|
Chilkat • HOME • .NET Core C# • Android™ • AutoIt • C • C# • C++ • Chilkat2-Python • CkPython • Classic ASP • DataFlex • Delphi ActiveX • Delphi DLL • Go • Java • Lianja • Mono C# • Node.js • Objective-C • PHP ActiveX • PHP Extension • Perl • PowerBuilder • PowerShell • PureBasic • Ruby • SQL Server • Swift 2 • Swift 3,4,5... • Tcl • Unicode C • Unicode C++ • VB.NET • VBScript • Visual Basic 6.0 • Visual FoxPro • Xojo Plugin
(Objective-C) Create XML Signature using Java KeyStore (.jks)Demonstrates how to create an XML digital signature using a certificate and private key from a Java KeyStore (.jks)
#import <CkoXml.h> #import <CkoJavaKeyStore.h> #import <NSString.h> #import <CkoCertChain.h> #import <CkoCert.h> #import <CkoXmlDSigGen.h> #import <CkoStringBuilder.h> // This example requires the Chilkat API to have been previously unlocked. // See Global Unlock Sample for sample code. // The SOAP XML to be signed in this example contains the following: // <?xml version="1.0" encoding="UTF-8" standalone="no" ?> // <SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"> // <SOAP-ENV:Header> // <wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" SOAP-ENV:mustUnderstand="1"></wsse:Security> // </SOAP-ENV:Header> // <SOAP-ENV:Body xmlns:SOAP-SEC="http://schemas.xmlsoap.org/soap/security/2000-12" SOAP-SEC:id="Body"> // <z:FooBar xmlns:z="http://example.com" /> // </SOAP-ENV:Body> // </SOAP-ENV:Envelope> // // Build the XML to sign. // Use this online tool to generate the code from sample XML: // Generate Code to Create XML CkoXml *xml = [[CkoXml alloc] init]; xml.Tag = @"SOAP-ENV:Envelope"; [xml AddAttribute: @"xmlns:SOAP-ENV" value: @"http://schemas.xmlsoap.org/soap/envelope/"]; [xml UpdateAttrAt: @"SOAP-ENV:Header|wsse:Security" autoCreate: YES attrName: @"xmlns:wsse" attrValue: @"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"]; [xml UpdateAttrAt: @"SOAP-ENV:Header|wsse:Security" autoCreate: YES attrName: @"SOAP-ENV:mustUnderstand" attrValue: @"1"]; [xml UpdateAttrAt: @"SOAP-ENV:Body" autoCreate: YES attrName: @"xmlns:SOAP-SEC" attrValue: @"http://schemas.xmlsoap.org/soap/security/2000-12"]; [xml UpdateAttrAt: @"SOAP-ENV:Body" autoCreate: YES attrName: @"SOAP-SEC:id" attrValue: @"Body"]; [xml UpdateAttrAt: @"SOAP-ENV:Body|z:FooBar" autoCreate: YES attrName: @"xmlns:z" attrValue: @"http://example.com"]; // Load a JavaKeyStore file containing the certificate + private key. CkoJavaKeyStore *jks = [[CkoJavaKeyStore alloc] init]; NSString *password = @"secret"; BOOL success = [jks LoadFile: password path: @"qa_data/jks/test_secret.jks"]; if (success != YES) { NSLog(@"%@",jks.LastErrorText); return; } // Make sure we have a private key. if ([jks.NumPrivateKeys intValue] < 1) { NSLog(@"%@",@"No private key available."); return; } // ------------------------------------------------------------------------- // Get the certificate chain associated with the 1st (and probably only) private key in the JKS. CkoCertChain *chain = [jks GetCertChain: [NSNumber numberWithInt: 0]]; if (jks.LastMethodSuccess != YES) { NSLog(@"%@",jks.LastErrorText); return; } CkoCert *cert = [chain GetCert: [NSNumber numberWithInt: 0]]; if (chain.LastMethodSuccess != YES) { NSLog(@"%@",chain.LastErrorText); return; } // Verify again that this cert has a private key. if ([cert HasPrivateKey] != YES) { NSLog(@"%@",@"Certificate has no associated private key."); return; } // Prepare for signing... // Use this online tool to generate the following code from an already-signed XML sample: // Generate Code to Create an XML Signature CkoXmlDSigGen *gen = [[CkoXmlDSigGen alloc] init]; // Indicate where the Signature will be inserted. gen.SigLocation = @"SOAP-ENV:Envelope|SOAP-ENV:Header|wsse:Security"; // Add a reference to the fragment of the XML to be signed. [gen AddSameDocRef: @"Body" digestMethod: @"sha1" canonMethod: @"EXCL_C14N" prefixList: @"" refType: @""]; // (You can read about the SignedInfoPrefixList in the online reference documentation. It's optional..) gen.SignedInfoPrefixList = @"wsse SOAP-ENV"; // Provide the private key for signing via the certificate, and indicate that // we want the base64 of the certificate embedded in the KeyInfo. gen.KeyInfoType = @"X509Data"; gen.X509Type = @"Certificate"; // Note: Because our certificate was loaded from a JKS which also contained the private key, // Chilkat automatically knows and has the private key associated with the certificate. // We set bUsePrivateKey to tell the SetX509Cert method to automatically use the private key // associated with the certificate for signing. BOOL bUsePrivateKey = YES; success = [gen SetX509Cert: cert usePrivateKey: bUsePrivateKey]; if (success != YES) { NSLog(@"%@",gen.LastErrorText); return; } // Everything's specified. Now create and insert the Signature CkoStringBuilder *sbXml = [[CkoStringBuilder alloc] init]; [xml GetXmlSb: sbXml]; success = [gen CreateXmlDSigSb: sbXml]; if (success != YES) { NSLog(@"%@",gen.LastErrorText); return; } // Examine the XML with the digital signature inserted NSLog(@"%@",[sbXml GetAsString]); |
||||
© 2000-2024 Chilkat Software, Inc. All Rights Reserved.