![]() |
Chilkat HOME Android™ AutoIt C C# C++ Chilkat2-Python CkPython Classic ASP DataFlex Delphi DLL Go Java Node.js Objective-C PHP Extension Perl PowerBuilder PowerShell PureBasic Ruby SQL Server Swift Tcl Unicode C Unicode C++ VB.NET VBScript Visual Basic 6.0 Visual FoxPro Xojo Plugin
(Objective-C) Belgium eHealth Platform - checkAccessControlSee more Belgian eHealth Platform ExamplesDemonstrates the checkAccessControl operation of PlatformIntegrationConsumerTest, which requires an X.509 certificate and signature. This tests the validity of your certificate and signature.Note: This example requires Chilkat v11.0.0 or greater. For more information, see https://www.ehealth.fgov.be/ehealthplatform/nl/beveiliging-van-webservices#1
#import <CkoCert.h> #import <CkoXml.h> #import <CkoBinData.h> #import <CkoDateTime.h> #import <CkoXmlDSigGen.h> #import <CkoStringBuilder.h> #import <CkoHttp.h> #import <CkoHttpResponse.h> BOOL success = NO; // This example assumes the Chilkat API to have been previously unlocked. // See Global Unlock Sample for sample code. // Provide a certificate + private key. // Note: If your certificate + private key is located on a hardware token or smartcard, you can call a different function to load from smartcard.. CkoCert *cert = [[CkoCert alloc] init]; success = [cert LoadPfxFile: @"SSIN=12345678.acc.p12" password: @"p12_password"]; if (success == NO) { NSLog(@"%@",cert.LastErrorText); return; } // Create the XML to be signed... CkoXml *xmlToSign = [[CkoXml alloc] init]; xmlToSign.Tag = @"soapenv:Envelope"; [xmlToSign AddAttribute: @"xmlns:soapenv" value: @"http://schemas.xmlsoap.org/soap/envelope/"]; [xmlToSign AddAttribute: @"xmlns:urn" value: @"urn:be:fgov:ehealth:platformintegrationconsumertest:v1"]; [xmlToSign AddAttribute: @"xmlns:urn1" value: @"urn:be:fgov:ehealth:platformintegrationconsumertest:types:v1"]; [xmlToSign UpdateAttrAt: @"soapenv:Header|wsse:Security" autoCreate: YES attrName: @"xmlns:wsse" attrValue: @"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"]; [xmlToSign UpdateAttrAt: @"soapenv:Header|wsse:Security" autoCreate: YES attrName: @"xmlns:wsu" attrValue: @"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"]; [xmlToSign UpdateAttrAt: @"soapenv:Header|wsse:Security|wsse:BinarySecurityToken" autoCreate: YES attrName: @"EncodingType" attrValue: @"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary"]; [xmlToSign UpdateAttrAt: @"soapenv:Header|wsse:Security|wsse:BinarySecurityToken" autoCreate: YES attrName: @"ValueType" attrValue: @"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"]; [xmlToSign UpdateAttrAt: @"soapenv:Header|wsse:Security|wsse:BinarySecurityToken" autoCreate: YES attrName: @"wsu:Id" attrValue: @"X509-FC77E2C72083DA8E0F16711753508182856"]; // --------------------------------------------------------------------------------------------------------------- // A note about the Id's, such as X509-FC77E2C72083DA8E0F16711753508182856, TS-FC77E2C72083DA8E0F16711753508042855, etc. // These Id's simply need to be unique within the XML document. You don't need to generate new Id's every time. // You can use the same Id's in each XML document that is submitted. The purpose of each Id is to // match the XMLDsig Reference to the element in XML being referenced. // In other words, you could use the Id's "mickey_mouse", "donald_duck", and "goofy", and it would work perfectly OK, // as long as no other XML elements also use the Id's "mickey_mouse", "donald_duck", or "goofy" // --------------------------------------------------------------------------------------------------------------- CkoBinData *bdCert = [[CkoBinData alloc] init]; [cert ExportCertDerBd: bdCert]; [xmlToSign UpdateChildContent: @"soapenv:Header|wsse:Security|wsse:BinarySecurityToken" value: [bdCert GetEncoded: @"base64"]]; [xmlToSign UpdateAttrAt: @"soapenv:Header|wsse:Security|wsu:Timestamp" autoCreate: YES attrName: @"wsu:Id" attrValue: @"TS-FC77E2C72083DA8E0F16711753508042855"]; CkoDateTime *dt = [[CkoDateTime alloc] init]; [dt SetFromCurrentSystemTime]; [xmlToSign UpdateChildContent: @"soapenv:Header|wsse:Security|wsu:Timestamp|wsu:Created" value: [dt GetAsTimestamp: NO]]; [dt AddSeconds: [NSNumber numberWithInt: 3600]]; [xmlToSign UpdateChildContent: @"soapenv:Header|wsse:Security|wsu:Timestamp|wsu:Expires" value: [dt GetAsTimestamp: NO]]; [dt AddSeconds: [NSNumber numberWithInt: -3600]]; [xmlToSign UpdateAttrAt: @"soapenv:Body" autoCreate: YES attrName: @"wsu:Id" attrValue: @"id-FC77E2C72083DA8E0F16711753508182859"]; [xmlToSign UpdateAttrAt: @"soapenv:Body" autoCreate: YES attrName: @"xmlns:wsu" attrValue: @"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"]; [xmlToSign UpdateChildContent: @"soapenv:Body|urn:CheckAccessControlRequest|urn1:Message" value: @"Hello World"]; // Create a timestamp with the current date/time in the following format: 2014-12-30T15:29:03.157+01:00 [xmlToSign UpdateChildContent: @"soapenv:Body|urn:CheckAccessControlRequest|urn1:Timestamp" value: [dt GetAsTimestamp: YES]]; CkoXmlDSigGen *gen = [[CkoXmlDSigGen alloc] init]; gen.SigLocation = @"soapenv:Envelope|soapenv:Header|wsse:Security|wsse:BinarySecurityToken"; gen.SigLocationMod = [NSNumber numberWithInt:1]; gen.SigId = @"SIG-FC77E2C72083DA8E0F16711753508252860"; gen.SigNamespacePrefix = @"ds"; gen.SigNamespaceUri = @"http://www.w3.org/2000/09/xmldsig#"; gen.SignedInfoPrefixList = @"soapenv urn urn1"; gen.IncNamespacePrefix = @"ec"; gen.IncNamespaceUri = @"http://www.w3.org/2001/10/xml-exc-c14n#"; gen.SignedInfoCanonAlg = @"EXCL_C14N"; gen.SignedInfoDigestMethod = @"sha256"; // Set the KeyInfoId before adding references.. gen.KeyInfoId = @"KI-FC77E2C72083DA8E0F16711753508182857"; // -------- Reference 1 -------- [gen AddSameDocRef: @"TS-FC77E2C72083DA8E0F16711753508042855" digestMethod: @"sha256" canonMethod: @"EXCL_C14N" prefixList: @"wsse soapenv urn urn1" refType: @""]; // -------- Reference 2 -------- [gen AddSameDocRef: @"id-FC77E2C72083DA8E0F16711753508182859" digestMethod: @"sha256" canonMethod: @"EXCL_C14N" prefixList: @"urn urn1" refType: @""]; // -------- Reference 3 -------- [gen AddSameDocRef: @"X509-FC77E2C72083DA8E0F16711753508182856" digestMethod: @"sha256" canonMethod: @"EXCL_C14N" prefixList: @"_EMPTY_" refType: @""]; [gen SetX509Cert: cert usePrivateKey: YES]; gen.KeyInfoType = @"Custom"; // Create the custom KeyInfo XML.. CkoXml *xmlCustomKeyInfo = [[CkoXml alloc] init]; xmlCustomKeyInfo.Tag = @"wsse:SecurityTokenReference"; [xmlCustomKeyInfo AddAttribute: @"wsu:Id" value: @"STR-FC77E2C72083DA8E0F16711753508182858"]; [xmlCustomKeyInfo UpdateAttrAt: @"wsse:Reference" autoCreate: YES attrName: @"URI" attrValue: @"#X509-FC77E2C72083DA8E0F16711753508182856"]; [xmlCustomKeyInfo UpdateAttrAt: @"wsse:Reference" autoCreate: YES attrName: @"ValueType" attrValue: @"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"]; xmlCustomKeyInfo.EmitXmlDecl = NO; gen.CustomKeyInfoXml = [xmlCustomKeyInfo GetXml]; // Load XML to be signed... CkoStringBuilder *sbXml = [[CkoStringBuilder alloc] init]; [xmlToSign GetXmlSb: sbXml]; gen.Behaviors = @"IndentedSignature"; // Sign the XML... success = [gen CreateXmlDSigSb: sbXml]; if (success == NO) { NSLog(@"%@",gen.LastErrorText); return; } // ----------------------------------------------- // Send the signed XML... CkoHttp *http = [[CkoHttp alloc] init]; success = [http SetSslClientCert: cert]; if (success == NO) { NSLog(@"%@",http.LastErrorText); return; } [http SetRequestHeader: @"Content-Type" value: @"text/xml"]; // Change to services.ehealth.fgov.be for the production environment. CkoHttpResponse *resp = [[CkoHttpResponse alloc] init]; success = [http HttpSb: @"POST" url: @"https://services-acpt.ehealth.fgov.be/PlatformIntegrationConsumerTest/v1" sb: sbXml charset: @"utf-8" contentType: @"application/xml" response: resp]; if (success == NO) { NSLog(@"%@",http.LastErrorText); return; } NSLog(@"%@",resp.BodyStr); NSLog(@"%@%d",@"response status code = ",[resp.StatusCode intValue]); // A successful response is a 200 status code, with this sample response: // <soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"> // <soapenv:Header xmlns:v1="urn:be:fgov:ehealth:platformintegrationconsumertest:v1" xmlns:v11="urn:be:fgov:ehealth:platformintegrationconsumertest:types:v1"/> // <soapenv:Body xmlns:ic="urn:be:fgov:ehealth:platformintegrationconsumertest:v1" xmlns:type="urn:be:fgov:ehealth:platformintegrationconsumertest:types:v1"> // <ic:CheckAccessControlResponse> // <type:Message>Hello World</type:Message> // <type:Timestamp>2023-09-28T22:17:26.643+02:00</type:Timestamp> // <type:AuthenticatedConsumer>CN="SSIN=aaaaaa", OU=eHealth-platform Belgium, OU=bbbb, OU="SSIN=aaaaaaa", O=Federal Government, C=BE</type:AuthenticatedConsumer> // </ic:CheckAccessControlResponse> // </soapenv:Body> // </soapenv:Envelope> |
© 2000-2025 Chilkat Software, Inc. All Rights Reserved.