Sample code for 30+ languages & platforms
PureBasic

Sign Italian SPID Metadata XML

See more XML Digital Signatures Examples

Demonstrates how to create an XML digital signature for Italian SPID Metadata.

Chilkat PureBasic Downloads

PureBasic
IncludeFile "CkCert.pb"
IncludeFile "CkStringBuilder.pb"
IncludeFile "CkXmlDSigGen.pb"
IncludeFile "CkXmlDSig.pb"

Procedure ChilkatExample()

    success.i = 0

    ; This example assumes the Chilkat API to have been previously unlocked.
    ; See Global Unlock Sample for sample code.

    success = 1

    ; Load the XML to be signed.
    sbXml.i = CkStringBuilder::ckCreate()
    If sbXml.i = 0
        Debug "Failed to create object."
        ProcedureReturn
    EndIf

    success = CkStringBuilder::ckLoadFile(sbXml,"qa_data/xml_dsig/spid_metadata.xml","utf-8")
    If success = 0
        Debug "Failed to load the input file."
        CkStringBuilder::ckDispose(sbXml)
        ProcedureReturn
    EndIf

    ; The XML to sign contains XML such as this:

    ; <?xml version="1.0" encoding="utf-8"?>
    ; <md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" entityID="https://***.it" ID="_AE17AFFF-A600-49D5-B81D-76EEA55B50FF">
    ;     <md:SPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol" AuthnRequestsSigned="true" WantAssertionsSigned="true">
    ;         <md:KeyDescriptor use="signing">
    ;             <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
    ;                 <ds:X509Data>
    ;                     <ds:X509Certificate>MIIF5...</ds:X509Certificate>
    ;                 </ds:X509Data>
    ;             </ds:KeyInfo>
    ;         </md:KeyDescriptor>
    ;         <md:KeyDescriptor use="encryption">
    ;             <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
    ;                 <ds:X509Data>
    ;                     <ds:X509Certificate>MIIF5...</ds:X509Certificate>
    ;                 </ds:X509Data>
    ;             </ds:KeyInfo>
    ;         </md:KeyDescriptor>
    ;         <md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://***.it/it-it/spid/logout"/>
    ;         <md:NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:transient</md:NameIDFormat>
    ;         <md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://***.it/it-it/spid/loginresp" index="0" isDefault="true"/>
    ;         <md:AttributeConsumingService index="1">
    ;             <md:ServiceName xml:lang="it">Servizi Online</md:ServiceName>
    ;             <md:ServiceDescription xml:lang="it">Accesso ai Servizi Online</md:ServiceDescription>
    ;             <md:RequestedAttribute Name="spidCode" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic"/>
    ;             <md:RequestedAttribute Name="name" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic"/>
    ;             <md:RequestedAttribute Name="familyName" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic"/>
    ;             <md:RequestedAttribute Name="fiscalNumber" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic"/>
    ;         </md:AttributeConsumingService>
    ;     </md:SPSSODescriptor>
    ;     <md:Organization>
    ;         <md:OrganizationName xml:lang="it">SomeCompany s.r.l.</md:OrganizationName>
    ;         <md:OrganizationDisplayName xml:lang="it">SomeCompany s.r.l.</md:OrganizationDisplayName>
    ;         <md:OrganizationURL xml:lang="it">https://***.it</md:OrganizationURL>
    ;     </md:Organization>
    ; </md:EntityDescriptor>

    gen.i = CkXmlDSigGen::ckCreate()
    If gen.i = 0
        Debug "Failed to create object."
        ProcedureReturn
    EndIf

    CkXmlDSigGen::setCkSigLocation(gen, "md:EntityDescriptor|md:SPSSODescriptor")
    CkXmlDSigGen::setCkSigLocationMod(gen, 2)
    CkXmlDSigGen::setCkSignedInfoCanonAlg(gen, "EXCL_C14N")
    CkXmlDSigGen::setCkSignedInfoDigestMethod(gen, "sha256")

    ; -------- Reference 1 --------
    CkXmlDSigGen::ckAddSameDocRef(gen,"_AE17AFFF-A600-49D5-B81D-76EEA55B50FF","sha256","EXCL_C14N","","")

    ; Provide a certificate + private key. (PFX password is test123)
    cert.i = CkCert::ckCreate()
    If cert.i = 0
        Debug "Failed to create object."
        ProcedureReturn
    EndIf

    success = CkCert::ckLoadPfxFile(cert,"qa_data/pfx/cert_test123.pfx","test123")
    If success <> 1
        Debug CkCert::ckLastErrorText(cert)
        CkStringBuilder::ckDispose(sbXml)
        CkXmlDSigGen::ckDispose(gen)
        CkCert::ckDispose(cert)
        ProcedureReturn
    EndIf

    CkXmlDSigGen::ckSetX509Cert(gen,cert,1)

    CkXmlDSigGen::setCkKeyInfoType(gen, "X509Data+KeyValue")
    CkXmlDSigGen::setCkX509Type(gen, "Certificate")

    CkXmlDSigGen::setCkBehaviors(gen, "IndentedSignature,ForceAddEnvelopedSignatureTransform,OmitAlreadyDefinedSigNamespace")

    ; Sign the XML...
    success = CkXmlDSigGen::ckCreateXmlDSigSb(gen,sbXml)
    If success <> 1
        Debug CkXmlDSigGen::ckLastErrorText(gen)
        CkStringBuilder::ckDispose(sbXml)
        CkXmlDSigGen::ckDispose(gen)
        CkCert::ckDispose(cert)
        ProcedureReturn
    EndIf

    ; -----------------------------------------------

    ; Save the signed XML to a file.
    success = CkStringBuilder::ckWriteFile(sbXml,"qa_output/signedXml.xml","utf-8",0)

    Debug CkStringBuilder::ckGetAsString(sbXml)

    ; ----------------------------------------
    ; Verify the signatures we just produced...
    verifier.i = CkXmlDSig::ckCreate()
    If verifier.i = 0
        Debug "Failed to create object."
        ProcedureReturn
    EndIf

    success = CkXmlDSig::ckLoadSignatureSb(verifier,sbXml)
    If success <> 1
        Debug CkXmlDSig::ckLastErrorText(verifier)
        CkStringBuilder::ckDispose(sbXml)
        CkXmlDSigGen::ckDispose(gen)
        CkCert::ckDispose(cert)
        CkXmlDSig::ckDispose(verifier)
        ProcedureReturn
    EndIf

    numSigs.i = CkXmlDSig::ckNumSignatures(verifier)
    verifyIdx.i = 0
    While verifyIdx < numSigs
        CkXmlDSig::setCkSelector(verifier, verifyIdx)
        verified.i = CkXmlDSig::ckVerifySignature(verifier,1)
        If verified <> 1
            Debug CkXmlDSig::ckLastErrorText(verifier)
            CkStringBuilder::ckDispose(sbXml)
            CkXmlDSigGen::ckDispose(gen)
            CkCert::ckDispose(cert)
            CkXmlDSig::ckDispose(verifier)
            ProcedureReturn
        EndIf

        verifyIdx = verifyIdx + 1
    Wend
    Debug "All signatures were successfully verified."


    CkStringBuilder::ckDispose(sbXml)
    CkXmlDSigGen::ckDispose(gen)
    CkCert::ckDispose(cert)
    CkXmlDSig::ckDispose(verifier)


    ProcedureReturn
EndProcedure