Visual FoxPro
Visual FoxPro
Create IRS MeF Login Service Request Message
See more XML Digital Signatures Examples
This example demonstrates how to create a digitally signed Login Service Request Message.This example used the documentation at https://www.irs.gov/pub/irs-utl/mef-doc-stp_ref_guide.pdf as a guide.
It creates signed XML as specified in section 4.1.1 found in Section 4: Example A2A Web Service Messages.
Chilkat Visual FoxPro Downloads
LOCAL lnSuccess
LOCAL loPfx
LOCAL loSigningCert
LOCAL loBdCert
LOCAL loSbCert64
LOCAL loXmlToSign
LOCAL loGen
LOCAL loCert
LOCAL loXmlCustomKeyInfo
LOCAL loSbXml
LOCAL lnNReplaced
lnSuccess = 0
* This example requires the Chilkat API to have been previously unlocked.
* See Global Unlock Sample for sample code.
* --------------------------------------------------------------------------------
* Also see Chilkat's Online WSDL Code Generator
* to generate code and SOAP Request and Response XML for each operation in a WSDL.
* --------------------------------------------------------------------------------
* The goal of this example is to create signed SOAP XML such as the following:
* <?xml version="1.0" encoding="UTF-8"?>
* <SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
* <SOAP-ENV:Header>
* <wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
* <wsse:BinarySecurityToken
* xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
* EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary"
* ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"
* wsu:Id="CertId-1673181727">MIIHab...n71P</wsse:BinarySecurityToken>
* <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
* <ds:SignedInfo>
* <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
* <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
* <ds:Reference URI="#id-1214941501">
* <ds:Transforms>
* <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
* </ds:Transforms>
* <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
* <ds:DigestValue>abcdefghijkLMNOPQRSTUVwxyz012345Em0o3VEOTck=</ds:DigestValue>
* </ds:Reference>
* <ds:Reference URI="#id-1871558655">
* <ds:Transforms>
* <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
* </ds:Transforms>
* <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
* <ds:DigestValue>abcdefghijkLMNOPQRSTUVwxyz012345Xm5ViA+royg=</ds:DigestValue>
* </ds:Reference>
* </ds:SignedInfo>
* <ds:SignatureValue>abcd...5Nbw==</ds:SignatureValue>
* <ds:KeyInfo Id="KeyId-256137097">
* <wsse:SecurityTokenReference xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="STRId-1862925355">
* <wsse:Reference URI="#CertId-1673181727" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"/>
* </wsse:SecurityTokenReference>
* </ds:KeyInfo>
* </ds:Signature>
* </wsse:Security>
* <ns1:MeFHeader xmlns:ns1="http://www.irs.gov/a2a/mef/MeFHeader.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="id-1214941501">
* <ns1:MessageID>12345202018200000234</ns1:MessageID>
* <ns1:Action>Login</ns1:Action>
* <ns1:MessageTs>2020-06-30T15:25:42.678Z</ns1:MessageTs>
* <ns1:ETIN>12345</ns1:ETIN>
* <ns1:SessionKeyCd>Y</ns1:SessionKeyCd>
* <ns1:TestCd>P</ns1:TestCd>
* <ns1:AppSysID>65432190</ns1:AppSysID>
* <ns1:WSDLVersionNum>10.3</ns1:WSDLVersionNum>
* <ns1:ClientSoftwareTxt>SOATest</ns1:ClientSoftwareTxt>
* </ns1:MeFHeader>
* </SOAP-ENV:Header>
* <SOAP-ENV:Body xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="id-1871558655">
* <LoginRequest xmlns="http://www.irs.gov/a2a/mef/MeFMSIServices.xsd"/>
* </SOAP-ENV:Body>
* </SOAP-ENV:Envelope>
* -------------------------------------------------------------------------------------------
* First, let's load the certificate + private key to be used for signing (from a PFX).
* (It is also possible to use certificates installed on a Windows system, or from other file formats..)
loPfx = CreateObject('Chilkat.Pfx')
lnSuccess = loPfx.LoadPfxFile("qa_data/pfx/cert_test123.pfx","test123")
IF (lnSuccess = 0) THEN
? loPfx.LastErrorText
RELEASE loPfx
CANCEL
ENDIF
* We'll be needing the X.509 signing cert as base64 for the BinarySecurityToken, so let's get it now..
* The certificate having the private key should be the 1st in the PFX.
loSigningCert = CreateObject('Chilkat.Cert')
lnSuccess = loPfx.CertAt(0,loSigningCert)
IF (lnSuccess = 0) THEN
? loPfx.LastErrorText
RELEASE loPfx
RELEASE loSigningCert
CANCEL
ENDIF
loBdCert = CreateObject('Chilkat.BinData')
loSigningCert.ExportCertDerBd(loBdCert)
loSbCert64 = CreateObject('Chilkat.StringBuilder')
loBdCert.GetEncodedSb("base64",loSbCert64)
* -------------------------------------------------------------------------------------------
* The XML before signing would look like this:
* <?xml version="1.0" encoding="UTF-8"?>
* <SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
* <SOAP-ENV:Header>
* <wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
* <wsse:BinarySecurityToken
* xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
* EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary"
* ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"
* wsu:Id="CertId-1673181727">MIIHab...n71P</wsse:BinarySecurityToken>
* </wsse:Security>
* <ns1:MeFHeader xmlns:ns1="http://www.irs.gov/a2a/mef/MeFHeader.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="id-1214941501">
* <ns1:MessageID>12345202018200000234</ns1:MessageID>
* <ns1:Action>Login</ns1:Action>
* <ns1:MessageTs>2020-06-30T15:25:42.678Z</ns1:MessageTs>
* <ns1:ETIN>12345</ns1:ETIN>
* <ns1:SessionKeyCd>Y</ns1:SessionKeyCd>
* <ns1:TestCd>P</ns1:TestCd>
* <ns1:AppSysID>65432190</ns1:AppSysID>
* <ns1:WSDLVersionNum>10.3</ns1:WSDLVersionNum>
* <ns1:ClientSoftwareTxt>SOATest</ns1:ClientSoftwareTxt>
* </ns1:MeFHeader>
* </SOAP-ENV:Header>
* <SOAP-ENV:Body xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="id-1871558655">
* <LoginRequest xmlns="http://www.irs.gov/a2a/mef/MeFMSIServices.xsd"/>
* </SOAP-ENV:Body>
* </SOAP-ENV:Envelope>
* You can use the online XML code generation tool at http://tools.chilkat.io/xmlCreate.cshtml
* to generate the following XML creation source code:
* Create the XML to be signed...
loXmlToSign = CreateObject('Chilkat.Xml')
loXmlToSign.Tag = "SOAP-ENV:Envelope"
loXmlToSign.AddAttribute("xmlns:SOAP-ENV","http://schemas.xmlsoap.org/soap/envelope/")
loXmlToSign.AddAttribute("xmlns:xsd","http://www.w3.org/2001/XMLSchema")
loXmlToSign.AddAttribute("xmlns:xsi","http://www.w3.org/2001/XMLSchema-instance")
loXmlToSign.UpdateAttrAt("SOAP-ENV:Header|wsse:Security",1,"xmlns:wsse","http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd")
loXmlToSign.UpdateAttrAt("SOAP-ENV:Header|wsse:Security|wsse:BinarySecurityToken",1,"xmlns:wsu","http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd")
loXmlToSign.UpdateAttrAt("SOAP-ENV:Header|wsse:Security|wsse:BinarySecurityToken",1,"EncodingType","http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary")
loXmlToSign.UpdateAttrAt("SOAP-ENV:Header|wsse:Security|wsse:BinarySecurityToken",1,"ValueType","http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3")
loXmlToSign.UpdateAttrAt("SOAP-ENV:Header|wsse:Security|wsse:BinarySecurityToken",1,"wsu:Id","CertId-1673181727")
loXmlToSign.UpdateChildContent("SOAP-ENV:Header|wsse:Security|wsse:BinarySecurityToken",loSbCert64.GetAsString())
loXmlToSign.UpdateAttrAt("SOAP-ENV:Header|ns1:MeFHeader",1,"xmlns:ns1","http://www.irs.gov/a2a/mef/MeFHeader.xsd")
loXmlToSign.UpdateAttrAt("SOAP-ENV:Header|ns1:MeFHeader",1,"xmlns:wsu","http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd")
loXmlToSign.UpdateAttrAt("SOAP-ENV:Header|ns1:MeFHeader",1,"wsu:Id","id-1214941501")
loXmlToSign.UpdateChildContent("SOAP-ENV:Header|ns1:MeFHeader|ns1:MessageID","12345202018200000234")
loXmlToSign.UpdateChildContent("SOAP-ENV:Header|ns1:MeFHeader|ns1:Action","Login")
loXmlToSign.UpdateChildContent("SOAP-ENV:Header|ns1:MeFHeader|ns1:MessageTs","2020-06-30T15:25:42.678Z")
loXmlToSign.UpdateChildContentInt("SOAP-ENV:Header|ns1:MeFHeader|ns1:ETIN",12345)
loXmlToSign.UpdateChildContent("SOAP-ENV:Header|ns1:MeFHeader|ns1:SessionKeyCd","Y")
loXmlToSign.UpdateChildContent("SOAP-ENV:Header|ns1:MeFHeader|ns1:TestCd","P")
loXmlToSign.UpdateChildContentInt("SOAP-ENV:Header|ns1:MeFHeader|ns1:AppSysID",65432190)
loXmlToSign.UpdateChildContent("SOAP-ENV:Header|ns1:MeFHeader|ns1:WSDLVersionNum","10.3")
loXmlToSign.UpdateChildContent("SOAP-ENV:Header|ns1:MeFHeader|ns1:ClientSoftwareTxt","SOATest")
loXmlToSign.UpdateAttrAt("SOAP-ENV:Body",1,"xmlns:wsu","http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd")
loXmlToSign.UpdateAttrAt("SOAP-ENV:Body",1,"wsu:Id","id-1871558655")
loXmlToSign.UpdateAttrAt("SOAP-ENV:Body|LoginRequest",1,"xmlns","http://www.irs.gov/a2a/mef/MeFMSIServices.xsd")
* -------------------------------------------------------------------------------------------
* Setup the XML DSig generator object to create the desired signature.
loGen = CreateObject('Chilkat.XmlDSigGen')
loGen.SigLocation = "SOAP-ENV:Envelope|SOAP-ENV:Header|wsse:Security"
loGen.SigLocationMod = 0
loGen.SigNamespacePrefix = "ds"
loGen.SigNamespaceUri = "http://www.w3.org/2000/09/xmldsig#"
loGen.SignedInfoCanonAlg = "EXCL_C14N"
loGen.SignedInfoDigestMethod = "sha256"
* Set the KeyInfoId before adding references..
loGen.KeyInfoId = "KeyId-256137097"
* -------- Reference 1 --------
loGen.AddSameDocRef("id-1214941501","sha256","EXCL_C14N","","")
* -------- Reference 2 --------
loGen.AddSameDocRef("id-1871558655","sha256","EXCL_C14N","","")
* Provide a certificate + private key. (PFX password is test123)
loCert = CreateObject('Chilkat.Cert')
lnSuccess = loCert.LoadPfxFile("qa_data/pfx/cert_test123.pfx","test123")
IF (lnSuccess = 0) THEN
? loCert.LastErrorText
RELEASE loPfx
RELEASE loSigningCert
RELEASE loBdCert
RELEASE loSbCert64
RELEASE loXmlToSign
RELEASE loGen
RELEASE loCert
CANCEL
ENDIF
loGen.SetX509Cert(loCert,1)
loGen.KeyInfoType = "Custom"
* Create the custom KeyInfo XML..
loXmlCustomKeyInfo = CreateObject('Chilkat.Xml')
loXmlCustomKeyInfo.Tag = "wsse:SecurityTokenReference"
loXmlCustomKeyInfo.AddAttribute("xmlns:wsu","http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd")
loXmlCustomKeyInfo.AddAttribute("wsu:Id","STRId-1862925355")
loXmlCustomKeyInfo.UpdateAttrAt("wsse:Reference",1,"URI","#CertId-1673181727")
loXmlCustomKeyInfo.UpdateAttrAt("wsse:Reference",1,"ValueType","http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3")
loXmlCustomKeyInfo.EmitXmlDecl = 0
loGen.CustomKeyInfoXml = loXmlCustomKeyInfo.GetXml()
* -------------------------------------------------------------------------------------------
* Load XML to be signed...
loSbXml = CreateObject('Chilkat.StringBuilder')
loXmlToSign.GetXmlSb(loSbXml)
* Update BinarySecurityToken_Base64Binary_Content with the actual X509 of the signing cert.
lnNReplaced = loSbXml.Replace("BinarySecurityToken_Base64Binary_Content",loCert.GetEncoded())
loGen.Behaviors = "IndentedSignature"
* Sign the XML...
lnSuccess = loGen.CreateXmlDSigSb(loSbXml)
IF (lnSuccess = 0) THEN
? loGen.LastErrorText
RELEASE loPfx
RELEASE loSigningCert
RELEASE loBdCert
RELEASE loSbCert64
RELEASE loXmlToSign
RELEASE loGen
RELEASE loCert
RELEASE loXmlCustomKeyInfo
RELEASE loSbXml
CANCEL
ENDIF
* -----------------------------------------------
* Save the signed XML to a file.
lnSuccess = loSbXml.WriteFile("c:/temp/qa_output/signedXml.xml","utf-8",0)
? loSbXml.GetAsString()
RELEASE loPfx
RELEASE loSigningCert
RELEASE loBdCert
RELEASE loSbCert64
RELEASE loXmlToSign
RELEASE loGen
RELEASE loCert
RELEASE loXmlCustomKeyInfo
RELEASE loSbXml