Tcl
Tcl
Belgium eHealth Platform - checkAccessControl
See more Belgian eHealth Platform Examples
Demonstrates the checkAccessControl operation of PlatformIntegrationConsumerTest, which requires an X.509 certificate and signature. This tests the validity of your certificate and signature.Chilkat Tcl Downloads
load ./chilkat.dll
set success 0
# This example assumes the Chilkat API to have been previously unlocked.
# See Global Unlock Sample for sample code.
# Provide a certificate + private key.
# Note: If your certificate + private key is located on a hardware token or smartcard, you can call a different function to load from smartcard..
set cert [new_CkCert]
set success [CkCert_LoadPfxFile $cert "SSIN=12345678.acc.p12" "p12_password"]
if {$success == 0} then {
puts [CkCert_lastErrorText $cert]
delete_CkCert $cert
exit
}
# Create the XML to be signed...
set xmlToSign [new_CkXml]
CkXml_put_Tag $xmlToSign "soapenv:Envelope"
CkXml_AddAttribute $xmlToSign "xmlns:soapenv" "http://schemas.xmlsoap.org/soap/envelope/"
CkXml_AddAttribute $xmlToSign "xmlns:urn" "urn:be:fgov:ehealth:platformintegrationconsumertest:v1"
CkXml_AddAttribute $xmlToSign "xmlns:urn1" "urn:be:fgov:ehealth:platformintegrationconsumertest:types:v1"
CkXml_UpdateAttrAt $xmlToSign "soapenv:Header|wsse:Security" 1 "xmlns:wsse" "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
CkXml_UpdateAttrAt $xmlToSign "soapenv:Header|wsse:Security" 1 "xmlns:wsu" "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
CkXml_UpdateAttrAt $xmlToSign "soapenv:Header|wsse:Security|wsse:BinarySecurityToken" 1 "EncodingType" "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary"
CkXml_UpdateAttrAt $xmlToSign "soapenv:Header|wsse:Security|wsse:BinarySecurityToken" 1 "ValueType" "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"
CkXml_UpdateAttrAt $xmlToSign "soapenv:Header|wsse:Security|wsse:BinarySecurityToken" 1 "wsu:Id" "X509-FC77E2C72083DA8E0F16711753508182856"
# ---------------------------------------------------------------------------------------------------------------
# A note about the Id's, such as X509-FC77E2C72083DA8E0F16711753508182856, TS-FC77E2C72083DA8E0F16711753508042855, etc.
# These Id's simply need to be unique within the XML document. You don't need to generate new Id's every time.
# You can use the same Id's in each XML document that is submitted. The purpose of each Id is to
# match the XMLDsig Reference to the element in XML being referenced.
# In other words, you could use the Id's "mickey_mouse", "donald_duck", and "goofy", and it would work perfectly OK,
# as long as no other XML elements also use the Id's "mickey_mouse", "donald_duck", or "goofy"
# ---------------------------------------------------------------------------------------------------------------
set bdCert [new_CkBinData]
CkCert_ExportCertDerBd $cert $bdCert
CkXml_UpdateChildContent $xmlToSign "soapenv:Header|wsse:Security|wsse:BinarySecurityToken" [CkBinData_getEncoded $bdCert "base64"]
CkXml_UpdateAttrAt $xmlToSign "soapenv:Header|wsse:Security|wsu:Timestamp" 1 "wsu:Id" "TS-FC77E2C72083DA8E0F16711753508042855"
set dt [new_CkDateTime]
CkDateTime_SetFromCurrentSystemTime $dt
CkXml_UpdateChildContent $xmlToSign "soapenv:Header|wsse:Security|wsu:Timestamp|wsu:Created" [CkDateTime_getAsTimestamp $dt 0]
CkDateTime_AddSeconds $dt 3600
CkXml_UpdateChildContent $xmlToSign "soapenv:Header|wsse:Security|wsu:Timestamp|wsu:Expires" [CkDateTime_getAsTimestamp $dt 0]
CkDateTime_AddSeconds $dt -3600
CkXml_UpdateAttrAt $xmlToSign "soapenv:Body" 1 "wsu:Id" "id-FC77E2C72083DA8E0F16711753508182859"
CkXml_UpdateAttrAt $xmlToSign "soapenv:Body" 1 "xmlns:wsu" "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
CkXml_UpdateChildContent $xmlToSign "soapenv:Body|urn:CheckAccessControlRequest|urn1:Message" "Hello World"
# Create a timestamp with the current date/time in the following format: 2014-12-30T15:29:03.157+01:00
CkXml_UpdateChildContent $xmlToSign "soapenv:Body|urn:CheckAccessControlRequest|urn1:Timestamp" [CkDateTime_getAsTimestamp $dt 1]
set gen [new_CkXmlDSigGen]
CkXmlDSigGen_put_SigLocation $gen "soapenv:Envelope|soapenv:Header|wsse:Security|wsse:BinarySecurityToken"
CkXmlDSigGen_put_SigLocationMod $gen 1
CkXmlDSigGen_put_SigId $gen "SIG-FC77E2C72083DA8E0F16711753508252860"
CkXmlDSigGen_put_SigNamespacePrefix $gen "ds"
CkXmlDSigGen_put_SigNamespaceUri $gen "http://www.w3.org/2000/09/xmldsig#"
CkXmlDSigGen_put_SignedInfoPrefixList $gen "soapenv urn urn1"
CkXmlDSigGen_put_IncNamespacePrefix $gen "ec"
CkXmlDSigGen_put_IncNamespaceUri $gen "http://www.w3.org/2001/10/xml-exc-c14n#"
CkXmlDSigGen_put_SignedInfoCanonAlg $gen "EXCL_C14N"
CkXmlDSigGen_put_SignedInfoDigestMethod $gen "sha256"
# Set the KeyInfoId before adding references..
CkXmlDSigGen_put_KeyInfoId $gen "KI-FC77E2C72083DA8E0F16711753508182857"
# -------- Reference 1 --------
CkXmlDSigGen_AddSameDocRef $gen "TS-FC77E2C72083DA8E0F16711753508042855" "sha256" "EXCL_C14N" "wsse soapenv urn urn1" ""
# -------- Reference 2 --------
CkXmlDSigGen_AddSameDocRef $gen "id-FC77E2C72083DA8E0F16711753508182859" "sha256" "EXCL_C14N" "urn urn1" ""
# -------- Reference 3 --------
CkXmlDSigGen_AddSameDocRef $gen "X509-FC77E2C72083DA8E0F16711753508182856" "sha256" "EXCL_C14N" "_EMPTY_" ""
CkXmlDSigGen_SetX509Cert $gen $cert 1
CkXmlDSigGen_put_KeyInfoType $gen "Custom"
# Create the custom KeyInfo XML..
set xmlCustomKeyInfo [new_CkXml]
CkXml_put_Tag $xmlCustomKeyInfo "wsse:SecurityTokenReference"
CkXml_AddAttribute $xmlCustomKeyInfo "wsu:Id" "STR-FC77E2C72083DA8E0F16711753508182858"
CkXml_UpdateAttrAt $xmlCustomKeyInfo "wsse:Reference" 1 "URI" "#X509-FC77E2C72083DA8E0F16711753508182856"
CkXml_UpdateAttrAt $xmlCustomKeyInfo "wsse:Reference" 1 "ValueType" "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"
CkXml_put_EmitXmlDecl $xmlCustomKeyInfo 0
CkXmlDSigGen_put_CustomKeyInfoXml $gen [CkXml_getXml $xmlCustomKeyInfo]
# Load XML to be signed...
set sbXml [new_CkStringBuilder]
CkXml_GetXmlSb $xmlToSign $sbXml
CkXmlDSigGen_put_Behaviors $gen "IndentedSignature"
# Sign the XML...
set success [CkXmlDSigGen_CreateXmlDSigSb $gen $sbXml]
if {$success == 0} then {
puts [CkXmlDSigGen_lastErrorText $gen]
delete_CkCert $cert
delete_CkXml $xmlToSign
delete_CkBinData $bdCert
delete_CkDateTime $dt
delete_CkXmlDSigGen $gen
delete_CkXml $xmlCustomKeyInfo
delete_CkStringBuilder $sbXml
exit
}
# -----------------------------------------------
# Send the signed XML...
set http [new_CkHttp]
set success [CkHttp_SetSslClientCert $http $cert]
if {$success == 0} then {
puts [CkHttp_lastErrorText $http]
delete_CkCert $cert
delete_CkXml $xmlToSign
delete_CkBinData $bdCert
delete_CkDateTime $dt
delete_CkXmlDSigGen $gen
delete_CkXml $xmlCustomKeyInfo
delete_CkStringBuilder $sbXml
delete_CkHttp $http
exit
}
CkHttp_SetRequestHeader $http "Content-Type" "text/xml"
# Change to services.ehealth.fgov.be for the production environment.
set resp [new_CkHttpResponse]
set success [CkHttp_HttpSb $http "POST" "https://services-acpt.ehealth.fgov.be/PlatformIntegrationConsumerTest/v1" $sbXml "utf-8" "application/xml" $resp]
if {$success == 0} then {
puts [CkHttp_lastErrorText $http]
delete_CkCert $cert
delete_CkXml $xmlToSign
delete_CkBinData $bdCert
delete_CkDateTime $dt
delete_CkXmlDSigGen $gen
delete_CkXml $xmlCustomKeyInfo
delete_CkStringBuilder $sbXml
delete_CkHttp $http
delete_CkHttpResponse $resp
exit
}
puts [CkHttpResponse_bodyStr $resp]
puts "response status code = [CkHttpResponse_get_StatusCode $resp]"
# A successful response is a 200 status code, with this sample response:
# <soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
# <soapenv:Header xmlns:v1="urn:be:fgov:ehealth:platformintegrationconsumertest:v1" xmlns:v11="urn:be:fgov:ehealth:platformintegrationconsumertest:types:v1"/>
# <soapenv:Body xmlns:ic="urn:be:fgov:ehealth:platformintegrationconsumertest:v1" xmlns:type="urn:be:fgov:ehealth:platformintegrationconsumertest:types:v1">
# <ic:CheckAccessControlResponse>
# <type:Message>Hello World</type:Message>
# <type:Timestamp>2023-09-28T22:17:26.643+02:00</type:Timestamp>
# <type:AuthenticatedConsumer>CN="SSIN=aaaaaa", OU=eHealth-platform Belgium, OU=bbbb, OU="SSIN=aaaaaaa", O=Federal Government, C=BE</type:AuthenticatedConsumer>
# </ic:CheckAccessControlResponse>
# </soapenv:Body>
# </soapenv:Envelope>
delete_CkCert $cert
delete_CkXml $xmlToSign
delete_CkBinData $bdCert
delete_CkDateTime $dt
delete_CkXmlDSigGen $gen
delete_CkXml $xmlCustomKeyInfo
delete_CkStringBuilder $sbXml
delete_CkHttp $http
delete_CkHttpResponse $resp