Chilkat HOME Android™ Classic ASP C C++ C# Mono C# .NET Core C# C# UWP/WinRT DataFlex Delphi ActiveX Delphi DLL Visual FoxPro Java Lianja MFC Objective-C Perl PHP ActiveX PHP Extension PowerBuilder PowerShell PureBasic CkPython Chilkat2-Python Ruby SQL Server Swift 2 Swift 3,4,5... Tcl Unicode C Unicode C++ Visual Basic 6.0 VB.NET VB.NET UWP/WinRT VBScript Xojo Plugin Node.js Excel Go
(MFC) Create IRS MeF Login Service Request MessageThis example demonstrates how to create a digitally signed Login Service Request Message. This example used the documentation at https://www.irs.gov/pub/irs-utl/mef-doc-stp_ref_guide.pdf as a guide. It creates signed XML as specified in section 4.1.1 found in Section 4: Example A2A Web Service Messages.
#include <CkPfx.h> #include <CkCert.h> #include <CkBinData.h> #include <CkStringBuilder.h> #include <CkXml.h> #include <CkXmlDSigGen.h> void ChilkatSample(void) { CkString strOut; // This example requires the Chilkat API to have been previously unlocked. // See Global Unlock Sample for sample code. // The goal of this example is to create signed SOAP XML such as the following: // IMPORTANT: The IRS's PDF documentation at https://www.irs.gov/pub/irs-utl/mef-doc-stp_ref_guide.pdf // contains a mistake in the section 4.1.1. Specifically, the Id="hdr" attribute is wrong. It must match the Reference in the ds:Signature, // which is why we changed it to "myHdr". // <?xml version="1.0" encoding="UTF-8" ?> // <SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"> // <SOAP-ENV:Header> // <ns1:MeFHeader xmlns:ns1="http://www.irs.gov/a2a/mef/MeFHeader.xsd" Id="myHdr"> // <ns1:MessageID>001232006026123abcde</ns1:MessageID> // <ns1:Action>https://www.irs.gov/a2a/mef/Login/</ns1:Action> // <ns1:MessageTs>2006-09-27T08:55:29.348Z</ns1:MessageTs> // <ns1:ETIN>00123</ns1:ETIN> // <ns1:SessionKeyCd>Y</ns1:SessionKeyCd> // <ns1:TestCd>T</ns1:TestCd> // <ns1:AppSysID>username</ns1:AppSysID> // <ns1:WSDLVersionNum>10.0</ns1:WSDLVersionNum> // </ns1:MeFHeader> // <wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"> // <wsse:BinarySecurityToken // ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" // EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" // wsu:Id="X509Token">/CgBr+1CEl/PtYtAaMB0GA1UdDgQWBBSrtL3lSnDOzSluMLggQUgHpkDFGTAJBgNV HRMEAjAAMBkGCSqGSIb2fQdBAAQMMAobBFY1LjADAgMoMA0GCSqGSIb3DQEB BQUAA4GBAC6SVzmX2I2kr5f0Na83ujcSwixpzHE2LqLBFsKm0GdPdarHFB2Qt85zbQ9 PRCROObm9HCIO5KMCjHp7D4g+.0QVA36IbEn8</wsse:BinarySecurityToken> // // <ds:Signature> // <ds:SignedInfo> // <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /> // <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" /> // <ds:Reference URI="#myHdr"> // <ds:Transforms> // <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /> // </ds:Transforms> // <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /> // <ds:DigestValue>qZk+NkcGgWq6PiVxeFDCbJzQ2J0=</ds:DigestValue> // </ds:Reference> // <ds:Reference URI="#myBody"> // <ds:Transforms> // <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /> // </ds:Transforms> // <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /> // <ds:DigestValue>hJg+RBw70m66rkqh+VEp5eVGcPE=</ds:DigestValue> // </ds:Reference> // </ds:SignedInfo> // <ds:SignatureValue>dsBeQ9qNXM1yU6BbWdBkSN676inwf+CgDORUKqOFuwWUzaOxUmHIq1Pb7uAB Yw6xkooLbQGS/M3t4Df+hd31prR9Pn9IFqG87Rt169+Il8L9GRgPhAATgne8Rh3jOaq nfrJ5BBM0VmbZdL+c7dfNcnpW13D/kltZMvlFRXR87Hs=</ds:SignatureValue> // <ds:KeyInfo> // <wsse:SecurityTokenReference> // <wsse:Reference URI="#X509Token" /> // </wsse:SecurityTokenReference> // </ds:KeyInfo> // </ds:Signature> // </wsse:Security> // </SOAP-ENV:Header> // <SOAP-ENV:Body ID="myBody"> // <LoginRequest xmlns="http://www.irs.gov/a2a/mef/MeFMSIServices.xsd" /> // </SOAP-ENV:Body> // </SOAP-ENV:Envelope> // ------------------------------------------------------------------------------------------- // First, let's load the certificate + private key to be used for signing (from a PFX). // (It is also possible to use certificates installed on a Windows system, or from other file formats..) CkPfx pfx; bool success = pfx.LoadPfxFile("qa_data/pfx/cert_test123.pfx","test123"); if (success != true) { strOut.append(pfx.lastErrorText()); strOut.append("\r\n"); SetDlgItemText(IDC_EDIT1,strOut.getUnicode()); return; } // We'll be needing the X.509 signing cert as base64 for the BinarySecurityToken, so let's get it now.. // The certificate having the private key should be the 1st in the PFX. CkCert *signingCert = pfx.GetCert(0); if (pfx.get_LastMethodSuccess() != true) { strOut.append(pfx.lastErrorText()); strOut.append("\r\n"); SetDlgItemText(IDC_EDIT1,strOut.getUnicode()); return; } CkBinData bdCert; signingCert->ExportCertDerBd(bdCert); CkStringBuilder sbCert64; bdCert.GetEncodedSb("base64",sbCert64); // ------------------------------------------------------------------------------------------- // The XML before signing would look like this: // <?xml version="1.0" encoding="UTF-8" ?> // <SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"> // <SOAP-ENV:Header> // <ns1:MeFHeader xmlns:ns1="http://www.irs.gov/a2a/mef/MeFHeader.xsd" Id="myHdr"> // <ns1:MessageID>001232006026123abcde</ns1:MessageID> // <ns1:Action>https://www.irs.gov/a2a/mef/Login/</ns1:Action> // <ns1:MessageTs>2006-09-27T08:55:29.348Z</ns1:MessageTs> // <ns1:ETIN>00123</ns1:ETIN> // <ns1:SessionKeyCd>Y</ns1:SessionKeyCd> // <ns1:TestCd>T</ns1:TestCd> // <ns1:AppSysID>username</ns1:AppSysID> // <ns1:WSDLVersionNum>10.0</ns1:WSDLVersionNum> // </ns1:MeFHeader> // <wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"> // <wsse:BinarySecurityToken // ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" // EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" // wsu:Id="X509Token">/CgBr+1CEl/PtYtAaMB0GA1UdDgQWBBSrtL3lSnDOzSluMLggQUgHpkDFGTAJBgNV HRMEAjAAMBkGCSqGSIb2fQdBAAQMMAobBFY1LjADAgMoMA0GCSqGSIb3DQEB BQUAA4GBAC6SVzmX2I2kr5f0Na83ujcSwixpzHE2LqLBFsKm0GdPdarHFB2Qt85zbQ9 PRCROObm9HCIO5KMCjHp7D4g+.0QVA36IbEn8</wsse:BinarySecurityToken> // // </wsse:Security> // </SOAP-ENV:Header> // <SOAP-ENV:Body ID="myBody"> // <LoginRequest xmlns="http://www.irs.gov/a2a/mef/MeFMSIServices.xsd" /> // </SOAP-ENV:Body> // </SOAP-ENV:Envelope> // You can use the online XML code generation tool at http://tools.chilkat.io/xmlCreate.cshtml // to generate the following XML creation source code: CkXml xml; xml.put_Tag("SOAP-ENV:Envelope"); xml.AddAttribute("xmlns:SOAP-ENV","http://schemas.xmlsoap.org/soap/envelope/"); xml.AddAttribute("xmlns:xsd","http://www.w3.org/2001/XMLSchema"); xml.AddAttribute("xmlns:xsi","http://www.w3.org/2001/XMLSchema-instance"); xml.AddAttribute("xmlns:ds","http://www.w3.org/2000/09/xmldsig#"); xml.UpdateAttrAt("SOAP-ENV:Header|ns1:MeFHeader",true,"xmlns:ns1","http://www.irs.gov/a2a/mef/MeFHeader.xsd"); xml.UpdateAttrAt("SOAP-ENV:Header|ns1:MeFHeader",true,"Id","myHdr"); xml.UpdateChildContent("SOAP-ENV:Header|ns1:MeFHeader|ns1:MessageID","001232006026123abcde"); xml.UpdateChildContent("SOAP-ENV:Header|ns1:MeFHeader|ns1:Action","https://www.irs.gov/a2a/mef/Login/"); xml.UpdateChildContent("SOAP-ENV:Header|ns1:MeFHeader|ns1:MessageTs","2006-09-27T08:55:29.348Z"); xml.UpdateChildContent("SOAP-ENV:Header|ns1:MeFHeader|ns1:ETIN","00123"); xml.UpdateChildContent("SOAP-ENV:Header|ns1:MeFHeader|ns1:SessionKeyCd","Y"); xml.UpdateChildContent("SOAP-ENV:Header|ns1:MeFHeader|ns1:TestCd","T"); xml.UpdateChildContent("SOAP-ENV:Header|ns1:MeFHeader|ns1:AppSysID","username"); xml.UpdateChildContent("SOAP-ENV:Header|ns1:MeFHeader|ns1:WSDLVersionNum","10.0"); xml.UpdateAttrAt("SOAP-ENV:Header|wsse:Security",true,"xmlns:wsse","http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"); xml.UpdateAttrAt("SOAP-ENV:Header|wsse:Security",true,"xmlns:wsu","http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"); xml.UpdateAttrAt("SOAP-ENV:Header|wsse:Security|wsse:BinarySecurityToken",true,"ValueType","http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"); xml.UpdateAttrAt("SOAP-ENV:Header|wsse:Security|wsse:BinarySecurityToken",true,"EncodingType","http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary"); xml.UpdateAttrAt("SOAP-ENV:Header|wsse:Security|wsse:BinarySecurityToken",true,"wsu:Id","X509Token"); xml.UpdateChildContent("SOAP-ENV:Header|wsse:Security|wsse:BinarySecurityToken",sbCert64.getAsString()); xml.UpdateAttrAt("SOAP-ENV:Body",true,"ID","myBody"); xml.UpdateAttrAt("SOAP-ENV:Body|LoginRequest",true,"xmlns","http://www.irs.gov/a2a/mef/MeFMSIServices.xsd"); // ------------------------------------------------------------------------------------------- // Setup the XML DSig generator object to create the desired signature. CkXmlDSigGen gen; // Indicate where the signature is to be placed. gen.put_SigLocation("SOAP-ENV:Envelope|SOAP-ENV:Header|wsse:Security"); // Specify namespace prefix and algorithms. gen.put_SigNamespacePrefix("ds"); gen.put_SignedInfoCanonAlg("EXCL_C14N"); gen.put_SignedInfoDigestMethod("sha1"); // Indicate what is to be signed.. success = gen.AddSameDocRef("myHdr","sha1","EXCL_C14N","",""); success = gen.AddSameDocRef("myBody","sha1","EXCL_C14N","",""); // We want the ds:Signature's KeyInfo to contain the following XML: // <wsse:SecurityTokenReference> // <wsse:Reference URI="#X509Token" /> // </wsse:SecurityTokenReference> // Create the above XML... CkXml xmlSecTokRef; xmlSecTokRef.put_Tag("wsse:SecurityTokenReference"); xmlSecTokRef.UpdateAttrAt("wsse:Reference",true,"URI","#X509Token"); // Indicate that the KeyInfoType is "Custom" to allow us to provide the exact XML snippet that will go in KeyInfo. gen.put_KeyInfoType("Custom"); xmlSecTokRef.put_EmitCompact(true); // Don't emit the XML declarator for this (it's important). xmlSecTokRef.put_EmitXmlDecl(false); gen.put_CustomKeyInfoXml(xmlSecTokRef.getXml()); // Provide the certificate for signing. gen.SetX509Cert(*signingCert,true); delete signingCert; // ------------------------------------------------------------------------------------------- // OK.. everything is prepared to create the signed XML. // XML signatures are super-complicated, and one source of errors involves whitespace in XML, which must be // maintained exactly or else the signature becomes invalid. One way to help avoid such errors, // especially if the XML is intended for processing (i.e. not human eyes), is to sign compact XML // where no extra whitespace exists. Also, we can produce the XML signature on a single line. // Therefore, the entire signed XML is one line (except for the XML declarator), and we avoid // all potential problems relating to anything that migh muck with XML formatting or indentation. // Let's do that.. // First, get the XML to be signed in compact form (one line, no indenting or whitespace). xml.put_EmitCompact(true); CkStringBuilder sbLoginRequest; xml.GetXmlSb(sbLoginRequest); // Indicate we desire compact (single-line) signed XML. gen.put_Behaviors("CompactSignedXml"); // Sign the XML. This adds the ds:Signature to the XML in sbLoginRequest. success = gen.CreateXmlDSigSb(sbLoginRequest); if (success != true) { strOut.append(gen.lastErrorText()); strOut.append("\r\n"); SetDlgItemText(IDC_EDIT1,strOut.getUnicode()); return; } // Show the result strOut.append(sbLoginRequest.getAsString()); strOut.append("\r\n"); strOut.append("----"); strOut.append("\r\n"); // Alternatively, we can create a completely non-compact signature, fully indented.. sbLoginRequest.Clear(); xml.put_EmitCompact(false); xml.GetXmlSb(sbLoginRequest); gen.put_Behaviors("IndentedSignature"); success = gen.CreateXmlDSigSb(sbLoginRequest); strOut.append(sbLoginRequest.getAsString()); strOut.append("\r\n"); SetDlgItemText(IDC_EDIT1,strOut.getUnicode()); } |
© 2000-2022 Chilkat Software, Inc. All Rights Reserved.