Sample code for 30+ languages & platforms
Tcl

Duplicate Java Secure Token Creation

See more RSA Examples

Demonstrates how to duplicate some Java code that creates an RSA signature to create a base64 token.

Chilkat Tcl Downloads

Tcl

load ./chilkat.dll

set success 0

# This requires the Chilkat API to have been previously unlocked.
# See Global Unlock Sample for sample code.

# This example duplicates the following Java code:

# public X509Certificate2 cert = new X509Certificate2(@"Some path to p12/p12file_name.p12","Password_for_p12"); 
# 
# public string GenerateSignToken(double timeValidityMin){ 
#   string equalsSign = ":="; 
#   string timeCreated = DateTime.Now.ToString("yyyy-MM-ddTHH:mm:ss.fffzzz"); 
#   string tokenTimeInfo = "validityTimeMinutes" + equalsSign + timeValidityMin + ";"+"timeCreated" + equalsSign + timeCreated; 
#   string signature = SignData(tokenTimeInfo); 
#   string secureToken = tokenTimeInfo + ";" + "signature" + equalsSign + signature; 
#   return Base64UrlEncode(secureToken); 
# } 
#  
# public string SignData(string stringToSign){ 
#   byte[] dataToSign = Encoding.UTF8.GetBytes(stringToSign); 
#   RSACryptoServiceProvider privKey = (RSACryptoServiceProvider)cert.PrivateKey; 
#   CspKeyContainerInfo containerInfo = new RSACryptoServiceProvider().CspKeyContainerInfo; 
#   CspParameters cspparams = new CspParameters(containerInfo.ProviderType, containerInfo.ProviderName, privKey.CspKeyContainerInfo.KeyContainerName); 
#   privKey = new RSACryptoServiceProvider(cspparams); 
#   string id = CryptoConfig.MapNameToOID("SHA256"); 
#   byte[] sign = privKey.SignData(dataToSign, id); 
#   bool res = privKey.VerifyData(dataToSign, id, sign); 
#   return Convert.ToBase64String(sign).Replace('+', '-').Replace('/', '_').Replace("=", ""); 
# } 
#  
# private static string Base64UrlEncode(string input){ 
#   var inputBytes = Encoding.UTF8.GetBytes(input); 
#   return Convert.ToBase64String(inputBytes).Replace('+', '-').Replace('/', '_').Replace("=", ""); 
# } 

set dt [new_CkDateTime]

CkDateTime_SetFromCurrentSystemTime $dt
set timeCreated [CkDateTime_getAsTimestamp $dt 1]

# Such as 2019-04-01T19:35:44-05:00
puts "$timeCreated"

set sbToken [new_CkStringBuilder]

CkStringBuilder_Append $sbToken "validityTimeMinutes:=10.0;timeCreated:="
CkStringBuilder_Append $sbToken $timeCreated

set cert [new_CkCert]

set success [CkCert_LoadPfxFile $cert "Some path to p12/p12file_name.p12" "Password_for_p12"]
if {$success != 1} then {
    puts [CkCert_lastErrorText $cert]
    delete_CkDateTime $dt
    delete_CkStringBuilder $sbToken
    delete_CkCert $cert
    exit
}

set rsa [new_CkRsa]

set success [CkRsa_SetX509Cert $rsa $cert 1]
if {$success != 1} then {
    puts [CkRsa_lastErrorText $rsa]
    delete_CkDateTime $dt
    delete_CkStringBuilder $sbToken
    delete_CkCert $cert
    delete_CkRsa $rsa
    exit
}

CkRsa_put_EncodingMode $rsa "base64url"

set signature [CkRsa_signStringENC $rsa [CkStringBuilder_getAsString $sbToken] "sha256"]
if {[CkRsa_get_LastMethodSuccess $rsa] == 0} then {
    puts [CkRsa_lastErrorText $rsa]
    delete_CkDateTime $dt
    delete_CkStringBuilder $sbToken
    delete_CkCert $cert
    delete_CkRsa $rsa
    exit
}

CkStringBuilder_Append $sbToken ";signature:="
CkStringBuilder_Append $sbToken $signature

# Base64URL encode the result
CkStringBuilder_Encode $sbToken "base64url" "utf-8"
set token [CkStringBuilder_getAsString $sbToken]

puts "$token"

delete_CkDateTime $dt
delete_CkStringBuilder $sbToken
delete_CkCert $cert
delete_CkRsa $rsa