(Swift 3,4,5...) Create AuthNRequest with embedded signature (HTTP-POST binding)

Demonstrates how to create a SAML AuthNRequest with embedded signature (HTTP-POST binding).

Chilkat Downloads for the Swift Programming Language MAC OS X (Cocoa) Objective-C/Swift Libs iOS Objective-C/Swift Libs

func chilkatTest() {
    // This example requires the Chilkat API to have been previously unlocked.
    // See Global Unlock Sample for sample code.

    // This example will sign the following SAML AuthNRequest:

    // <samlp:AuthnRequest 
    //      xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"
    //      xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
    //      ID="pfx41d8ef22-e612-8c50-9960-1b16f15741b3"
    //      Version="2.0" ProviderName="SP test" IssueInstant="2014-07-16T23:52:45Z"
    //      Destination="http://idp.example.com/SSOService.php"
    //      ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
    //      AssertionConsumerServiceURL="http://sp.example.com/demo1/index.php?acs">
    //   <saml:Issuer>http://sp.example.com/demo1/metadata.php</saml:Issuer>
    //   <samlp:NameIDPolicy Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress" AllowCreate="true"/>
    //   <samlp:RequestedAuthnContext Comparison="exact">
    //     <saml:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml:AuthnContextClassRef>
    //   </samlp:RequestedAuthnContext>
    // </samlp:AuthnRequest>

    // First we build the XML to be signed.
    // 
    // Use this online tool to generate the code from sample XML: 
    // Generate Code to Create XML

    var success: Bool = true
    let xmlToSign = CkoXml()!
    xmlToSign.tag = "samlp:AuthnRequest"
    xmlToSign.addAttribute("xmlns:samlp", value: "urn:oasis:names:tc:SAML:2.0:protocol")
    xmlToSign.addAttribute("xmlns:saml", value: "urn:oasis:names:tc:SAML:2.0:assertion")
    xmlToSign.addAttribute("ID", value: "pfx41d8ef22-e612-8c50-9960-1b16f15741b3")
    xmlToSign.addAttribute("Version", value: "2.0")
    xmlToSign.addAttribute("ProviderName", value: "SP test")
    xmlToSign.addAttribute("IssueInstant", value: "2014-07-16T23:52:45Z")
    xmlToSign.addAttribute("Destination", value: "http://idp.example.com/SSOService.php")
    xmlToSign.addAttribute("ProtocolBinding", value: "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST")
    xmlToSign.addAttribute("AssertionConsumerServiceURL", value: "http://sp.example.com/demo1/index.php?acs")
    xmlToSign.updateChildContent("saml:Issuer", value: "http://sp.example.com/demo1/metadata.php")
    xmlToSign.updateAttr(at: "samlp:NameIDPolicy", autoCreate: true, attrName: "Format", attrValue: "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress")
    xmlToSign.updateAttr(at: "samlp:NameIDPolicy", autoCreate: true, attrName: "AllowCreate", attrValue: "true")
    xmlToSign.updateAttr(at: "samlp:RequestedAuthnContext", autoCreate: true, attrName: "Comparison", attrValue: "exact")
    xmlToSign.updateChildContent("samlp:RequestedAuthnContext|saml:AuthnContextClassRef", value: "urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport")

    // Also see the online tool to generate the code from sample already-signed XML: 
    // Generate XML Signature Creation Code from an Already-Signed XML Sample

    let gen = CkoXmlDSigGen()!

    gen.sigLocation = "samlp:AuthnRequest"
    gen.sigNamespacePrefix = "ds"
    gen.sigNamespaceUri = "http://www.w3.org/2000/09/xmldsig#"
    gen.signedInfoCanonAlg = "EXCL_C14N"
    gen.signedInfoDigestMethod = "sha1"

    // -------- Reference 1 --------
    gen.addSameDocRef("pfx41d8ef22-e612-8c50-9960-1b16f15741b3", digestMethod: "sha1", canonMethod: "EXCL_C14N", prefixList: "", refType: "")

    // Provide a certificate + private key. (PFX password is test123)
    let cert = CkoCert()!
    success = cert.loadPfxFile("qa_data/pfx/cert_test123.pfx", password: "test123")
    if success != true {
        print("\(cert.lastErrorText!)")
        return
    }

    gen.setX509Cert(cert, usePrivateKey: true)

    gen.keyInfoType = "X509Data"
    gen.x509Type = "Certificate"

    // Load XML to be signed...
    let sbXml = CkoStringBuilder()!
    xmlToSign.getSb(sbXml)

    gen.behaviors = "IndentedSignature,ForceAddEnvelopedSignatureTransform"

    // Sign the XML...
    success = gen.createXmlDSigSb(sbXml)
    if success != true {
        print("\(gen.lastErrorText!)")
        return
    }

    // Save the signed XMl to a file.
    success = sbXml.writeFile("qa_output/signedXml.xml", charset: "utf-8", emitBom: false)

    // A sample of the signed XML is shown below..
    print("\(sbXml.getAsString()!)")

    // ----------------------------------------
    // Verify the signature we just produced...
    let verifier = CkoXmlDSig()!
    success = verifier.loadSignatureSb(sbXml)
    if success != true {
        print("\(verifier.lastErrorText!)")
        return
    }

    var verified: Bool = verifier.verifySignature(true)
    if verified != true {
        print("\(verifier.lastErrorText!)")
        return
    }

    print("This signature was successfully verified.")

    // -----------------------------------------
    // Sample output of AuthNRequest signed XML:
    // (Line-breaks and some indenting added for readability..)

    // <?xml version="1.0" encoding="utf-8"?>
    // <samlp:AuthnRequest 
    //   xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" 
    //   xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" 
    //   ID="pfx41d8ef22-e612-8c50-9960-1b16f15741b3" 
    //   Version="2.0" ProviderName="SP test" 
    //   IssueInstant="2014-07-16T23:52:45Z" 
    //   Destination="http://idp.example.com/SSOService.php" 
    //   ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" 
    //   AssertionConsumerServiceURL="http://sp.example.com/demo1/index.php?acs">
    //     <saml:Issuer>http://sp.example.com/demo1/metadata.php</saml:Issuer>
    //     <samlp:NameIDPolicy Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress" AllowCreate="true"/>
    //     <samlp:RequestedAuthnContext Comparison="exact">
    //         <saml:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml:AuthnContextClassRef>
    //     </samlp:RequestedAuthnContext>
    // 	<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
    // 	  <ds:SignedInfo>
    // 	    <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
    // 	    <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
    // 	    <ds:Reference URI="#pfx41d8ef22-e612-8c50-9960-1b16f15741b3">
    // 	      <ds:Transforms>
    // 	        <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
    // 	        <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
    // 	      </ds:Transforms>
    // 	      <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
    // 	      <ds:DigestValue>5d+/YNShy4qnvZcvik8fHHg2SWQ=</ds:DigestValue>
    // 	    </ds:Reference>
    // 	  </ds:SignedInfo>
    // 	  <ds:SignatureValue>QS16H5...U5LQ==</ds:SignatureValue>
    // 	  <ds:KeyInfo>
    // 	    <ds:X509Data>
    // 	      <ds:X509Certificate>MIIF...tjlF4=</ds:X509Certificate>
    // 	    </ds:X509Data>
    // 	  </ds:KeyInfo>
    // 	</ds:Signature>
    // </samlp:AuthnRequest>
    // 

}