Sample code for 30+ languages & platforms
Tcl

Signing HTTP Messages

See more RSA Examples

Demonstrates how to sign HTTP messages per draft-cavage-http-signatures-10

Chilkat Tcl Downloads

Tcl

load ./chilkat.dll

set success 0

# This example requires the Chilkat API to have been previously unlocked.
# See Global Unlock Sample for sample code.

set bCrlf 1
set sbPublicKeyPem [new_CkStringBuilder]

CkStringBuilder_AppendLine $sbPublicKeyPem "-----BEGIN PUBLIC KEY-----" $bCrlf
CkStringBuilder_AppendLine $sbPublicKeyPem "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDCFENGw33yGihy92pDjZQhl0C3" $bCrlf
CkStringBuilder_AppendLine $sbPublicKeyPem "6rPJj+CvfSC8+q28hxA161QFNUd13wuCTUcq0Qd2qsBe/2hFyc2DCJJg0h1L78+6" $bCrlf
CkStringBuilder_AppendLine $sbPublicKeyPem "Z4UMR7EOcpfdUE9Hf3m/hs+FUR45uBJeDK1HSFHD8bHKD6kv8FPGfJTotc+2xjJw" $bCrlf
CkStringBuilder_AppendLine $sbPublicKeyPem "oYi+1hqp1fIekaxsyQIDAQAB" $bCrlf
CkStringBuilder_AppendLine $sbPublicKeyPem "-----END PUBLIC KEY-----" $bCrlf

set pubKey [new_CkPublicKey]

CkPublicKey_LoadFromString $pubKey [CkStringBuilder_getAsString $sbPublicKeyPem]

set sbPrivateKeyPem [new_CkStringBuilder]

CkStringBuilder_AppendLine $sbPrivateKeyPem "-----BEGIN RSA PRIVATE KEY-----" $bCrlf
CkStringBuilder_AppendLine $sbPrivateKeyPem "MIICXgIBAAKBgQDCFENGw33yGihy92pDjZQhl0C36rPJj+CvfSC8+q28hxA161QF" $bCrlf
CkStringBuilder_AppendLine $sbPrivateKeyPem "NUd13wuCTUcq0Qd2qsBe/2hFyc2DCJJg0h1L78+6Z4UMR7EOcpfdUE9Hf3m/hs+F" $bCrlf
CkStringBuilder_AppendLine $sbPrivateKeyPem "UR45uBJeDK1HSFHD8bHKD6kv8FPGfJTotc+2xjJwoYi+1hqp1fIekaxsyQIDAQAB" $bCrlf
CkStringBuilder_AppendLine $sbPrivateKeyPem "AoGBAJR8ZkCUvx5kzv+utdl7T5MnordT1TvoXXJGXK7ZZ+UuvMNUCdN2QPc4sBiA" $bCrlf
CkStringBuilder_AppendLine $sbPrivateKeyPem "QWvLw1cSKt5DsKZ8UETpYPy8pPYnnDEz2dDYiaew9+xEpubyeW2oH4Zx71wqBtOK" $bCrlf
CkStringBuilder_AppendLine $sbPrivateKeyPem "kqwrXa/pzdpiucRRjk6vE6YY7EBBs/g7uanVpGibOVAEsqH1AkEA7DkjVH28WDUg" $bCrlf
CkStringBuilder_AppendLine $sbPrivateKeyPem "f1nqvfn2Kj6CT7nIcE3jGJsZZ7zlZmBmHFDONMLUrXR/Zm3pR5m0tCmBqa5RK95u" $bCrlf
CkStringBuilder_AppendLine $sbPrivateKeyPem "412jt1dPIwJBANJT3v8pnkth48bQo/fKel6uEYyboRtA5/uHuHkZ6FQF7OUkGogc" $bCrlf
CkStringBuilder_AppendLine $sbPrivateKeyPem "mSJluOdc5t6hI1VsLn0QZEjQZMEOWr+wKSMCQQCC4kXJEsHAve77oP6HtG/IiEn7" $bCrlf
CkStringBuilder_AppendLine $sbPrivateKeyPem "kpyUXRNvFsDE0czpJJBvL/aRFUJxuRK91jhjC68sA7NsKMGg5OXb5I5Jj36xAkEA" $bCrlf
CkStringBuilder_AppendLine $sbPrivateKeyPem "gIT7aFOYBFwGgQAQkWNKLvySgKbAZRTeLBacpHMuQdl1DfdntvAyqpAZ0lY0RKmW" $bCrlf
CkStringBuilder_AppendLine $sbPrivateKeyPem "G6aFKaqQfOXKCyWoUiVknQJAXrlgySFci/2ueKlIE1QqIiLSZ8V8OlpFLRnb1pzI" $bCrlf
CkStringBuilder_AppendLine $sbPrivateKeyPem "7U1yQXnTAEFYM560yJlzUpOb1V4cScGd365tiSMvxLOvTA==" $bCrlf
CkStringBuilder_AppendLine $sbPrivateKeyPem "-----END RSA PRIVATE KEY-----" $bCrlf

set privKey [new_CkPrivateKey]

CkPrivateKey_LoadPem $privKey [CkStringBuilder_getAsString $sbPrivateKeyPem]

#    All examples use this request:
# 
#    POST /foo?param=value&pet=dog HTTP/1.1
#    Host: example.com
#    Date: Sun, 05 Jan 2014 21:31:40 GMT
#    Content-Type: application/json
#    Digest: SHA-256=X48E9qOokqqrvdts8nOJRJN3OWDUoyWxBf7kbu9DBPE=
#    Content-Length: 18
# 
#    {"hello": "world"}

# C.1.  Default Test
# 
#    If a list of headers is not included, the date is the only header
#    that is signed by default.  The string to sign would be:
# 
#    date: Sun, 05 Jan 2014 21:31:40 GMT
# 
#    The Authorization header would be:
# 
#    Authorization: Signature keyId="Test",algorithm="rsa-sha256",
#    signature="SjWJWbWN7i0wzBvtPl8rbASWz5xQW6mcJmn+ibttBqtifLN7Sazz
#    6m79cNfwwb8DMJ5cou1s7uEGKKCs+FLEEaDV5lp7q25WqS+lavg7T8hc0GppauB
#    6hbgEKTwblDHYGEtbGmtdHgVCk9SuS13F0hZ8FD0k/5OxEPXe5WozsbM="
# 
#    The Signature header would be:
# 
#    Signature: keyId="Test",algorithm="rsa-sha256",
#    signature="SjWJWbWN7i0wzBvtPl8rbASWz5xQW6mcJmn+ibttBqtifLN7Sazz
#    6m79cNfwwb8DMJ5cou1s7uEGKKCs+FLEEaDV5lp7q25WqS+lavg7T8hc0GppauB
#    6hbgEKTwblDHYGEtbGmtdHgVCk9SuS13F0hZ8FD0k/5OxEPXe5WozsbM="
# 

set dtNow [new_CkDateTime]

set success [CkDateTime_SetFromCurrentSystemTime $dtNow]
set dateStr [CkDateTime_getAsRfc822 $dtNow 0]

# To duplicate the above result, we'll hard-code the date string.
set dateStr "Sun, 05 Jan 2014 21:31:40 GMT"

set rsa [new_CkRsa]

set success [CkRsa_UsePrivateKey $rsa $privKey]
if {$success == 0} then {
    puts [CkRsa_lastErrorText $rsa]
    delete_CkStringBuilder $sbPublicKeyPem
    delete_CkPublicKey $pubKey
    delete_CkStringBuilder $sbPrivateKeyPem
    delete_CkPrivateKey $privKey
    delete_CkDateTime $dtNow
    delete_CkRsa $rsa
    exit
}

set sbStringToSign [new_CkStringBuilder]

CkStringBuilder_Append $sbStringToSign "date: "
CkStringBuilder_Append $sbStringToSign $dateStr

CkRsa_put_EncodingMode $rsa "base64"
set b64Signature [CkRsa_signStringENC $rsa [CkStringBuilder_getAsString $sbStringToSign] "SHA256"]
puts "$b64Signature"
puts "---------------------------"

# The result should be:
# SjWJWbWN7i0wzBvtPl8rbASW ... FD0k/5OxEPXe5WozsbM=

# ----------------------------------------------------------------------------------------------------

# C.2.  Basic Test
# 
#    The minimum recommended data to sign is the (request-target), host,
#    and date.  In this case, the string to sign would be:
# 
#    (request-target): post /foo?param=value&pet=dog
#    host: example.com
#    date: Sun, 05 Jan 2014 21:31:40 GMT
# 
#    The Authorization header would be:
# 
#    Authorization: Signature keyId="Test",algorithm="rsa-sha256",
#    headers="(request-target) host date", signature="qdx+H7PHHDZgy4
#    y/Ahn9Tny9V3GP6YgBPyUXMmoxWtLbHpUnXS2mg2+SbrQDMCJypxBLSPQR2aAjn
#    7ndmw2iicw3HMbe8VfEdKFYRqzic+efkb3nndiv/x1xSHDJWeSWkx3ButlYSuBs
#    kLu6kd9Fswtemr3lgdDEmn04swr2Os0="

CkStringBuilder_Clear $sbStringToSign
CkStringBuilder_Append $sbStringToSign "(request-target): "
CkStringBuilder_AppendLine $sbStringToSign "post /foo?param=value&pet=dog" 0
CkStringBuilder_Append $sbStringToSign "host: "
CkStringBuilder_AppendLine $sbStringToSign "example.com" 0
CkStringBuilder_Append $sbStringToSign "date: "
CkStringBuilder_Append $sbStringToSign $dateStr

puts "StringToSign:"
puts [CkStringBuilder_getAsString $sbStringToSign]
set b64Signature [CkRsa_signStringENC $rsa [CkStringBuilder_getAsString $sbStringToSign] "SHA256"]
puts "$b64Signature"
puts "---------------------------"

# The result should be:
# qdx+H7PHHDZgy4y/Ahn ... mn04swr2Os0=

delete_CkStringBuilder $sbPublicKeyPem
delete_CkPublicKey $pubKey
delete_CkStringBuilder $sbPrivateKeyPem
delete_CkPrivateKey $privKey
delete_CkDateTime $dtNow
delete_CkRsa $rsa
delete_CkStringBuilder $sbStringToSign