(Visual FoxPro) Create JWS with Multiple Signatures using the General JSON Serialization Format

Creates a JSON Web Signature (JWS) containing 3 signatures and output using the general JSON serialization format.

Chilkat supports all of the following JWS algorithms:

   +--------------+-------------------------------+--------------------+
   | "alg" Param  | Digital Signature or MAC      | Implementation     |
   | Value        | Algorithm                     | Requirements       |
   +--------------+-------------------------------+--------------------+
   | HS256        | HMAC using SHA-256            | Required           |
   | HS384        | HMAC using SHA-384            | Optional           |
   | HS512        | HMAC using SHA-512            | Optional           |
   | RS256        | RSASSA-PKCS1-v1_5 using       | Recommended        |
   |              | SHA-256                       |                    |
   | RS384        | RSASSA-PKCS1-v1_5 using       | Optional           |
   |              | SHA-384                       |                    |
   | RS512        | RSASSA-PKCS1-v1_5 using       | Optional           |
   |              | SHA-512                       |                    |
   | ES256        | ECDSA using P-256 and SHA-256 | Recommended+       |
   | ES384        | ECDSA using P-384 and SHA-384 | Optional           |
   | ES512        | ECDSA using P-521 and SHA-512 | Optional           |
   | PS256        | RSASSA-PSS using SHA-256 and  | Optional           |
   |              | MGF1 with SHA-256             |                    |
   | PS384        | RSASSA-PSS using SHA-384 and  | Optional           |
   |              | MGF1 with SHA-384             |                    |
   | PS512        | RSASSA-PSS using SHA-512 and  | Optional           |
   |              | MGF1 with SHA-512             |                    |
   +--------------+-------------------------------+--------------------+

Note: This example requires Chilkat v9.5.0.66 or greater.

Chilkat ActiveX Downloads ActiveX for 32-bit and 64-bit Windows

LOCAL loSbRsaJwk
LOCAL loRsaKey
LOCAL lnSuccess
LOCAL loSbEccJwk
LOCAL loEccKey
LOCAL lcHmacKey
LOCAL loJwsProtHdr0
LOCAL loJwsUnprotHdr0
LOCAL loJwsProtHdr1
LOCAL loJwsUnprotHdr1
LOCAL loJwsProtHdr2
LOCAL loJwsUnprotHdr2
LOCAL loJws
LOCAL lnBIncludeBom
LOCAL lcPayloadStr
LOCAL lcJwsStr
LOCAL loJson

* This requires the Chilkat API to have been previously unlocked.
* See Global Unlock Sample for sample code.

* Note: This example requires Chilkat v9.5.0.66 or greater.

* The JWS to be created will contain three signatures.
* The 1st will use an ECC key, the 2nd an RSA key, and the 3rd an HMAC key.

* Prepare each key..

* ---------------------------------------------------
* Use the following RSA key loaded from JWK format.
* For versions of Chilkat < 10.0.0, use CreateObject('Chilkat_9_5_0.StringBuilder')
loSbRsaJwk = CreateObject('Chilkat.StringBuilder')
loSbRsaJwk.Append('{"kty":"RSA",')
loSbRsaJwk.Append('"n":"ofgWCuLjybRlzo0tZWJjNiuSfb4p4fAkd_wWJcyQoTbji9k0l8W26mPddx')
loSbRsaJwk.Append("HmfHQp-Vaw-4qPCJrcS2mJPMEzP1Pt0Bm4d4QlL-yRT-SFd2lZS-pCgNMs")
loSbRsaJwk.Append("D1W_YpRPEwOWvG6b32690r2jZ47soMZo9wGzjb_7OMg0LOL-bSf63kpaSH")
loSbRsaJwk.Append("SXndS5z5rexMdbBYUsLA9e-KXBdQOS-UTo7WTBEMa2R2CapHg665xsmtdV")
loSbRsaJwk.Append("MTBQY4uDZlxvb3qCo5ZwKh9kG4LT6_I5IhlJH7aGhyxXFvUK-DWNmoudF8")
loSbRsaJwk.Append('NAco9_h9iaGNj8q2ethFkMLs91kzk2PAcDTW9gb54h4FRWyuXpoQ",')
loSbRsaJwk.Append('"e":"AQAB",')
loSbRsaJwk.Append('"d":"Eq5xpGnNCivDflJsRQBXHx1hdR1k6Ulwe2JZD50LpXyWPEAeP88vLNO97I')
loSbRsaJwk.Append("jlA7_GQ5sLKMgvfTeXZx9SE-7YwVol2NXOoAJe46sui395IW_GO-pWJ1O0")
loSbRsaJwk.Append("BkTGoVEn2bKVRUCgu-GjBVaYLU6f3l9kJfFNS3E0QbVdxzubSu3Mkqzjkn")
loSbRsaJwk.Append("439X0M_V51gfpRLI9JYanrC4D4qAdGcopV_0ZHHzQlBjudU2QvXt4ehNYT")
loSbRsaJwk.Append("CBr6XCLQUShb1juUO1ZdiYoFaFQT5Tw8bGUl_x_jTj3ccPDVZFD9pIuhLh")
loSbRsaJwk.Append('BOneufuBiB4cS98l2SR_RQyGWSeWjnczT0QU91p1DhOVRuOopznQ",')
loSbRsaJwk.Append('"p":"4BzEEOtIpmVdVEZNCqS7baC4crd0pqnRH_5IB3jw3bcxGn6QLvnEtfdUdi')
loSbRsaJwk.Append("YrqBdss1l58BQ3KhooKeQTa9AB0Hw_Py5PJdTJNPY8cQn7ouZ2KKDcmnPG")
loSbRsaJwk.Append('BY5t7yLc1QlQ5xHdwW1VhvKn-nXqhJTBgIPgtldC-KDV5z-y2XDwGUc",')
loSbRsaJwk.Append('"q":"uQPEfgmVtjL0Uyyx88GZFF1fOunH3-7cepKmtH4pxhtCoHqpWmT8YAmZxa')
loSbRsaJwk.Append("ewHgHAjLYsp1ZSe7zFYHj7C6ul7TjeLQeZD_YwD66t62wDmpe_HlB-TnBA")
loSbRsaJwk.Append('-njbglfIsRLtXlnDzQkv5dTltRJ11BKBBypeeF6689rjcJIDEz9RWdc",')
loSbRsaJwk.Append('"dp":"BwKfV3Akq5_MFZDFZCnW-wzl-CCo83WoZvnLQwCTeDv8uzluRSnm71I3Q')
loSbRsaJwk.Append("CLdhrqE2e9YkxvuxdBfpT_PI7Yz-FOKnu1R6HsJeDCjn12Sk3vmAktV2zb")
loSbRsaJwk.Append('34MCdy7cpdTh_YVr7tss2u6vneTwrA86rZtu5Mbr1C1XsmvkxHQAdYo0",')
loSbRsaJwk.Append('"dq":"h_96-mK1R_7glhsum81dZxjTnYynPbZpHziZjeeHcXYsXaaMwkOlODsWa')
loSbRsaJwk.Append("7I9xXDoRwbKgB719rrmI2oKr6N3Do9U0ajaHF-NKJnwgjMd2w9cjz3_-ky")
loSbRsaJwk.Append('NlxAr2v4IKhGNpmM5iIgOS1VZnOZ68m6_pbLBSp3nssTdlqvd0tIiTHU",')
loSbRsaJwk.Append('"qi":"IYd7DHOhrWvxkwPQsRM2tOgrjbcrfvtQJipd-DlcxyVuuM9sQLdgjVk2o')
loSbRsaJwk.Append("y26F0EmpScGLq2MowX7fhd_QJQ3ydy5cY7YIBi87w93IKLEdfnbJtoOPLU")
loSbRsaJwk.Append('W0ITrJReOgo1cq9SbsxYawBgfp_gh6A5603k2-ZQwVK0JKSHuLFkuQ3U"')
loSbRsaJwk.Append("}")

* For versions of Chilkat < 10.0.0, use CreateObject('Chilkat_9_5_0.PrivateKey')
loRsaKey = CreateObject('Chilkat.PrivateKey')
* Note: This example loads the RSA key from JWK format.  Any format can be loaded
* into the private key object. (See the online reference documentation..)
lnSuccess = loRsaKey.LoadJwk(loSbRsaJwk.GetAsString())
IF (lnSuccess <> 1) THEN
    ? loRsaKey.LastErrorText
    RELEASE loSbRsaJwk
    RELEASE loRsaKey
    CANCEL
ENDIF

* ---------------------------------------------------
* Use the following ECC key loaded from JWK format.
* For versions of Chilkat < 10.0.0, use CreateObject('Chilkat_9_5_0.StringBuilder')
loSbEccJwk = CreateObject('Chilkat.StringBuilder')
loSbEccJwk.Append('{"kty":"EC",')
loSbEccJwk.Append('"crv":"P-256",')
loSbEccJwk.Append('"x":"f83OJ3D2xF1Bg8vub9tLe1gHMzV76e8Tus9uPHvRVEU",')
loSbEccJwk.Append('"y":"x_FEzRu9m36HLN_tue659LNpXW6pCyStikYjKIWI5a0",')
loSbEccJwk.Append('"d":"jpsQnnGQmL-YBIffH1136cspYG6-0iY7X1fCE9-E9LI"')
loSbEccJwk.Append("}")

* For versions of Chilkat < 10.0.0, use CreateObject('Chilkat_9_5_0.PrivateKey')
loEccKey = CreateObject('Chilkat.PrivateKey')
* Note: This example loads the ECDSA key from JWK format.  Any format can be loaded
* into the private key object. (See the online reference documentation..)
lnSuccess = loEccKey.LoadJwk(loSbEccJwk.GetAsString())
IF (lnSuccess <> 1) THEN
    ? loEccKey.LastErrorText
    RELEASE loSbRsaJwk
    RELEASE loRsaKey
    RELEASE loSbEccJwk
    RELEASE loEccKey
    CANCEL
ENDIF

* ---------------------------------------------------
* The HMAC key (in base64url format)
lcHmacKey = "AyM1SysPpbyDfgZld3umj1qzKObwVMkoqQ-EstJQLr_T-1qS0gZH75aKtMN3Yj0iPS4hcgUuTwjAzZr1Z9CAow"

* ---------------------------------------------------
* Prepare the headers..
* RSASSA-PKCS1-v1_5 SHA-256
* For versions of Chilkat < 10.0.0, use CreateObject('Chilkat_9_5_0.JsonObject')
loJwsProtHdr0 = CreateObject('Chilkat.JsonObject')
loJwsProtHdr0.AppendString("alg","RS256")
* For versions of Chilkat < 10.0.0, use CreateObject('Chilkat_9_5_0.JsonObject')
loJwsUnprotHdr0 = CreateObject('Chilkat.JsonObject')
loJwsUnprotHdr0.AppendString("kid","myRsaKey")

* ECDSA using P-256 and SHA-256
* For versions of Chilkat < 10.0.0, use CreateObject('Chilkat_9_5_0.JsonObject')
loJwsProtHdr1 = CreateObject('Chilkat.JsonObject')
loJwsProtHdr1.AppendString("alg","ES256")
* For versions of Chilkat < 10.0.0, use CreateObject('Chilkat_9_5_0.JsonObject')
loJwsUnprotHdr1 = CreateObject('Chilkat.JsonObject')
loJwsUnprotHdr1.AppendString("kid","myEcKey")

* HMAC using SHA-256
* For versions of Chilkat < 10.0.0, use CreateObject('Chilkat_9_5_0.JsonObject')
loJwsProtHdr2 = CreateObject('Chilkat.JsonObject')
loJwsProtHdr2.AppendString("alg","HS256")
* For versions of Chilkat < 10.0.0, use CreateObject('Chilkat_9_5_0.JsonObject')
loJwsUnprotHdr2 = CreateObject('Chilkat.JsonObject')
loJwsUnprotHdr2.AppendString("kid","myMacKey")

* ---------------------------------------------------
* First set the JWS headers, keys, and payload, then we'll create the JWS...
* For versions of Chilkat < 10.0.0, use CreateObject('Chilkat_9_5_0.Jws')
loJws = CreateObject('Chilkat.Jws')

loJws.SetProtectedHeader(0,loJwsProtHdr0)
loJws.SetUnprotectedHeader(0,loJwsUnprotHdr0)
loJws.SetProtectedHeader(1,loJwsProtHdr1)
loJws.SetUnprotectedHeader(1,loJwsUnprotHdr1)
loJws.SetProtectedHeader(2,loJwsProtHdr2)
loJws.SetUnprotectedHeader(2,loJwsUnprotHdr2)

loJws.SetPrivateKey(0,loRsaKey)
loJws.SetPrivateKey(1,loEccKey)
loJws.SetMacKey(2,lcHmacKey,"base64url")

lnBIncludeBom = 0
lcPayloadStr = "In our village, folks say God crumbles up the old moon into stars."
loJws.SetPayload(lcPayloadStr,"utf-8",lnBIncludeBom)

* ---------------------------------------------------
* Create the JWS.
* Givent that multiple signatures will exist, only the general JSON serialization 
* format is possible, and that is what will be produced.
lcJwsStr = loJws.CreateJws()
IF (loJws.LastMethodSuccess <> 1) THEN
    ? loJws.LastErrorText
    RELEASE loSbRsaJwk
    RELEASE loRsaKey
    RELEASE loSbEccJwk
    RELEASE loEccKey
    RELEASE loJwsProtHdr0
    RELEASE loJwsUnprotHdr0
    RELEASE loJwsProtHdr1
    RELEASE loJwsUnprotHdr1
    RELEASE loJwsProtHdr2
    RELEASE loJwsUnprotHdr2
    RELEASE loJws
    CANCEL
ENDIF

* The jwsStr is contains JSON in the smallest possible size, which is a single line.
* To get in human-readable format, load into a Chilkat JSON object and emit..
* For versions of Chilkat < 10.0.0, use CreateObject('Chilkat_9_5_0.JsonObject')
loJson = CreateObject('Chilkat.JsonObject')
loJson.Load(lcJwsStr)
loJson.EmitCompact = 0
? loJson.Emit()

* Sample output:

* { 
*   "payload": "SW4gb3VyIHZpbGxhZ2UsIGZvbGtzIHNheSBHb2QgY3J1bWJsZXMgdXAgdGhlIG9sZCBtb29uIGludG8gc3RhcnMu",
*   "signatures": [
*     { 
*       "protected": "eyJhbGciOiJSUzI1NiJ9",
*       "header": { 
*         "kid": "myRsaKey"
*       },
*       "signature": "B04c24gSnpVm1Z-_bemfyNMCpZm6Knj1yB-yzaIOvijsWfDgoF_mSJccTIbzapNgwJudnobr5iDOfZWiRR9iqCyDJLe5M1S40vFF7MFEI3JecYRgrRc6n1lTkYLMRyVq48BwbQlmKgPqmK9drun3agklsr0FmgNx65pfmcnlYdXsgwxf8WbgppefrlrMImp-98-dNtBcUL8ce1aOjbcyVFjGMCzpm3JerQqIzWQvEwBstnMEQle73KHcyx_nsTmlzY70CaydbRTsciOATL7WfiMwuX1q9Y2NIpTg3CbOTWKdwjh7iyfiAKQxNBaF2mApnqj9hjpf8GwR-CfxAzJtPg"
*     },
*     { 
*       "protected": "eyJhbGciOiJFUzI1NiJ9",
*       "header": { 
*         "kid": "myEcKey"
*       },
*       "signature": "2cbugKq0ERaQMh01n2B-86EZFYleeMf8bsccaQMxzOxAg14PxfjR3IImvodTJYqkmfBJYW203etz2-7ZtJUOGw"
*     },
*     { 
*       "protected": "eyJhbGciOiJIUzI1NiJ9",
*       "header": { 
*         "kid": "myMacKey"
*       },
*       "signature": "e7R9gjx0RsUNa3c7qd8k9mQGEhtcG8vsN1W7jbLb2MA"
*     }
*   ]
* }

RELEASE loSbRsaJwk
RELEASE loRsaKey
RELEASE loSbEccJwk
RELEASE loEccKey
RELEASE loJwsProtHdr0
RELEASE loJwsUnprotHdr0
RELEASE loJwsProtHdr1
RELEASE loJwsUnprotHdr1
RELEASE loJwsProtHdr2
RELEASE loJwsUnprotHdr2
RELEASE loJws
RELEASE loJson