(Go) Sign Italian SPID Metadata XML

Demonstrates how to create an XML digital signature for Italian SPID Metadata.

Chilkat Go Downloads Go Package for Windows, MacOS, Linux, Alpine Linux, Solaris

    // This example assumes the Chilkat API to have been previously unlocked.
    // See Global Unlock Sample for sample code.

    success := true

    // Load the XML to be signed.
    sbXml := chilkat.NewStringBuilder()
    success = sbXml.LoadFile("qa_data/xml_dsig/spid_metadata.xml","utf-8")
    if success == false {
        fmt.Println("Failed to load the input file.")
        sbXml.DisposeStringBuilder()
        return
    }

    // The XML to sign contains XML such as this:

    // <?xml version="1.0" encoding="utf-8"?>
    // <md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" entityID="https://***.it" ID="_AE17AFFF-A600-49D5-B81D-76EEA55B50FF">
    //     <md:SPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol" AuthnRequestsSigned="true" WantAssertionsSigned="true">
    //         <md:KeyDescriptor use="signing">
    //             <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
    //                 <ds:X509Data>
    //                     <ds:X509Certificate>MIIF5...</ds:X509Certificate>
    //                 </ds:X509Data>
    //             </ds:KeyInfo>
    //         </md:KeyDescriptor>
    //         <md:KeyDescriptor use="encryption">
    //             <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
    //                 <ds:X509Data>
    //                     <ds:X509Certificate>MIIF5...</ds:X509Certificate>
    //                 </ds:X509Data>
    //             </ds:KeyInfo>
    //         </md:KeyDescriptor>
    //         <md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://***.it/it-it/spid/logout"/>
    //         <md:NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:transient</md:NameIDFormat>
    //         <md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://***.it/it-it/spid/loginresp" index="0" isDefault="true"/>
    //         <md:AttributeConsumingService index="1">
    //             <md:ServiceName xml:lang="it">Servizi Online</md:ServiceName>
    //             <md:ServiceDescription xml:lang="it">Accesso ai Servizi Online</md:ServiceDescription>
    //             <md:RequestedAttribute Name="spidCode" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic"/>
    //             <md:RequestedAttribute Name="name" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic"/>
    //             <md:RequestedAttribute Name="familyName" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic"/>
    //             <md:RequestedAttribute Name="fiscalNumber" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic"/>
    //         </md:AttributeConsumingService>
    //     </md:SPSSODescriptor>
    //     <md:Organization>
    //         <md:OrganizationName xml:lang="it">SomeCompany s.r.l.</md:OrganizationName>
    //         <md:OrganizationDisplayName xml:lang="it">SomeCompany s.r.l.</md:OrganizationDisplayName>
    //         <md:OrganizationURL xml:lang="it">https://***.it</md:OrganizationURL>
    //     </md:Organization>
    // </md:EntityDescriptor>

    gen := chilkat.NewXmlDSigGen()

    gen.SetSigLocation("md:EntityDescriptor|md:SPSSODescriptor")
    gen.SetSigLocationMod(2)
    gen.SetSignedInfoCanonAlg("EXCL_C14N")
    gen.SetSignedInfoDigestMethod("sha256")

    // -------- Reference 1 --------
    gen.AddSameDocRef("_AE17AFFF-A600-49D5-B81D-76EEA55B50FF","sha256","EXCL_C14N","","")

    // Provide a certificate + private key. (PFX password is test123)
    cert := chilkat.NewCert()
    success = cert.LoadPfxFile("qa_data/pfx/cert_test123.pfx","test123")
    if success != true {
        fmt.Println(cert.LastErrorText())
        sbXml.DisposeStringBuilder()
        gen.DisposeXmlDSigGen()
        cert.DisposeCert()
        return
    }

    gen.SetX509Cert(cert,true)

    gen.SetKeyInfoType("X509Data+KeyValue")
    gen.SetX509Type("Certificate")

    gen.SetBehaviors("IndentedSignature,ForceAddEnvelopedSignatureTransform,OmitAlreadyDefinedSigNamespace")

    // Sign the XML...
    success = gen.CreateXmlDSigSb(sbXml)
    if success != true {
        fmt.Println(gen.LastErrorText())
        sbXml.DisposeStringBuilder()
        gen.DisposeXmlDSigGen()
        cert.DisposeCert()
        return
    }

    // -----------------------------------------------

    // Save the signed XML to a file.
    success = sbXml.WriteFile("qa_output/signedXml.xml","utf-8",false)

    fmt.Println(*sbXml.GetAsString())

    // ----------------------------------------
    // Verify the signatures we just produced...
    verifier := chilkat.NewXmlDSig()
    success = verifier.LoadSignatureSb(sbXml)
    if success != true {
        fmt.Println(verifier.LastErrorText())
        sbXml.DisposeStringBuilder()
        gen.DisposeXmlDSigGen()
        cert.DisposeCert()
        verifier.DisposeXmlDSig()
        return
    }

    numSigs := verifier.NumSignatures()
    verifyIdx := 0
    for verifyIdx < numSigs {
        verifier.SetSelector(verifyIdx)
        verified := verifier.VerifySignature(true)
        if verified != true {
            fmt.Println(verifier.LastErrorText())
            sbXml.DisposeStringBuilder()
            gen.DisposeXmlDSigGen()
            cert.DisposeCert()
            verifier.DisposeXmlDSig()
            return
        }

        verifyIdx = verifyIdx + 1
    }

    fmt.Println("All signatures were successfully verified.")

    sbXml.DisposeStringBuilder()
    gen.DisposeXmlDSigGen()
    cert.DisposeCert()
    verifier.DisposeXmlDSig()