824965567","sha256","EXCL_C14N","wsse soapenv urn urn1","")
* -------- Reference 2 --------
loGen.AddSameDocRef("id-4A13D668E59AAC4F38167508249655911","sha256","EXCL_C14N","urn urn1","")
* -------- Reference 3 --------
loGen.AddSameDocRef("X509-4A13D668E59AAC4F3816750824965588","sha256","EXCL_C14N","_EMPTY_","")
loGen.SetX509Cert(loCert,1)
loGen.KeyInfoType = "Custom"
* Create the custom KeyInfo XML..
loXmlCustomKeyInfo = CreateObject('Chilkat.Xml')
loXmlCustomKeyInfo.Tag = "wsse:SecurityTokenReference"
loXmlCustomKeyInfo.AddAttribute("wsu:Id","STR-4A13D668E59AAC4F38167508249655810")
loXmlCustomKeyInfo.UpdateAttrAt("wsse:Reference",1,"URI","#X509-4A13D668E59AAC4F3816750824965588")
loXmlCustomKeyInfo.UpdateAttrAt("wsse:Reference",1,"ValueType","http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3")
loXmlCustomKeyInfo.EmitXmlDecl = 0
loGen.CustomKeyInfoXml = loXmlCustomKeyInfo.GetXml()
* Load XML to be signed...
loSbXml = CreateObject('Chilkat.StringBuilder')
loXmlToSign.GetXmlSb(loSbXml)
loGen.Behaviors = "IndentedSignature"
* Sign the XML...
lnSuccess = loGen.CreateXmlDSigSb(loSbXml)
IF (lnSuccess = 0) THEN
? loGen.LastErrorText
RELEASE loCert
RELEASE loXmlToSign
RELEASE loBdCert
RELEASE loDt
RELEASE loGen
RELEASE loXmlCustomKeyInfo
RELEASE loSbXml
CANCEL
ENDIF
* The sbXml is sent as the HTTP request body below..
? loSbXml.GetAsString()
* -----------------------------------------------------------------------------------------------------------
* Send the SOAP requet to ask the server to issue a security token, which can then be used to access other SOAP services..
loHttp = CreateObject('Chilkat.Http')
lnSuccess = loHttp.SetSslClientCert(loCert)
IF (lnSuccess = 0) THEN
? loHttp.LastErrorText
RELEASE loCert
RELEASE loXmlToSign
RELEASE loBdCert
RELEASE loDt
RELEASE loGen
RELEASE loXmlCustomKeyInfo
RELEASE loSbXml
RELEASE loHttp
CANCEL
ENDIF
loHttp.SetRequestHeader("Content-Type","text/xml")
lcUrl = "https://services-acpt.ehealth.fgov.be/IAM/SecurityTokenService/v1/RequestSecurityToken"
loResp = CreateObject('Chilkat.HttpResponse')
lnSuccess = loHttp.HttpSb("POST",lcUrl,loSbXml,"utf-8","application/xml",loResp)
IF (lnSuccess = 0) THEN
? loHttp.LastErrorText
RELEASE loCert
RELEASE loXmlToSign
RELEASE loBdCert
RELEASE loDt
RELEASE loGen
RELEASE loXmlCustomKeyInfo
RELEASE loSbXml
RELEASE loHttp
RELEASE loResp
CANCEL
ENDIF
lnResponseStatus = loResp.StatusCode
? "Response Status Code = " + STR(lnResponseStatus)
* You'll want to check to see if the response status code = 200.
* If not, then the response body contains error information instead of a security token.
* This example will assume we received 200 status code.
? loResp.BodyStr
* The response body contains XML like this:
* <SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/">
* <SOAP-ENV:Header/>
* <SOAP-ENV:Body>
* <wst:RequestSecurityTokenResponse xmlns:wst="http://docs.oasis-open.org/ws-sx/ws-trust/200512" Context="RC-302613de-a809-46b5-931a-0a55bfca5937">
* <wst:RequestedSecurityToken>
* <Assertion xmlns="urn:oasis:names:tc:SAML:1.0:assertion" AssertionID="_3e8ea5c951b2167c274974750ace9b5d"
* ...
* </Assertion>
* </wst:RequestedSecurityToken>
* </wst:RequestSecurityTokenResponse>
* </SOAP-ENV:Body>
* </SOAP-ENV:Envelope>
* The portion of the response from <Assertion ..> ... </Assertion> is the SAML security token to be included
* in a subsesquent SOAP request. It is extremely important to not modify the contents of the security token in any way, including not changing
* whitespace or any formatting. Therefore, we get the response body exactly as-is, to be used in a SOAP request.
* Copy the response body to a Chilkat BinData object.
loBdSecToken = CreateObject('Chilkat.BinData')
loResp.GetBodyBd(loBdSecToken)
* Let's save the bdSecToken to a file, and pick it up in the next example where it is used
* in a SOAP request, such as in this example: AddressBook Search for Professionals
loBdSecToken.WriteFile("qa_data/tokens/ehealth-fgov-be-sectoken.xml")
? "OK"
RELEASE loCert
RELEASE loXmlToSign
RELEASE loBdCert
RELEASE loDt
RELEASE loGen
RELEASE loXmlCustomKeyInfo
RELEASE loSbXml
RELEASE loHttp
RELEASE loResp
RELEASE loBdSecToken