(Unicode C) Sign Italian SPID Metadata XML

Demonstrates how to create an XML digital signature for Italian SPID Metadata.

Chilkat C/C++ Library Downloads
MS Visual C/C++ Linux/CentOS C/C++ Alpine Linux C/C++ MAC OS X C/C++	armhf/aarch64 C/C++ C++ Builder iOS C/C++ Android C/C++	Solaris C/C++ MinGW C/C++

#include <C_CkStringBuilderW.h>
#include <C_CkXmlDSigGenW.h>
#include <C_CkCertW.h>
#include <C_CkXmlDSigW.h>

void ChilkatSample(void)
    {
    BOOL success;
    HCkStringBuilderW sbXml;
    HCkXmlDSigGenW gen;
    HCkCertW cert;
    HCkXmlDSigW verifier;
    int numSigs;
    int verifyIdx;
    BOOL verified;

    // This example assumes the Chilkat API to have been previously unlocked.
    // See Global Unlock Sample for sample code.

    success = TRUE;

    // Load the XML to be signed.
    sbXml = CkStringBuilderW_Create();
    success = CkStringBuilderW_LoadFile(sbXml,L"qa_data/xml_dsig/spid_metadata.xml",L"utf-8");
    if (success == FALSE) {
        wprintf(L"Failed to load the input file.\n");
        CkStringBuilderW_Dispose(sbXml);
        return;
    }

    // The XML to sign contains XML such as this:

    // <?xml version="1.0" encoding="utf-8"?>
    // <md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" entityID="https://***.it" ID="_AE17AFFF-A600-49D5-B81D-76EEA55B50FF">
    //     <md:SPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol" AuthnRequestsSigned="true" WantAssertionsSigned="true">
    //         <md:KeyDescriptor use="signing">
    //             <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
    //                 <ds:X509Data>
    //                     <ds:X509Certificate>MIIF5...</ds:X509Certificate>
    //                 </ds:X509Data>
    //             </ds:KeyInfo>
    //         </md:KeyDescriptor>
    //         <md:KeyDescriptor use="encryption">
    //             <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
    //                 <ds:X509Data>
    //                     <ds:X509Certificate>MIIF5...</ds:X509Certificate>
    //                 </ds:X509Data>
    //             </ds:KeyInfo>
    //         </md:KeyDescriptor>
    //         <md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://***.it/it-it/spid/logout"/>
    //         <md:NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:transient</md:NameIDFormat>
    //         <md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://***.it/it-it/spid/loginresp" index="0" isDefault="true"/>
    //         <md:AttributeConsumingService index="1">
    //             <md:ServiceName xml:lang="it">Servizi Online</md:ServiceName>
    //             <md:ServiceDescription xml:lang="it">Accesso ai Servizi Online</md:ServiceDescription>
    //             <md:RequestedAttribute Name="spidCode" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic"/>
    //             <md:RequestedAttribute Name="name" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic"/>
    //             <md:RequestedAttribute Name="familyName" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic"/>
    //             <md:RequestedAttribute Name="fiscalNumber" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic"/>
    //         </md:AttributeConsumingService>
    //     </md:SPSSODescriptor>
    //     <md:Organization>
    //         <md:OrganizationName xml:lang="it">SomeCompany s.r.l.</md:OrganizationName>
    //         <md:OrganizationDisplayName xml:lang="it">SomeCompany s.r.l.</md:OrganizationDisplayName>
    //         <md:OrganizationURL xml:lang="it">https://***.it</md:OrganizationURL>
    //     </md:Organization>
    // </md:EntityDescriptor>

    gen = CkXmlDSigGenW_Create();

    CkXmlDSigGenW_putSigLocation(gen,L"md:EntityDescriptor|md:SPSSODescriptor");
    CkXmlDSigGenW_putSigLocationMod(gen,2);
    CkXmlDSigGenW_putSignedInfoCanonAlg(gen,L"EXCL_C14N");
    CkXmlDSigGenW_putSignedInfoDigestMethod(gen,L"sha256");

    // -------- Reference 1 --------
    CkXmlDSigGenW_AddSameDocRef(gen,L"_AE17AFFF-A600-49D5-B81D-76EEA55B50FF",L"sha256",L"EXCL_C14N",L"",L"");

    // Provide a certificate + private key. (PFX password is test123)
    cert = CkCertW_Create();
    success = CkCertW_LoadPfxFile(cert,L"qa_data/pfx/cert_test123.pfx",L"test123");
    if (success != TRUE) {
        wprintf(L"%s\n",CkCertW_lastErrorText(cert));
        CkStringBuilderW_Dispose(sbXml);
        CkXmlDSigGenW_Dispose(gen);
        CkCertW_Dispose(cert);
        return;
    }

    CkXmlDSigGenW_SetX509Cert(gen,cert,TRUE);

    CkXmlDSigGenW_putKeyInfoType(gen,L"X509Data+KeyValue");
    CkXmlDSigGenW_putX509Type(gen,L"Certificate");

    CkXmlDSigGenW_putBehaviors(gen,L"IndentedSignature,ForceAddEnvelopedSignatureTransform,OmitAlreadyDefinedSigNamespace");

    // Sign the XML...
    success = CkXmlDSigGenW_CreateXmlDSigSb(gen,sbXml);
    if (success != TRUE) {
        wprintf(L"%s\n",CkXmlDSigGenW_lastErrorText(gen));
        CkStringBuilderW_Dispose(sbXml);
        CkXmlDSigGenW_Dispose(gen);
        CkCertW_Dispose(cert);
        return;
    }

    // -----------------------------------------------

    // Save the signed XML to a file.
    success = CkStringBuilderW_WriteFile(sbXml,L"qa_output/signedXml.xml",L"utf-8",FALSE);

    wprintf(L"%s\n",CkStringBuilderW_getAsString(sbXml));

    // ----------------------------------------
    // Verify the signatures we just produced...
    verifier = CkXmlDSigW_Create();
    success = CkXmlDSigW_LoadSignatureSb(verifier,sbXml);
    if (success != TRUE) {
        wprintf(L"%s\n",CkXmlDSigW_lastErrorText(verifier));
        CkStringBuilderW_Dispose(sbXml);
        CkXmlDSigGenW_Dispose(gen);
        CkCertW_Dispose(cert);
        CkXmlDSigW_Dispose(verifier);
        return;
    }

    numSigs = CkXmlDSigW_getNumSignatures(verifier);
    verifyIdx = 0;
    while (verifyIdx < numSigs) {
        CkXmlDSigW_putSelector(verifier,verifyIdx);
        verified = CkXmlDSigW_VerifySignature(verifier,TRUE);
        if (verified != TRUE) {
            wprintf(L"%s\n",CkXmlDSigW_lastErrorText(verifier));
            CkStringBuilderW_Dispose(sbXml);
            CkXmlDSigGenW_Dispose(gen);
            CkCertW_Dispose(cert);
            CkXmlDSigW_Dispose(verifier);
            return;
        }

        verifyIdx = verifyIdx + 1;
    }

    wprintf(L"All signatures were successfully verified.\n");


    CkStringBuilderW_Dispose(sbXml);
    CkXmlDSigGenW_Dispose(gen);
    CkCertW_Dispose(cert);
    CkXmlDSigW_Dispose(verifier);

    }