Chilkat HOME .NET Core C# Android™ AutoIt C C# C++ Chilkat2-Python CkPython Classic ASP DataFlex Delphi ActiveX Delphi DLL Go Java Lianja Mono C# Node.js Objective-C PHP ActiveX PHP Extension Perl PowerBuilder PowerShell PureBasic Ruby SQL Server Swift 2 Swift 3,4,5... Tcl Unicode C Unicode C++ VB.NET VBScript Visual Basic 6.0 Visual FoxPro Xojo Plugin
(PureBasic) Create IRS MeF Login Service Request MessageThis example demonstrates how to create a digitally signed Login Service Request Message. This example used the documentation at https://www.irs.gov/pub/irs-utl/mef-doc-stp_ref_guide.pdf as a guide. It creates signed XML as specified in section 4.1.1 found in Section 4: Example A2A Web Service Messages.
IncludeFile "CkBinData.pb" IncludeFile "CkXml.pb" IncludeFile "CkPfx.pb" IncludeFile "CkXmlDSigGen.pb" IncludeFile "CkStringBuilder.pb" IncludeFile "CkCert.pb" Procedure ChilkatExample() ; This example requires the Chilkat API to have been previously unlocked. ; See Global Unlock Sample for sample code. ; -------------------------------------------------------------------------------- ; Also see Chilkat's Online WSDL Code Generator ; to generate code and SOAP Request and Response XML for each operation in a WSDL. ; -------------------------------------------------------------------------------- ; The goal of this example is to create signed SOAP XML such as the following: ; <?xml version="1.0" encoding="UTF-8"?> ; <SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> ; <SOAP-ENV:Header> ; <wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"> ; <wsse:BinarySecurityToken ; xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" ; EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" ; ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" ; wsu:Id="CertId-1673181727">MIIHab...n71P</wsse:BinarySecurityToken> ; <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#"> ; <ds:SignedInfo> ; <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/> ; <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/> ; <ds:Reference URI="#id-1214941501"> ; <ds:Transforms> ; <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/> ; </ds:Transforms> ; <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/> ; <ds:DigestValue>abcdefghijkLMNOPQRSTUVwxyz012345Em0o3VEOTck=</ds:DigestValue> ; </ds:Reference> ; <ds:Reference URI="#id-1871558655"> ; <ds:Transforms> ; <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/> ; </ds:Transforms> ; <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/> ; <ds:DigestValue>abcdefghijkLMNOPQRSTUVwxyz012345Xm5ViA+royg=</ds:DigestValue> ; </ds:Reference> ; </ds:SignedInfo> ; <ds:SignatureValue>abcd...5Nbw==</ds:SignatureValue> ; <ds:KeyInfo Id="KeyId-256137097"> ; <wsse:SecurityTokenReference xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="STRId-1862925355"> ; <wsse:Reference URI="#CertId-1673181727" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"/> ; </wsse:SecurityTokenReference> ; </ds:KeyInfo> ; </ds:Signature> ; </wsse:Security> ; <ns1:MeFHeader xmlns:ns1="http://www.irs.gov/a2a/mef/MeFHeader.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="id-1214941501"> ; <ns1:MessageID>12345202018200000234</ns1:MessageID> ; <ns1:Action>Login</ns1:Action> ; <ns1:MessageTs>2020-06-30T15:25:42.678Z</ns1:MessageTs> ; <ns1:ETIN>12345</ns1:ETIN> ; <ns1:SessionKeyCd>Y</ns1:SessionKeyCd> ; <ns1:TestCd>P</ns1:TestCd> ; <ns1:AppSysID>65432190</ns1:AppSysID> ; <ns1:WSDLVersionNum>10.3</ns1:WSDLVersionNum> ; <ns1:ClientSoftwareTxt>SOATest</ns1:ClientSoftwareTxt> ; </ns1:MeFHeader> ; </SOAP-ENV:Header> ; <SOAP-ENV:Body xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="id-1871558655"> ; <LoginRequest xmlns="http://www.irs.gov/a2a/mef/MeFMSIServices.xsd"/> ; </SOAP-ENV:Body> ; </SOAP-ENV:Envelope> ; ------------------------------------------------------------------------------------------- ; First, let's load the certificate + private key to be used for signing (from a PFX). ; (It is also possible to use certificates installed on a Windows system, or from other file formats..) pfx.i = CkPfx::ckCreate() If pfx.i = 0 Debug "Failed to create object." ProcedureReturn EndIf success.i = CkPfx::ckLoadPfxFile(pfx,"qa_data/pfx/cert_test123.pfx","test123") If success <> 1 Debug CkPfx::ckLastErrorText(pfx) CkPfx::ckDispose(pfx) ProcedureReturn EndIf ; We'll be needing the X.509 signing cert as base64 for the BinarySecurityToken, so let's get it now.. ; The certificate having the private key should be the 1st in the PFX. signingCert.i = CkPfx::ckGetCert(pfx,0) If CkPfx::ckLastMethodSuccess(pfx) <> 1 Debug CkPfx::ckLastErrorText(pfx) CkPfx::ckDispose(pfx) ProcedureReturn EndIf bdCert.i = CkBinData::ckCreate() If bdCert.i = 0 Debug "Failed to create object." ProcedureReturn EndIf CkCert::ckExportCertDerBd(signingCert,bdCert) sbCert64.i = CkStringBuilder::ckCreate() If sbCert64.i = 0 Debug "Failed to create object." ProcedureReturn EndIf CkBinData::ckGetEncodedSb(bdCert,"base64",sbCert64) ; ------------------------------------------------------------------------------------------- ; The XML before signing would look like this: ; <?xml version="1.0" encoding="UTF-8"?> ; <SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> ; <SOAP-ENV:Header> ; <wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"> ; <wsse:BinarySecurityToken ; xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" ; EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" ; ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" ; wsu:Id="CertId-1673181727">MIIHab...n71P</wsse:BinarySecurityToken> ; </wsse:Security> ; <ns1:MeFHeader xmlns:ns1="http://www.irs.gov/a2a/mef/MeFHeader.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="id-1214941501"> ; <ns1:MessageID>12345202018200000234</ns1:MessageID> ; <ns1:Action>Login</ns1:Action> ; <ns1:MessageTs>2020-06-30T15:25:42.678Z</ns1:MessageTs> ; <ns1:ETIN>12345</ns1:ETIN> ; <ns1:SessionKeyCd>Y</ns1:SessionKeyCd> ; <ns1:TestCd>P</ns1:TestCd> ; <ns1:AppSysID>65432190</ns1:AppSysID> ; <ns1:WSDLVersionNum>10.3</ns1:WSDLVersionNum> ; <ns1:ClientSoftwareTxt>SOATest</ns1:ClientSoftwareTxt> ; </ns1:MeFHeader> ; </SOAP-ENV:Header> ; <SOAP-ENV:Body xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="id-1871558655"> ; <LoginRequest xmlns="http://www.irs.gov/a2a/mef/MeFMSIServices.xsd"/> ; </SOAP-ENV:Body> ; </SOAP-ENV:Envelope> ; You can use the online XML code generation tool at http://tools.chilkat.io/xmlCreate.cshtml ; to generate the following XML creation source code: ; Create the XML to be signed... xmlToSign.i = CkXml::ckCreate() If xmlToSign.i = 0 Debug "Failed to create object." ProcedureReturn EndIf CkXml::setCkTag(xmlToSign, "SOAP-ENV:Envelope") CkXml::ckAddAttribute(xmlToSign,"xmlns:SOAP-ENV","http://schemas.xmlsoap.org/soap/envelope/") CkXml::ckAddAttribute(xmlToSign,"xmlns:xsd","http://www.w3.org/2001/XMLSchema") CkXml::ckAddAttribute(xmlToSign,"xmlns:xsi","http://www.w3.org/2001/XMLSchema-instance") CkXml::ckUpdateAttrAt(xmlToSign,"SOAP-ENV:Header|wsse:Security",1,"xmlns:wsse","http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd") CkXml::ckUpdateAttrAt(xmlToSign,"SOAP-ENV:Header|wsse:Security|wsse:BinarySecurityToken",1,"xmlns:wsu","http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd") CkXml::ckUpdateAttrAt(xmlToSign,"SOAP-ENV:Header|wsse:Security|wsse:BinarySecurityToken",1,"EncodingType","http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary") CkXml::ckUpdateAttrAt(xmlToSign,"SOAP-ENV:Header|wsse:Security|wsse:BinarySecurityToken",1,"ValueType","http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3") CkXml::ckUpdateAttrAt(xmlToSign,"SOAP-ENV:Header|wsse:Security|wsse:BinarySecurityToken",1,"wsu:Id","CertId-1673181727") CkXml::ckUpdateChildContent(xmlToSign,"SOAP-ENV:Header|wsse:Security|wsse:BinarySecurityToken",CkStringBuilder::ckGetAsString(sbCert64)) CkXml::ckUpdateAttrAt(xmlToSign,"SOAP-ENV:Header|ns1:MeFHeader",1,"xmlns:ns1","http://www.irs.gov/a2a/mef/MeFHeader.xsd") CkXml::ckUpdateAttrAt(xmlToSign,"SOAP-ENV:Header|ns1:MeFHeader",1,"xmlns:wsu","http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd") CkXml::ckUpdateAttrAt(xmlToSign,"SOAP-ENV:Header|ns1:MeFHeader",1,"wsu:Id","id-1214941501") CkXml::ckUpdateChildContent(xmlToSign,"SOAP-ENV:Header|ns1:MeFHeader|ns1:MessageID","12345202018200000234") CkXml::ckUpdateChildContent(xmlToSign,"SOAP-ENV:Header|ns1:MeFHeader|ns1:Action","Login") CkXml::ckUpdateChildContent(xmlToSign,"SOAP-ENV:Header|ns1:MeFHeader|ns1:MessageTs","2020-06-30T15:25:42.678Z") CkXml::ckUpdateChildContentInt(xmlToSign,"SOAP-ENV:Header|ns1:MeFHeader|ns1:ETIN",12345) CkXml::ckUpdateChildContent(xmlToSign,"SOAP-ENV:Header|ns1:MeFHeader|ns1:SessionKeyCd","Y") CkXml::ckUpdateChildContent(xmlToSign,"SOAP-ENV:Header|ns1:MeFHeader|ns1:TestCd","P") CkXml::ckUpdateChildContentInt(xmlToSign,"SOAP-ENV:Header|ns1:MeFHeader|ns1:AppSysID",65432190) CkXml::ckUpdateChildContent(xmlToSign,"SOAP-ENV:Header|ns1:MeFHeader|ns1:WSDLVersionNum","10.3") CkXml::ckUpdateChildContent(xmlToSign,"SOAP-ENV:Header|ns1:MeFHeader|ns1:ClientSoftwareTxt","SOATest") CkXml::ckUpdateAttrAt(xmlToSign,"SOAP-ENV:Body",1,"xmlns:wsu","http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd") CkXml::ckUpdateAttrAt(xmlToSign,"SOAP-ENV:Body",1,"wsu:Id","id-1871558655") CkXml::ckUpdateAttrAt(xmlToSign,"SOAP-ENV:Body|LoginRequest",1,"xmlns","http://www.irs.gov/a2a/mef/MeFMSIServices.xsd") ; ------------------------------------------------------------------------------------------- ; Setup the XML DSig generator object to create the desired signature. gen.i = CkXmlDSigGen::ckCreate() If gen.i = 0 Debug "Failed to create object." ProcedureReturn EndIf CkXmlDSigGen::setCkSigLocation(gen, "SOAP-ENV:Envelope|SOAP-ENV:Header|wsse:Security") CkXmlDSigGen::setCkSigLocationMod(gen, 0) CkXmlDSigGen::setCkSigNamespacePrefix(gen, "ds") CkXmlDSigGen::setCkSigNamespaceUri(gen, "http://www.w3.org/2000/09/xmldsig#") CkXmlDSigGen::setCkSignedInfoCanonAlg(gen, "EXCL_C14N") CkXmlDSigGen::setCkSignedInfoDigestMethod(gen, "sha256") ; Set the KeyInfoId before adding references.. CkXmlDSigGen::setCkKeyInfoId(gen, "KeyId-256137097") ; -------- Reference 1 -------- CkXmlDSigGen::ckAddSameDocRef(gen,"id-1214941501","sha256","EXCL_C14N","","") ; -------- Reference 2 -------- CkXmlDSigGen::ckAddSameDocRef(gen,"id-1871558655","sha256","EXCL_C14N","","") ; Provide a certificate + private key. (PFX password is test123) cert.i = CkCert::ckCreate() If cert.i = 0 Debug "Failed to create object." ProcedureReturn EndIf success = CkCert::ckLoadPfxFile(cert,"qa_data/pfx/cert_test123.pfx","test123") If success <> 1 Debug CkCert::ckLastErrorText(cert) CkPfx::ckDispose(pfx) CkBinData::ckDispose(bdCert) CkStringBuilder::ckDispose(sbCert64) CkXml::ckDispose(xmlToSign) CkXmlDSigGen::ckDispose(gen) CkCert::ckDispose(cert) ProcedureReturn EndIf CkXmlDSigGen::ckSetX509Cert(gen,cert,1) CkXmlDSigGen::setCkKeyInfoType(gen, "Custom") ; Create the custom KeyInfo XML.. xmlCustomKeyInfo.i = CkXml::ckCreate() If xmlCustomKeyInfo.i = 0 Debug "Failed to create object." ProcedureReturn EndIf CkXml::setCkTag(xmlCustomKeyInfo, "wsse:SecurityTokenReference") CkXml::ckAddAttribute(xmlCustomKeyInfo,"xmlns:wsu","http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd") CkXml::ckAddAttribute(xmlCustomKeyInfo,"wsu:Id","STRId-1862925355") CkXml::ckUpdateAttrAt(xmlCustomKeyInfo,"wsse:Reference",1,"URI","#CertId-1673181727") CkXml::ckUpdateAttrAt(xmlCustomKeyInfo,"wsse:Reference",1,"ValueType","http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3") CkXml::setCkEmitXmlDecl(xmlCustomKeyInfo, 0) CkXmlDSigGen::setCkCustomKeyInfoXml(gen, CkXml::ckGetXml(xmlCustomKeyInfo)) ; ------------------------------------------------------------------------------------------- ; Load XML to be signed... sbXml.i = CkStringBuilder::ckCreate() If sbXml.i = 0 Debug "Failed to create object." ProcedureReturn EndIf CkXml::ckGetXmlSb(xmlToSign,sbXml) ; Update BinarySecurityToken_Base64Binary_Content with the actual X509 of the signing cert. nReplaced.i = CkStringBuilder::ckReplace(sbXml,"BinarySecurityToken_Base64Binary_Content",CkCert::ckGetEncoded(cert)) CkXmlDSigGen::setCkBehaviors(gen, "IndentedSignature") ; Sign the XML... success = CkXmlDSigGen::ckCreateXmlDSigSb(gen,sbXml) If success <> 1 Debug CkXmlDSigGen::ckLastErrorText(gen) CkPfx::ckDispose(pfx) CkBinData::ckDispose(bdCert) CkStringBuilder::ckDispose(sbCert64) CkXml::ckDispose(xmlToSign) CkXmlDSigGen::ckDispose(gen) CkCert::ckDispose(cert) CkXml::ckDispose(xmlCustomKeyInfo) CkStringBuilder::ckDispose(sbXml) ProcedureReturn EndIf ; ----------------------------------------------- ; Save the signed XML to a file. success = CkStringBuilder::ckWriteFile(sbXml,"c:/temp/qa_output/signedXml.xml","utf-8",0) Debug CkStringBuilder::ckGetAsString(sbXml) CkPfx::ckDispose(pfx) CkBinData::ckDispose(bdCert) CkStringBuilder::ckDispose(sbCert64) CkXml::ckDispose(xmlToSign) CkXmlDSigGen::ckDispose(gen) CkCert::ckDispose(cert) CkXml::ckDispose(xmlCustomKeyInfo) CkStringBuilder::ckDispose(sbXml) ProcedureReturn EndProcedure |
© 2000-2024 Chilkat Software, Inc. All Rights Reserved.