(Lianja) Belgium eHealth Platform - checkAccessControl

See more Belgian eHealth Platform Examples

Note: This example requires Chilkat v11.0.0 or greater.

For more information, see https://www.ehealth.fgov.be/ehealthplatform/nl/beveiliging-van-webservices#1

Chilkat Lianja Extension Download Chilkat Lianja Extension

llSuccess = .F.

// This example assumes the Chilkat API to have been previously unlocked.
// See Global Unlock Sample for sample code.

// Provide a certificate + private key.
// Note: If your certificate + private key is located on a hardware token or smartcard, you can call a different function to load from smartcard..
loCert = createobject("CkCert")
llSuccess = loCert.LoadPfxFile("SSIN=12345678.acc.p12","p12_password")
if (llSuccess = .F.) then
    ? loCert.LastErrorText
    release loCert
    return
endif

// Create the XML to be signed...
loXmlToSign = createobject("CkXml")
loXmlToSign.Tag = "soapenv:Envelope"
loXmlToSign.AddAttribute("xmlns:soapenv","http://schemas.xmlsoap.org/soap/envelope/")
loXmlToSign.AddAttribute("xmlns:urn","urn:be:fgov:ehealth:platformintegrationconsumertest:v1")
loXmlToSign.AddAttribute("xmlns:urn1","urn:be:fgov:ehealth:platformintegrationconsumertest:types:v1")
loXmlToSign.UpdateAttrAt("soapenv:Header|wsse:Security",.T.,"xmlns:wsse","http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd")
loXmlToSign.UpdateAttrAt("soapenv:Header|wsse:Security",.T.,"xmlns:wsu","http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd")
loXmlToSign.UpdateAttrAt("soapenv:Header|wsse:Security|wsse:BinarySecurityToken",.T.,"EncodingType","http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary")
loXmlToSign.UpdateAttrAt("soapenv:Header|wsse:Security|wsse:BinarySecurityToken",.T.,"ValueType","http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3")
loXmlToSign.UpdateAttrAt("soapenv:Header|wsse:Security|wsse:BinarySecurityToken",.T.,"wsu:Id","X509-FC77E2C72083DA8E0F16711753508182856")

// ---------------------------------------------------------------------------------------------------------------
// A note about the Id's, such as X509-FC77E2C72083DA8E0F16711753508182856, TS-FC77E2C72083DA8E0F16711753508042855, etc.
// These Id's simply need to be unique within the XML document.  You don't need to generate new Id's every time.
// You can use the same Id's in each XML document that is submitted. The purpose of each Id is to
// match the XMLDsig Reference to the element in XML being referenced. 
// In other words, you could use the Id's "mickey_mouse", "donald_duck", and "goofy", and it would work perfectly OK,
// as long as no other XML elements also use the Id's "mickey_mouse", "donald_duck", or "goofy"
// ---------------------------------------------------------------------------------------------------------------

loBdCert = createobject("CkBinData")
loCert.ExportCertDerBd(loBdCert)

loXmlToSign.UpdateChildContent("soapenv:Header|wsse:Security|wsse:BinarySecurityToken",loBdCert.GetEncoded("base64"))
loXmlToSign.UpdateAttrAt("soapenv:Header|wsse:Security|wsu:Timestamp",.T.,"wsu:Id","TS-FC77E2C72083DA8E0F16711753508042855")

loDt = createobject("CkDateTime")
loDt.SetFromCurrentSystemTime()
loXmlToSign.UpdateChildContent("soapenv:Header|wsse:Security|wsu:Timestamp|wsu:Created",loDt.GetAsTimestamp(.F.))
loDt.AddSeconds(3600)
loXmlToSign.UpdateChildContent("soapenv:Header|wsse:Security|wsu:Timestamp|wsu:Expires",loDt.GetAsTimestamp(.F.))
loDt.AddSeconds(-3600)

loXmlToSign.UpdateAttrAt("soapenv:Body",.T.,"wsu:Id","id-FC77E2C72083DA8E0F16711753508182859")
loXmlToSign.UpdateAttrAt("soapenv:Body",.T.,"xmlns:wsu","http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd")
loXmlToSign.UpdateChildContent("soapenv:Body|urn:CheckAccessControlRequest|urn1:Message","Hello World")

// Create a timestamp with the current date/time in the following format: 2014-12-30T15:29:03.157+01:00

loXmlToSign.UpdateChildContent("soapenv:Body|urn:CheckAccessControlRequest|urn1:Timestamp",loDt.GetAsTimestamp(.T.))

loGen = createobject("CkXmlDSigGen")

loGen.SigLocation = "soapenv:Envelope|soapenv:Header|wsse:Security|wsse:BinarySecurityToken"
loGen.SigLocationMod = 1
loGen.SigId = "SIG-FC77E2C72083DA8E0F16711753508252860"
loGen.SigNamespacePrefix = "ds"
loGen.SigNamespaceUri = "http://www.w3.org/2000/09/xmldsig#"
loGen.SignedInfoPrefixList = "soapenv urn urn1"
loGen.IncNamespacePrefix = "ec"
loGen.IncNamespaceUri = "http://www.w3.org/2001/10/xml-exc-c14n#"
loGen.SignedInfoCanonAlg = "EXCL_C14N"
loGen.SignedInfoDigestMethod = "sha256"

// Set the KeyInfoId before adding references..
loGen.KeyInfoId = "KI-FC77E2C72083DA8E0F16711753508182857"

// -------- Reference 1 --------
loGen.AddSameDocRef("TS-FC77E2C72083DA8E0F16711753508042855","sha256","EXCL_C14N","wsse soapenv urn urn1","")

// -------- Reference 2 --------
loGen.AddSameDocRef("id-FC77E2C72083DA8E0F16711753508182859","sha256","EXCL_C14N","urn urn1","")

// -------- Reference 3 --------
loGen.AddSameDocRef("X509-FC77E2C72083DA8E0F16711753508182856","sha256","EXCL_C14N","_EMPTY_","")

loGen.SetX509Cert(loCert,.T.)

loGen.KeyInfoType = "Custom"

// Create the custom KeyInfo XML..
loXmlCustomKeyInfo = createobject("CkXml")
loXmlCustomKeyInfo.Tag = "wsse:SecurityTokenReference"
loXmlCustomKeyInfo.AddAttribute("wsu:Id","STR-FC77E2C72083DA8E0F16711753508182858")
loXmlCustomKeyInfo.UpdateAttrAt("wsse:Reference",.T.,"URI","#X509-FC77E2C72083DA8E0F16711753508182856")
loXmlCustomKeyInfo.UpdateAttrAt("wsse:Reference",.T.,"ValueType","http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3")

loXmlCustomKeyInfo.EmitXmlDecl = .F.
loGen.CustomKeyInfoXml = loXmlCustomKeyInfo.GetXml()

// Load XML to be signed...
loSbXml = createobject("CkStringBuilder")
loXmlToSign.GetXmlSb(loSbXml)

loGen.Behaviors = "IndentedSignature"

// Sign the XML...
llSuccess = loGen.CreateXmlDSigSb(loSbXml)
if (llSuccess = .F.) then
    ? loGen.LastErrorText
    release loCert
    release loXmlToSign
    release loBdCert
    release loDt
    release loGen
    release loXmlCustomKeyInfo
    release loSbXml
    return
endif

// -----------------------------------------------
// Send the signed XML...
loHttp = createobject("CkHttp")

llSuccess = loHttp.SetSslClientCert(loCert)
if (llSuccess = .F.) then
    ? loHttp.LastErrorText
    release loCert
    release loXmlToSign
    release loBdCert
    release loDt
    release loGen
    release loXmlCustomKeyInfo
    release loSbXml
    release loHttp
    return
endif

loHttp.SetRequestHeader("Content-Type","text/xml")

// Change to services.ehealth.fgov.be for the production environment.
loResp = createobject("CkHttpResponse")
llSuccess = loHttp.HttpSb("POST","https://services-acpt.ehealth.fgov.be/PlatformIntegrationConsumerTest/v1",loSbXml,"utf-8","application/xml",loResp)
if (llSuccess = .F.) then
    ? loHttp.LastErrorText
    release loCert
    release loXmlToSign
    release loBdCert
    release loDt
    release loGen
    release loXmlCustomKeyInfo
    release loSbXml
    release loHttp
    release loResp
    return
endif

? loResp.BodyStr
? "response status code = " + str(loResp.StatusCode)

// A successful response is a 200 status code, with this sample response:

// <soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
//    <soapenv:Header xmlns:v1="urn:be:fgov:ehealth:platformintegrationconsumertest:v1" xmlns:v11="urn:be:fgov:ehealth:platformintegrationconsumertest:types:v1"/>
//    <soapenv:Body xmlns:ic="urn:be:fgov:ehealth:platformintegrationconsumertest:v1" xmlns:type="urn:be:fgov:ehealth:platformintegrationconsumertest:types:v1">
//       <ic:CheckAccessControlResponse>
//          <type:Message>Hello World</type:Message>
//          <type:Timestamp>2023-09-28T22:17:26.643+02:00</type:Timestamp>
//          <type:AuthenticatedConsumer>CN="SSIN=aaaaaa", OU=eHealth-platform Belgium, OU=bbbb, OU="SSIN=aaaaaaa", O=Federal Government, C=BE</type:AuthenticatedConsumer>
//       </ic:CheckAccessControlResponse>
//    </soapenv:Body>
// </soapenv:Envelope>


release loCert
release loXmlToSign
release loBdCert
release loDt
release loGen
release loXmlCustomKeyInfo
release loSbXml
release loHttp
release loResp