(Unicode C) XAdES XML Signature using ARSS (Aruba Remote Signing Service)

See more Signing in the Cloud Examples

Demonstrates how to sign XML using ARSS (Aruba Remote Signing Service).

Note: This example requires Chilkat v9.5.0.96 or greater.

Chilkat C/C++ Library Downloads
MS Visual C/C++ Linux/CentOS C/C++ Alpine Linux C/C++ MAC OS X C/C++	armhf/aarch64 C/C++ C++ Builder iOS C/C++ Android C/C++	Solaris C/C++ MinGW C/C++

#include <C_CkStringBuilderW.h>
#include <C_CkCertW.h>
#include <C_CkJsonObjectW.h>
#include <C_CkXmlDSigGenW.h>

void ChilkatSample(void)
    {
    HCkStringBuilderW sbXml;
    BOOL bCrlf;
    HCkCertW cert;
    BOOL success;
    HCkJsonObjectW jsonArss;
    HCkXmlDSigGenW gen;
    BOOL bUsePrivateKey;

    // This example requires the Chilkat API to have been previously unlocked.
    // See Global Unlock Sample for sample code.

    // --------------------------------------------------------------------------------
    // Also see Chilkat's Online WSDL Code Generator
    // to generate code and SOAP Request and Response XML for each operation in a WSDL.
    // --------------------------------------------------------------------------------

    // Create the XML to be signed.
    sbXml = CkStringBuilderW_Create();

    bCrlf = TRUE;
    CkStringBuilderW_AppendLine(sbXml,L"<?xml version=\"1.0\" encoding=\"UTF-8\" standalone=\"no\" ?>",bCrlf);
    CkStringBuilderW_AppendLine(sbXml,L"<SOAP-ENV:Envelope xmlns:SOAP-ENV=\"http://schemas.xmlsoap.org/soap/envelope/\">",bCrlf);
    CkStringBuilderW_AppendLine(sbXml,L"    <SOAP-ENV:Header>",bCrlf);
    CkStringBuilderW_AppendLine(sbXml,L"        <wsse:Security xmlns:wsse=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd\" SOAP-ENV:mustUnderstand=\"1\"></wsse:Security>",bCrlf);
    CkStringBuilderW_AppendLine(sbXml,L"    </SOAP-ENV:Header>",bCrlf);
    CkStringBuilderW_AppendLine(sbXml,L"    <SOAP-ENV:Body xmlns:SOAP-SEC=\"http://schemas.xmlsoap.org/soap/security/2000-12\" SOAP-SEC:id=\"Body\">",bCrlf);
    CkStringBuilderW_AppendLine(sbXml,L"        <z:FooBar xmlns:z=\"http://example.com\" />",bCrlf);
    CkStringBuilderW_AppendLine(sbXml,L"    </SOAP-ENV:Body>",bCrlf);
    CkStringBuilderW_AppendLine(sbXml,L"</SOAP-ENV:Envelope>",bCrlf);

    // Specify the signing certificate and the ARSS credentials

    // Load the certificate used for signing.  The certificate's private key is stored on 
    // the Aruba.it server and the signing will happen remotely using the
    // ARSS (Aruba Remote Signing Service).
    // However, we still need the certificate locally (without private key).
    cert = CkCertW_Create();
    success = CkCertW_LoadFromFile(cert,L"qa_data/certs/myCert.cer");
    if (success == FALSE) {
        wprintf(L"%s\n",CkCertW_lastErrorText(cert));
        CkStringBuilderW_Dispose(sbXml);
        CkCertW_Dispose(cert);
        return;
    }

    // To sign using the Aruba Remote Signing Service, 
    // add the following lines of code to specify your authentication credentials,
    // and the ID of the certificate w/ private key on the server to be used.
    jsonArss = CkJsonObjectW_Create();

    // Set the "service" equal to "ARSS" to tell Chilkat to use ARSS for signing.
    CkJsonObjectW_UpdateString(jsonArss,L"service",L"ARSS");
    // Specify the certificate ID, such as "AS0"
    // This certificate should match the certificate loaded in the above code.
    CkJsonObjectW_UpdateString(jsonArss,L"certID",L"YOUR_ARSS_CERT_ID");
    CkJsonObjectW_UpdateString(jsonArss,L"otpPwd",L"YOUR_OTP_PWD");
    CkJsonObjectW_UpdateString(jsonArss,L"typeOtpAuth",L"demoprod");
    CkJsonObjectW_UpdateString(jsonArss,L"user",L"YOUR_ARSS_USERNAME");
    CkJsonObjectW_UpdateString(jsonArss,L"userPWD",L"YOUR_ARSS_PASSWORD");
    success = CkCertW_SetCloudSigner(cert,jsonArss);

    // Prepare for signing...
    gen = CkXmlDSigGenW_Create();

    // Indicate where the Signature will be inserted.
    CkXmlDSigGenW_putSigLocation(gen,L"SOAP-ENV:Envelope|SOAP-ENV:Header|wsse:Security");

    // Add a reference to the fragment of the XML to be signed.

    // Note: "Body" refers to the XML element having an "id" equal to "Body", where "id" is case insensitive
    // and where any namespace might qualify the attribute.  In this case, the SOAP-ENV:Body fragment is signed
    // NOT because the tag = "Body", but because it has SOAP-SEC:id="Body"
    CkXmlDSigGenW_AddSameDocRef(gen,L"Body",L"sha1",L"EXCL_C14N",L"",L"");

    // (You can read about the SignedInfoPrefixList in the online reference documentation.  It's optional..)
    CkXmlDSigGenW_putSignedInfoPrefixList(gen,L"wsse SOAP-ENV");

    CkXmlDSigGenW_putKeyInfoType(gen,L"X509Data");
    CkXmlDSigGenW_putX509Type(gen,L"IssuerSerial");

    bUsePrivateKey = TRUE;
    success = CkXmlDSigGenW_SetX509Cert(gen,cert,bUsePrivateKey);
    if (success != TRUE) {
        wprintf(L"%s\n",CkXmlDSigGenW_lastErrorText(gen));
        CkCertW_Dispose(cert);
        CkStringBuilderW_Dispose(sbXml);
        CkCertW_Dispose(cert);
        CkJsonObjectW_Dispose(jsonArss);
        CkXmlDSigGenW_Dispose(gen);
        return;
    }

    // Everything's specified.  Now create and insert the Signature
    // (The actual signing of the hash will happen on the Aruba server.)
    success = CkXmlDSigGenW_CreateXmlDSigSb(gen,sbXml);
    if (success != TRUE) {
        wprintf(L"%s\n",CkXmlDSigGenW_lastErrorText(gen));
        CkStringBuilderW_Dispose(sbXml);
        CkCertW_Dispose(cert);
        CkJsonObjectW_Dispose(jsonArss);
        CkXmlDSigGenW_Dispose(gen);
        return;
    }

    // Examine the XML with the digital signature inserted
    wprintf(L"%s\n",CkStringBuilderW_getAsString(sbXml));


    CkStringBuilderW_Dispose(sbXml);
    CkCertW_Dispose(cert);
    CkJsonObjectW_Dispose(jsonArss);
    CkXmlDSigGenW_Dispose(gen);

    }