Sample code for 30+ languages & platforms
Visual FoxPro

Sign Italian SPID Metadata XML

See more XML Digital Signatures Examples

Demonstrates how to create an XML digital signature for Italian SPID Metadata.

Chilkat Visual FoxPro Downloads

Visual FoxPro
LOCAL lnSuccess
LOCAL loSbXml
LOCAL loGen
LOCAL loCert
LOCAL loVerifier
LOCAL lnNumSigs
LOCAL lnVerifyIdx
LOCAL lnVerified

lnSuccess = 0

* This example assumes the Chilkat API to have been previously unlocked.
* See Global Unlock Sample for sample code.

lnSuccess = 1

* Load the XML to be signed.
loSbXml = CreateObject('Chilkat.StringBuilder')
lnSuccess = loSbXml.LoadFile("qa_data/xml_dsig/spid_metadata.xml","utf-8")
IF (lnSuccess = 0) THEN
    ? "Failed to load the input file."
    RELEASE loSbXml
    CANCEL
ENDIF

* The XML to sign contains XML such as this:

* <?xml version="1.0" encoding="utf-8"?>
* <md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" entityID="https://***.it" ID="_AE17AFFF-A600-49D5-B81D-76EEA55B50FF">
*     <md:SPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol" AuthnRequestsSigned="true" WantAssertionsSigned="true">
*         <md:KeyDescriptor use="signing">
*             <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
*                 <ds:X509Data>
*                     <ds:X509Certificate>MIIF5...</ds:X509Certificate>
*                 </ds:X509Data>
*             </ds:KeyInfo>
*         </md:KeyDescriptor>
*         <md:KeyDescriptor use="encryption">
*             <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
*                 <ds:X509Data>
*                     <ds:X509Certificate>MIIF5...</ds:X509Certificate>
*                 </ds:X509Data>
*             </ds:KeyInfo>
*         </md:KeyDescriptor>
*         <md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://***.it/it-it/spid/logout"/>
*         <md:NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:transient</md:NameIDFormat>
*         <md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://***.it/it-it/spid/loginresp" index="0" isDefault="true"/>
*         <md:AttributeConsumingService index="1">
*             <md:ServiceName xml:lang="it">Servizi Online</md:ServiceName>
*             <md:ServiceDescription xml:lang="it">Accesso ai Servizi Online</md:ServiceDescription>
*             <md:RequestedAttribute Name="spidCode" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic"/>
*             <md:RequestedAttribute Name="name" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic"/>
*             <md:RequestedAttribute Name="familyName" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic"/>
*             <md:RequestedAttribute Name="fiscalNumber" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic"/>
*         </md:AttributeConsumingService>
*     </md:SPSSODescriptor>
*     <md:Organization>
*         <md:OrganizationName xml:lang="it">SomeCompany s.r.l.</md:OrganizationName>
*         <md:OrganizationDisplayName xml:lang="it">SomeCompany s.r.l.</md:OrganizationDisplayName>
*         <md:OrganizationURL xml:lang="it">https://***.it</md:OrganizationURL>
*     </md:Organization>
* </md:EntityDescriptor>

loGen = CreateObject('Chilkat.XmlDSigGen')

loGen.SigLocation = "md:EntityDescriptor|md:SPSSODescriptor"
loGen.SigLocationMod = 2
loGen.SignedInfoCanonAlg = "EXCL_C14N"
loGen.SignedInfoDigestMethod = "sha256"

* -------- Reference 1 --------
loGen.AddSameDocRef("_AE17AFFF-A600-49D5-B81D-76EEA55B50FF","sha256","EXCL_C14N","","")

* Provide a certificate + private key. (PFX password is test123)
loCert = CreateObject('Chilkat.Cert')
lnSuccess = loCert.LoadPfxFile("qa_data/pfx/cert_test123.pfx","test123")
IF (lnSuccess <> 1) THEN
    ? loCert.LastErrorText
    RELEASE loSbXml
    RELEASE loGen
    RELEASE loCert
    CANCEL
ENDIF

loGen.SetX509Cert(loCert,1)

loGen.KeyInfoType = "X509Data+KeyValue"
loGen.X509Type = "Certificate"

loGen.Behaviors = "IndentedSignature,ForceAddEnvelopedSignatureTransform,OmitAlreadyDefinedSigNamespace"

* Sign the XML...
lnSuccess = loGen.CreateXmlDSigSb(loSbXml)
IF (lnSuccess <> 1) THEN
    ? loGen.LastErrorText
    RELEASE loSbXml
    RELEASE loGen
    RELEASE loCert
    CANCEL
ENDIF

* -----------------------------------------------

* Save the signed XML to a file.
lnSuccess = loSbXml.WriteFile("qa_output/signedXml.xml","utf-8",0)

? loSbXml.GetAsString()

* ----------------------------------------
* Verify the signatures we just produced...
loVerifier = CreateObject('Chilkat.XmlDSig')
lnSuccess = loVerifier.LoadSignatureSb(loSbXml)
IF (lnSuccess <> 1) THEN
    ? loVerifier.LastErrorText
    RELEASE loSbXml
    RELEASE loGen
    RELEASE loCert
    RELEASE loVerifier
    CANCEL
ENDIF

lnNumSigs = loVerifier.NumSignatures
lnVerifyIdx = 0
DO WHILE lnVerifyIdx < lnNumSigs
    loVerifier.Selector = lnVerifyIdx
    lnVerified = loVerifier.VerifySignature(1)
    IF (lnVerified <> 1) THEN
        ? loVerifier.LastErrorText
        RELEASE loSbXml
        RELEASE loGen
        RELEASE loCert
        RELEASE loVerifier
        CANCEL
    ENDIF

    lnVerifyIdx = lnVerifyIdx + 1
ENDDO
? "All signatures were successfully verified."

RELEASE loSbXml
RELEASE loGen
RELEASE loCert
RELEASE loVerifier