Sample code for 30+ languages & platforms
Visual FoxPro

Create IRS MeF Login Service Request Message

See more XML Digital Signatures Examples

This example demonstrates how to create a digitally signed Login Service Request Message.

This example used the documentation at https://www.irs.gov/pub/irs-utl/mef-doc-stp_ref_guide.pdf as a guide.

It creates signed XML as specified in section 4.1.1 found in Section 4: Example A2A Web Service Messages.

Chilkat Visual FoxPro Downloads

Visual FoxPro
LOCAL lnSuccess
LOCAL loPfx
LOCAL loSigningCert
LOCAL loBdCert
LOCAL loSbCert64
LOCAL loXmlToSign
LOCAL loGen
LOCAL loCert
LOCAL loXmlCustomKeyInfo
LOCAL loSbXml
LOCAL lnNReplaced

lnSuccess = 0

* This example requires the Chilkat API to have been previously unlocked.
* See Global Unlock Sample for sample code.

* --------------------------------------------------------------------------------
* Also see Chilkat's Online WSDL Code Generator
* to generate code and SOAP Request and Response XML for each operation in a WSDL.
* --------------------------------------------------------------------------------

* The goal of this example is to create signed SOAP XML such as the following:

* <?xml version="1.0" encoding="UTF-8"?>
* <SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
*     <SOAP-ENV:Header>
*         <wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
*             <wsse:BinarySecurityToken 
* 		xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
* 		EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary"
* 		ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"
* 		wsu:Id="CertId-1673181727">MIIHab...n71P</wsse:BinarySecurityToken>
*             <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
*                 <ds:SignedInfo>
*                     <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
*                     <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
*                     <ds:Reference URI="#id-1214941501">
*                         <ds:Transforms>
*                             <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
*                         </ds:Transforms>
*                         <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
*                         <ds:DigestValue>abcdefghijkLMNOPQRSTUVwxyz012345Em0o3VEOTck=</ds:DigestValue>
*                     </ds:Reference>
*                     <ds:Reference URI="#id-1871558655">
*                         <ds:Transforms>
*                             <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
*                         </ds:Transforms>
*                         <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
*                         <ds:DigestValue>abcdefghijkLMNOPQRSTUVwxyz012345Xm5ViA+royg=</ds:DigestValue>
*                     </ds:Reference>
*                 </ds:SignedInfo>
*                 <ds:SignatureValue>abcd...5Nbw==</ds:SignatureValue>
*                 <ds:KeyInfo Id="KeyId-256137097">
*                     <wsse:SecurityTokenReference xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="STRId-1862925355">
*                         <wsse:Reference URI="#CertId-1673181727" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"/>
*                     </wsse:SecurityTokenReference>
*                 </ds:KeyInfo>
*             </ds:Signature>
*         </wsse:Security>
*         <ns1:MeFHeader xmlns:ns1="http://www.irs.gov/a2a/mef/MeFHeader.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="id-1214941501">
*             <ns1:MessageID>12345202018200000234</ns1:MessageID>
*             <ns1:Action>Login</ns1:Action>
*             <ns1:MessageTs>2020-06-30T15:25:42.678Z</ns1:MessageTs>
*             <ns1:ETIN>12345</ns1:ETIN>
*             <ns1:SessionKeyCd>Y</ns1:SessionKeyCd>
*             <ns1:TestCd>P</ns1:TestCd>
*             <ns1:AppSysID>65432190</ns1:AppSysID>
*             <ns1:WSDLVersionNum>10.3</ns1:WSDLVersionNum>
*             <ns1:ClientSoftwareTxt>SOATest</ns1:ClientSoftwareTxt>
*         </ns1:MeFHeader>
*     </SOAP-ENV:Header>
*     <SOAP-ENV:Body xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="id-1871558655">
*         <LoginRequest xmlns="http://www.irs.gov/a2a/mef/MeFMSIServices.xsd"/>
*     </SOAP-ENV:Body>
* </SOAP-ENV:Envelope>

* -------------------------------------------------------------------------------------------

* First, let's load the certificate + private key to be used for signing (from a PFX).
* (It is also possible to use certificates installed on a Windows system, or from other file formats..)
loPfx = CreateObject('Chilkat.Pfx')
lnSuccess = loPfx.LoadPfxFile("qa_data/pfx/cert_test123.pfx","test123")
IF (lnSuccess = 0) THEN
    ? loPfx.LastErrorText
    RELEASE loPfx
    CANCEL
ENDIF

* We'll be needing the X.509 signing cert as base64 for the BinarySecurityToken, so let's get it now..
* The certificate having the private key should be the 1st in the PFX.

loSigningCert = CreateObject('Chilkat.Cert')
lnSuccess = loPfx.CertAt(0,loSigningCert)
IF (lnSuccess = 0) THEN
    ? loPfx.LastErrorText
    RELEASE loPfx
    RELEASE loSigningCert
    CANCEL
ENDIF

loBdCert = CreateObject('Chilkat.BinData')
loSigningCert.ExportCertDerBd(loBdCert)
loSbCert64 = CreateObject('Chilkat.StringBuilder')
loBdCert.GetEncodedSb("base64",loSbCert64)

* -------------------------------------------------------------------------------------------
* The XML before signing would look like this:

* <?xml version="1.0" encoding="UTF-8"?>
* <SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
*     <SOAP-ENV:Header>
*         <wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
*             <wsse:BinarySecurityToken 
* 		xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
* 		EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary"
* 		ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"
* 		wsu:Id="CertId-1673181727">MIIHab...n71P</wsse:BinarySecurityToken>
*         </wsse:Security>
*         <ns1:MeFHeader xmlns:ns1="http://www.irs.gov/a2a/mef/MeFHeader.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="id-1214941501">
*             <ns1:MessageID>12345202018200000234</ns1:MessageID>
*             <ns1:Action>Login</ns1:Action>
*             <ns1:MessageTs>2020-06-30T15:25:42.678Z</ns1:MessageTs>
*             <ns1:ETIN>12345</ns1:ETIN>
*             <ns1:SessionKeyCd>Y</ns1:SessionKeyCd>
*             <ns1:TestCd>P</ns1:TestCd>
*             <ns1:AppSysID>65432190</ns1:AppSysID>
*             <ns1:WSDLVersionNum>10.3</ns1:WSDLVersionNum>
*             <ns1:ClientSoftwareTxt>SOATest</ns1:ClientSoftwareTxt>
*         </ns1:MeFHeader>
*     </SOAP-ENV:Header>
*     <SOAP-ENV:Body xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="id-1871558655">
*         <LoginRequest xmlns="http://www.irs.gov/a2a/mef/MeFMSIServices.xsd"/>
*     </SOAP-ENV:Body>
* </SOAP-ENV:Envelope>

* You can use the online XML code generation tool at http://tools.chilkat.io/xmlCreate.cshtml
* to generate the following XML creation source code:

* Create the XML to be signed...
loXmlToSign = CreateObject('Chilkat.Xml')
loXmlToSign.Tag = "SOAP-ENV:Envelope"
loXmlToSign.AddAttribute("xmlns:SOAP-ENV","http://schemas.xmlsoap.org/soap/envelope/")
loXmlToSign.AddAttribute("xmlns:xsd","http://www.w3.org/2001/XMLSchema")
loXmlToSign.AddAttribute("xmlns:xsi","http://www.w3.org/2001/XMLSchema-instance")
loXmlToSign.UpdateAttrAt("SOAP-ENV:Header|wsse:Security",1,"xmlns:wsse","http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd")
loXmlToSign.UpdateAttrAt("SOAP-ENV:Header|wsse:Security|wsse:BinarySecurityToken",1,"xmlns:wsu","http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd")
loXmlToSign.UpdateAttrAt("SOAP-ENV:Header|wsse:Security|wsse:BinarySecurityToken",1,"EncodingType","http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary")
loXmlToSign.UpdateAttrAt("SOAP-ENV:Header|wsse:Security|wsse:BinarySecurityToken",1,"ValueType","http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3")
loXmlToSign.UpdateAttrAt("SOAP-ENV:Header|wsse:Security|wsse:BinarySecurityToken",1,"wsu:Id","CertId-1673181727")
loXmlToSign.UpdateChildContent("SOAP-ENV:Header|wsse:Security|wsse:BinarySecurityToken",loSbCert64.GetAsString())
loXmlToSign.UpdateAttrAt("SOAP-ENV:Header|ns1:MeFHeader",1,"xmlns:ns1","http://www.irs.gov/a2a/mef/MeFHeader.xsd")
loXmlToSign.UpdateAttrAt("SOAP-ENV:Header|ns1:MeFHeader",1,"xmlns:wsu","http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd")
loXmlToSign.UpdateAttrAt("SOAP-ENV:Header|ns1:MeFHeader",1,"wsu:Id","id-1214941501")
loXmlToSign.UpdateChildContent("SOAP-ENV:Header|ns1:MeFHeader|ns1:MessageID","12345202018200000234")
loXmlToSign.UpdateChildContent("SOAP-ENV:Header|ns1:MeFHeader|ns1:Action","Login")
loXmlToSign.UpdateChildContent("SOAP-ENV:Header|ns1:MeFHeader|ns1:MessageTs","2020-06-30T15:25:42.678Z")
loXmlToSign.UpdateChildContentInt("SOAP-ENV:Header|ns1:MeFHeader|ns1:ETIN",12345)
loXmlToSign.UpdateChildContent("SOAP-ENV:Header|ns1:MeFHeader|ns1:SessionKeyCd","Y")
loXmlToSign.UpdateChildContent("SOAP-ENV:Header|ns1:MeFHeader|ns1:TestCd","P")
loXmlToSign.UpdateChildContentInt("SOAP-ENV:Header|ns1:MeFHeader|ns1:AppSysID",65432190)
loXmlToSign.UpdateChildContent("SOAP-ENV:Header|ns1:MeFHeader|ns1:WSDLVersionNum","10.3")
loXmlToSign.UpdateChildContent("SOAP-ENV:Header|ns1:MeFHeader|ns1:ClientSoftwareTxt","SOATest")
loXmlToSign.UpdateAttrAt("SOAP-ENV:Body",1,"xmlns:wsu","http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd")
loXmlToSign.UpdateAttrAt("SOAP-ENV:Body",1,"wsu:Id","id-1871558655")
loXmlToSign.UpdateAttrAt("SOAP-ENV:Body|LoginRequest",1,"xmlns","http://www.irs.gov/a2a/mef/MeFMSIServices.xsd")

* -------------------------------------------------------------------------------------------
* Setup the XML DSig generator object to create the desired signature.

loGen = CreateObject('Chilkat.XmlDSigGen')

loGen.SigLocation = "SOAP-ENV:Envelope|SOAP-ENV:Header|wsse:Security"
loGen.SigLocationMod = 0
loGen.SigNamespacePrefix = "ds"
loGen.SigNamespaceUri = "http://www.w3.org/2000/09/xmldsig#"
loGen.SignedInfoCanonAlg = "EXCL_C14N"
loGen.SignedInfoDigestMethod = "sha256"

* Set the KeyInfoId before adding references..
loGen.KeyInfoId = "KeyId-256137097"

* -------- Reference 1 --------
loGen.AddSameDocRef("id-1214941501","sha256","EXCL_C14N","","")

* -------- Reference 2 --------
loGen.AddSameDocRef("id-1871558655","sha256","EXCL_C14N","","")

* Provide a certificate + private key. (PFX password is test123)
loCert = CreateObject('Chilkat.Cert')
lnSuccess = loCert.LoadPfxFile("qa_data/pfx/cert_test123.pfx","test123")
IF (lnSuccess = 0) THEN
    ? loCert.LastErrorText
    RELEASE loPfx
    RELEASE loSigningCert
    RELEASE loBdCert
    RELEASE loSbCert64
    RELEASE loXmlToSign
    RELEASE loGen
    RELEASE loCert
    CANCEL
ENDIF

loGen.SetX509Cert(loCert,1)

loGen.KeyInfoType = "Custom"

* Create the custom KeyInfo XML..
loXmlCustomKeyInfo = CreateObject('Chilkat.Xml')
loXmlCustomKeyInfo.Tag = "wsse:SecurityTokenReference"
loXmlCustomKeyInfo.AddAttribute("xmlns:wsu","http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd")
loXmlCustomKeyInfo.AddAttribute("wsu:Id","STRId-1862925355")
loXmlCustomKeyInfo.UpdateAttrAt("wsse:Reference",1,"URI","#CertId-1673181727")
loXmlCustomKeyInfo.UpdateAttrAt("wsse:Reference",1,"ValueType","http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3")

loXmlCustomKeyInfo.EmitXmlDecl = 0
loGen.CustomKeyInfoXml = loXmlCustomKeyInfo.GetXml()

* -------------------------------------------------------------------------------------------
* Load XML to be signed...
loSbXml = CreateObject('Chilkat.StringBuilder')
loXmlToSign.GetXmlSb(loSbXml)

* Update BinarySecurityToken_Base64Binary_Content with the actual X509 of the signing cert.
lnNReplaced = loSbXml.Replace("BinarySecurityToken_Base64Binary_Content",loCert.GetEncoded())

loGen.Behaviors = "IndentedSignature"

* Sign the XML...
lnSuccess = loGen.CreateXmlDSigSb(loSbXml)
IF (lnSuccess = 0) THEN
    ? loGen.LastErrorText
    RELEASE loPfx
    RELEASE loSigningCert
    RELEASE loBdCert
    RELEASE loSbCert64
    RELEASE loXmlToSign
    RELEASE loGen
    RELEASE loCert
    RELEASE loXmlCustomKeyInfo
    RELEASE loSbXml
    CANCEL
ENDIF

* -----------------------------------------------

* Save the signed XML to a file.
lnSuccess = loSbXml.WriteFile("c:/temp/qa_output/signedXml.xml","utf-8",0)

? loSbXml.GetAsString()

RELEASE loPfx
RELEASE loSigningCert
RELEASE loBdCert
RELEASE loSbCert64
RELEASE loXmlToSign
RELEASE loGen
RELEASE loCert
RELEASE loXmlCustomKeyInfo
RELEASE loSbXml