Tcl
Tcl
Signing HTTP Messages
See more RSA Examples
Demonstrates how to sign HTTP messages per draft-cavage-http-signatures-10Chilkat Tcl Downloads
load ./chilkat.dll
set success 0
# This example requires the Chilkat API to have been previously unlocked.
# See Global Unlock Sample for sample code.
set bCrlf 1
set sbPublicKeyPem [new_CkStringBuilder]
CkStringBuilder_AppendLine $sbPublicKeyPem "-----BEGIN PUBLIC KEY-----" $bCrlf
CkStringBuilder_AppendLine $sbPublicKeyPem "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDCFENGw33yGihy92pDjZQhl0C3" $bCrlf
CkStringBuilder_AppendLine $sbPublicKeyPem "6rPJj+CvfSC8+q28hxA161QFNUd13wuCTUcq0Qd2qsBe/2hFyc2DCJJg0h1L78+6" $bCrlf
CkStringBuilder_AppendLine $sbPublicKeyPem "Z4UMR7EOcpfdUE9Hf3m/hs+FUR45uBJeDK1HSFHD8bHKD6kv8FPGfJTotc+2xjJw" $bCrlf
CkStringBuilder_AppendLine $sbPublicKeyPem "oYi+1hqp1fIekaxsyQIDAQAB" $bCrlf
CkStringBuilder_AppendLine $sbPublicKeyPem "-----END PUBLIC KEY-----" $bCrlf
set pubKey [new_CkPublicKey]
CkPublicKey_LoadFromString $pubKey [CkStringBuilder_getAsString $sbPublicKeyPem]
set sbPrivateKeyPem [new_CkStringBuilder]
CkStringBuilder_AppendLine $sbPrivateKeyPem "-----BEGIN RSA PRIVATE KEY-----" $bCrlf
CkStringBuilder_AppendLine $sbPrivateKeyPem "MIICXgIBAAKBgQDCFENGw33yGihy92pDjZQhl0C36rPJj+CvfSC8+q28hxA161QF" $bCrlf
CkStringBuilder_AppendLine $sbPrivateKeyPem "NUd13wuCTUcq0Qd2qsBe/2hFyc2DCJJg0h1L78+6Z4UMR7EOcpfdUE9Hf3m/hs+F" $bCrlf
CkStringBuilder_AppendLine $sbPrivateKeyPem "UR45uBJeDK1HSFHD8bHKD6kv8FPGfJTotc+2xjJwoYi+1hqp1fIekaxsyQIDAQAB" $bCrlf
CkStringBuilder_AppendLine $sbPrivateKeyPem "AoGBAJR8ZkCUvx5kzv+utdl7T5MnordT1TvoXXJGXK7ZZ+UuvMNUCdN2QPc4sBiA" $bCrlf
CkStringBuilder_AppendLine $sbPrivateKeyPem "QWvLw1cSKt5DsKZ8UETpYPy8pPYnnDEz2dDYiaew9+xEpubyeW2oH4Zx71wqBtOK" $bCrlf
CkStringBuilder_AppendLine $sbPrivateKeyPem "kqwrXa/pzdpiucRRjk6vE6YY7EBBs/g7uanVpGibOVAEsqH1AkEA7DkjVH28WDUg" $bCrlf
CkStringBuilder_AppendLine $sbPrivateKeyPem "f1nqvfn2Kj6CT7nIcE3jGJsZZ7zlZmBmHFDONMLUrXR/Zm3pR5m0tCmBqa5RK95u" $bCrlf
CkStringBuilder_AppendLine $sbPrivateKeyPem "412jt1dPIwJBANJT3v8pnkth48bQo/fKel6uEYyboRtA5/uHuHkZ6FQF7OUkGogc" $bCrlf
CkStringBuilder_AppendLine $sbPrivateKeyPem "mSJluOdc5t6hI1VsLn0QZEjQZMEOWr+wKSMCQQCC4kXJEsHAve77oP6HtG/IiEn7" $bCrlf
CkStringBuilder_AppendLine $sbPrivateKeyPem "kpyUXRNvFsDE0czpJJBvL/aRFUJxuRK91jhjC68sA7NsKMGg5OXb5I5Jj36xAkEA" $bCrlf
CkStringBuilder_AppendLine $sbPrivateKeyPem "gIT7aFOYBFwGgQAQkWNKLvySgKbAZRTeLBacpHMuQdl1DfdntvAyqpAZ0lY0RKmW" $bCrlf
CkStringBuilder_AppendLine $sbPrivateKeyPem "G6aFKaqQfOXKCyWoUiVknQJAXrlgySFci/2ueKlIE1QqIiLSZ8V8OlpFLRnb1pzI" $bCrlf
CkStringBuilder_AppendLine $sbPrivateKeyPem "7U1yQXnTAEFYM560yJlzUpOb1V4cScGd365tiSMvxLOvTA==" $bCrlf
CkStringBuilder_AppendLine $sbPrivateKeyPem "-----END RSA PRIVATE KEY-----" $bCrlf
set privKey [new_CkPrivateKey]
CkPrivateKey_LoadPem $privKey [CkStringBuilder_getAsString $sbPrivateKeyPem]
# All examples use this request:
#
# POST /foo?param=value&pet=dog HTTP/1.1
# Host: example.com
# Date: Sun, 05 Jan 2014 21:31:40 GMT
# Content-Type: application/json
# Digest: SHA-256=X48E9qOokqqrvdts8nOJRJN3OWDUoyWxBf7kbu9DBPE=
# Content-Length: 18
#
# {"hello": "world"}
# C.1. Default Test
#
# If a list of headers is not included, the date is the only header
# that is signed by default. The string to sign would be:
#
# date: Sun, 05 Jan 2014 21:31:40 GMT
#
# The Authorization header would be:
#
# Authorization: Signature keyId="Test",algorithm="rsa-sha256",
# signature="SjWJWbWN7i0wzBvtPl8rbASWz5xQW6mcJmn+ibttBqtifLN7Sazz
# 6m79cNfwwb8DMJ5cou1s7uEGKKCs+FLEEaDV5lp7q25WqS+lavg7T8hc0GppauB
# 6hbgEKTwblDHYGEtbGmtdHgVCk9SuS13F0hZ8FD0k/5OxEPXe5WozsbM="
#
# The Signature header would be:
#
# Signature: keyId="Test",algorithm="rsa-sha256",
# signature="SjWJWbWN7i0wzBvtPl8rbASWz5xQW6mcJmn+ibttBqtifLN7Sazz
# 6m79cNfwwb8DMJ5cou1s7uEGKKCs+FLEEaDV5lp7q25WqS+lavg7T8hc0GppauB
# 6hbgEKTwblDHYGEtbGmtdHgVCk9SuS13F0hZ8FD0k/5OxEPXe5WozsbM="
#
set dtNow [new_CkDateTime]
set success [CkDateTime_SetFromCurrentSystemTime $dtNow]
set dateStr [CkDateTime_getAsRfc822 $dtNow 0]
# To duplicate the above result, we'll hard-code the date string.
set dateStr "Sun, 05 Jan 2014 21:31:40 GMT"
set rsa [new_CkRsa]
set success [CkRsa_UsePrivateKey $rsa $privKey]
if {$success == 0} then {
puts [CkRsa_lastErrorText $rsa]
delete_CkStringBuilder $sbPublicKeyPem
delete_CkPublicKey $pubKey
delete_CkStringBuilder $sbPrivateKeyPem
delete_CkPrivateKey $privKey
delete_CkDateTime $dtNow
delete_CkRsa $rsa
exit
}
set sbStringToSign [new_CkStringBuilder]
CkStringBuilder_Append $sbStringToSign "date: "
CkStringBuilder_Append $sbStringToSign $dateStr
CkRsa_put_EncodingMode $rsa "base64"
set b64Signature [CkRsa_signStringENC $rsa [CkStringBuilder_getAsString $sbStringToSign] "SHA256"]
puts "$b64Signature"
puts "---------------------------"
# The result should be:
# SjWJWbWN7i0wzBvtPl8rbASW ... FD0k/5OxEPXe5WozsbM=
# ----------------------------------------------------------------------------------------------------
# C.2. Basic Test
#
# The minimum recommended data to sign is the (request-target), host,
# and date. In this case, the string to sign would be:
#
# (request-target): post /foo?param=value&pet=dog
# host: example.com
# date: Sun, 05 Jan 2014 21:31:40 GMT
#
# The Authorization header would be:
#
# Authorization: Signature keyId="Test",algorithm="rsa-sha256",
# headers="(request-target) host date", signature="qdx+H7PHHDZgy4
# y/Ahn9Tny9V3GP6YgBPyUXMmoxWtLbHpUnXS2mg2+SbrQDMCJypxBLSPQR2aAjn
# 7ndmw2iicw3HMbe8VfEdKFYRqzic+efkb3nndiv/x1xSHDJWeSWkx3ButlYSuBs
# kLu6kd9Fswtemr3lgdDEmn04swr2Os0="
CkStringBuilder_Clear $sbStringToSign
CkStringBuilder_Append $sbStringToSign "(request-target): "
CkStringBuilder_AppendLine $sbStringToSign "post /foo?param=value&pet=dog" 0
CkStringBuilder_Append $sbStringToSign "host: "
CkStringBuilder_AppendLine $sbStringToSign "example.com" 0
CkStringBuilder_Append $sbStringToSign "date: "
CkStringBuilder_Append $sbStringToSign $dateStr
puts "StringToSign:"
puts [CkStringBuilder_getAsString $sbStringToSign]
set b64Signature [CkRsa_signStringENC $rsa [CkStringBuilder_getAsString $sbStringToSign] "SHA256"]
puts "$b64Signature"
puts "---------------------------"
# The result should be:
# qdx+H7PHHDZgy4y/Ahn ... mn04swr2Os0=
delete_CkStringBuilder $sbPublicKeyPem
delete_CkPublicKey $pubKey
delete_CkStringBuilder $sbPrivateKeyPem
delete_CkPrivateKey $privKey
delete_CkDateTime $dtNow
delete_CkRsa $rsa
delete_CkStringBuilder $sbStringToSign