Chilkat HOME Android™ Classic ASP C C++ C# Mono C# .NET Core C# C# UWP/WinRT DataFlex Delphi ActiveX Delphi DLL Visual FoxPro Java Lianja MFC Objective-C Perl PHP ActiveX PHP Extension PowerBuilder PowerShell PureBasic CkPython Chilkat2-Python Ruby SQL Server Swift 2 Swift 3,4,5... Tcl Unicode C Unicode C++ Visual Basic 6.0 VB.NET VB.NET UWP/WinRT VBScript Xojo Plugin Node.js Excel Go
(VB.NET UWP/WinRT) Create IRS MeF Login Service Request MessageThis example demonstrates how to create a digitally signed Login Service Request Message. This example used the documentation at https://www.irs.gov/pub/irs-utl/mef-doc-stp_ref_guide.pdf as a guide. It creates signed XML as specified in section 4.1.1 found in Section 4: Example A2A Web Service Messages.
' This example requires the Chilkat API to have been previously unlocked. ' See Global Unlock Sample for sample code. ' The goal of this example is to create signed SOAP XML such as the following: ' IMPORTANT: The IRS's PDF documentation at https://www.irs.gov/pub/irs-utl/mef-doc-stp_ref_guide.pdf ' contains a mistake in the section 4.1.1. Specifically, the Id="hdr" attribute is wrong. It must match the Reference in the ds:Signature, ' which is why we changed it to "myHdr". ' <?xml version="1.0" encoding="UTF-8" ?> ' <SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"> ' <SOAP-ENV:Header> ' <ns1:MeFHeader xmlns:ns1="http://www.irs.gov/a2a/mef/MeFHeader.xsd" Id="myHdr"> ' <ns1:MessageID>001232006026123abcde</ns1:MessageID> ' <ns1:Action>https://www.irs.gov/a2a/mef/Login/</ns1:Action> ' <ns1:MessageTs>2006-09-27T08:55:29.348Z</ns1:MessageTs> ' <ns1:ETIN>00123</ns1:ETIN> ' <ns1:SessionKeyCd>Y</ns1:SessionKeyCd> ' <ns1:TestCd>T</ns1:TestCd> ' <ns1:AppSysID>username</ns1:AppSysID> ' <ns1:WSDLVersionNum>10.0</ns1:WSDLVersionNum> ' </ns1:MeFHeader> ' <wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"> ' <wsse:BinarySecurityToken ' ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" ' EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" ' wsu:Id="X509Token">/CgBr+1CEl/PtYtAaMB0GA1UdDgQWBBSrtL3lSnDOzSluMLggQUgHpkDFGTAJBgNV HRMEAjAAMBkGCSqGSIb2fQdBAAQMMAobBFY1LjADAgMoMA0GCSqGSIb3DQEB BQUAA4GBAC6SVzmX2I2kr5f0Na83ujcSwixpzHE2LqLBFsKm0GdPdarHFB2Qt85zbQ9 PRCROObm9HCIO5KMCjHp7D4g+.0QVA36IbEn8</wsse:BinarySecurityToken> ' ' <ds:Signature> ' <ds:SignedInfo> ' <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /> ' <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" /> ' <ds:Reference URI="#myHdr"> ' <ds:Transforms> ' <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /> ' </ds:Transforms> ' <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /> ' <ds:DigestValue>qZk+NkcGgWq6PiVxeFDCbJzQ2J0=</ds:DigestValue> ' </ds:Reference> ' <ds:Reference URI="#myBody"> ' <ds:Transforms> ' <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /> ' </ds:Transforms> ' <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /> ' <ds:DigestValue>hJg+RBw70m66rkqh+VEp5eVGcPE=</ds:DigestValue> ' </ds:Reference> ' </ds:SignedInfo> ' <ds:SignatureValue>dsBeQ9qNXM1yU6BbWdBkSN676inwf+CgDORUKqOFuwWUzaOxUmHIq1Pb7uAB Yw6xkooLbQGS/M3t4Df+hd31prR9Pn9IFqG87Rt169+Il8L9GRgPhAATgne8Rh3jOaq nfrJ5BBM0VmbZdL+c7dfNcnpW13D/kltZMvlFRXR87Hs=</ds:SignatureValue> ' <ds:KeyInfo> ' <wsse:SecurityTokenReference> ' <wsse:Reference URI="#X509Token" /> ' </wsse:SecurityTokenReference> ' </ds:KeyInfo> ' </ds:Signature> ' </wsse:Security> ' </SOAP-ENV:Header> ' <SOAP-ENV:Body ID="myBody"> ' <LoginRequest xmlns="http://www.irs.gov/a2a/mef/MeFMSIServices.xsd" /> ' </SOAP-ENV:Body> ' </SOAP-ENV:Envelope> ' ------------------------------------------------------------------------------------------- ' First, let's load the certificate + private key to be used for signing (from a PFX). ' (It is also possible to use certificates installed on a Windows system, or from other file formats..) Dim pfx As New Chilkat.Pfx Dim success As Boolean = pfx.LoadPfxFile("qa_data/pfx/cert_test123.pfx","test123") If (success <> True) Then Debug.WriteLine(pfx.LastErrorText) Exit Sub End If ' We'll be needing the X.509 signing cert as base64 for the BinarySecurityToken, so let's get it now.. ' The certificate having the private key should be the 1st in the PFX. Dim signingCert As Chilkat.Cert = pfx.GetCert(0) If (pfx.LastMethodSuccess <> True) Then Debug.WriteLine(pfx.LastErrorText) Exit Sub End If Dim bdCert As New Chilkat.BinData signingCert.ExportCertDerBd(bdCert) Dim sbCert64 As New Chilkat.StringBuilder bdCert.GetEncodedSb("base64",sbCert64) ' ------------------------------------------------------------------------------------------- ' The XML before signing would look like this: ' <?xml version="1.0" encoding="UTF-8" ?> ' <SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"> ' <SOAP-ENV:Header> ' <ns1:MeFHeader xmlns:ns1="http://www.irs.gov/a2a/mef/MeFHeader.xsd" Id="myHdr"> ' <ns1:MessageID>001232006026123abcde</ns1:MessageID> ' <ns1:Action>https://www.irs.gov/a2a/mef/Login/</ns1:Action> ' <ns1:MessageTs>2006-09-27T08:55:29.348Z</ns1:MessageTs> ' <ns1:ETIN>00123</ns1:ETIN> ' <ns1:SessionKeyCd>Y</ns1:SessionKeyCd> ' <ns1:TestCd>T</ns1:TestCd> ' <ns1:AppSysID>username</ns1:AppSysID> ' <ns1:WSDLVersionNum>10.0</ns1:WSDLVersionNum> ' </ns1:MeFHeader> ' <wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"> ' <wsse:BinarySecurityToken ' ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" ' EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" ' wsu:Id="X509Token">/CgBr+1CEl/PtYtAaMB0GA1UdDgQWBBSrtL3lSnDOzSluMLggQUgHpkDFGTAJBgNV HRMEAjAAMBkGCSqGSIb2fQdBAAQMMAobBFY1LjADAgMoMA0GCSqGSIb3DQEB BQUAA4GBAC6SVzmX2I2kr5f0Na83ujcSwixpzHE2LqLBFsKm0GdPdarHFB2Qt85zbQ9 PRCROObm9HCIO5KMCjHp7D4g+.0QVA36IbEn8</wsse:BinarySecurityToken> ' ' </wsse:Security> ' </SOAP-ENV:Header> ' <SOAP-ENV:Body ID="myBody"> ' <LoginRequest xmlns="http://www.irs.gov/a2a/mef/MeFMSIServices.xsd" /> ' </SOAP-ENV:Body> ' </SOAP-ENV:Envelope> ' You can use the online XML code generation tool at http://tools.chilkat.io/xmlCreate.cshtml ' to generate the following XML creation source code: Dim xml As New Chilkat.Xml xml.Tag = "SOAP-ENV:Envelope" xml.AddAttribute("xmlns:SOAP-ENV","http://schemas.xmlsoap.org/soap/envelope/") xml.AddAttribute("xmlns:xsd","http://www.w3.org/2001/XMLSchema") xml.AddAttribute("xmlns:xsi","http://www.w3.org/2001/XMLSchema-instance") xml.AddAttribute("xmlns:ds","http://www.w3.org/2000/09/xmldsig#") xml.UpdateAttrAt("SOAP-ENV:Header|ns1:MeFHeader",True,"xmlns:ns1","http://www.irs.gov/a2a/mef/MeFHeader.xsd") xml.UpdateAttrAt("SOAP-ENV:Header|ns1:MeFHeader",True,"Id","myHdr") xml.UpdateChildContent("SOAP-ENV:Header|ns1:MeFHeader|ns1:MessageID","001232006026123abcde") xml.UpdateChildContent("SOAP-ENV:Header|ns1:MeFHeader|ns1:Action","https://www.irs.gov/a2a/mef/Login/") xml.UpdateChildContent("SOAP-ENV:Header|ns1:MeFHeader|ns1:MessageTs","2006-09-27T08:55:29.348Z") xml.UpdateChildContent("SOAP-ENV:Header|ns1:MeFHeader|ns1:ETIN","00123") xml.UpdateChildContent("SOAP-ENV:Header|ns1:MeFHeader|ns1:SessionKeyCd","Y") xml.UpdateChildContent("SOAP-ENV:Header|ns1:MeFHeader|ns1:TestCd","T") xml.UpdateChildContent("SOAP-ENV:Header|ns1:MeFHeader|ns1:AppSysID","username") xml.UpdateChildContent("SOAP-ENV:Header|ns1:MeFHeader|ns1:WSDLVersionNum","10.0") xml.UpdateAttrAt("SOAP-ENV:Header|wsse:Security",True,"xmlns:wsse","http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd") xml.UpdateAttrAt("SOAP-ENV:Header|wsse:Security",True,"xmlns:wsu","http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd") xml.UpdateAttrAt("SOAP-ENV:Header|wsse:Security|wsse:BinarySecurityToken",True,"ValueType","http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3") xml.UpdateAttrAt("SOAP-ENV:Header|wsse:Security|wsse:BinarySecurityToken",True,"EncodingType","http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary") xml.UpdateAttrAt("SOAP-ENV:Header|wsse:Security|wsse:BinarySecurityToken",True,"wsu:Id","X509Token") xml.UpdateChildContent("SOAP-ENV:Header|wsse:Security|wsse:BinarySecurityToken",sbCert64.GetAsString()) xml.UpdateAttrAt("SOAP-ENV:Body",True,"ID","myBody") xml.UpdateAttrAt("SOAP-ENV:Body|LoginRequest",True,"xmlns","http://www.irs.gov/a2a/mef/MeFMSIServices.xsd") ' ------------------------------------------------------------------------------------------- ' Setup the XML DSig generator object to create the desired signature. Dim gen As New Chilkat.XmlDSigGen ' Indicate where the signature is to be placed. gen.SigLocation = "SOAP-ENV:Envelope|SOAP-ENV:Header|wsse:Security" ' Specify namespace prefix and algorithms. gen.SigNamespacePrefix = "ds" gen.SignedInfoCanonAlg = "EXCL_C14N" gen.SignedInfoDigestMethod = "sha1" ' Indicate what is to be signed.. success = gen.AddSameDocRef("myHdr","sha1","EXCL_C14N","","") success = gen.AddSameDocRef("myBody","sha1","EXCL_C14N","","") ' We want the ds:Signature's KeyInfo to contain the following XML: ' <wsse:SecurityTokenReference> ' <wsse:Reference URI="#X509Token" /> ' </wsse:SecurityTokenReference> ' Create the above XML... Dim xmlSecTokRef As New Chilkat.Xml xmlSecTokRef.Tag = "wsse:SecurityTokenReference" xmlSecTokRef.UpdateAttrAt("wsse:Reference",True,"URI","#X509Token") ' Indicate that the KeyInfoType is "Custom" to allow us to provide the exact XML snippet that will go in KeyInfo. gen.KeyInfoType = "Custom" xmlSecTokRef.EmitCompact = True ' Don't emit the XML declarator for this (it's important). xmlSecTokRef.EmitXmlDecl = False gen.CustomKeyInfoXml = xmlSecTokRef.GetXml() ' Provide the certificate for signing. gen.SetX509Cert(signingCert,True) ' ------------------------------------------------------------------------------------------- ' OK.. everything is prepared to create the signed XML. ' XML signatures are super-complicated, and one source of errors involves whitespace in XML, which must be ' maintained exactly or else the signature becomes invalid. One way to help avoid such errors, ' especially if the XML is intended for processing (i.e. not human eyes), is to sign compact XML ' where no extra whitespace exists. Also, we can produce the XML signature on a single line. ' Therefore, the entire signed XML is one line (except for the XML declarator), and we avoid ' all potential problems relating to anything that migh muck with XML formatting or indentation. ' Let's do that.. ' First, get the XML to be signed in compact form (one line, no indenting or whitespace). xml.EmitCompact = True Dim sbLoginRequest As New Chilkat.StringBuilder xml.GetXmlSb(sbLoginRequest) ' Indicate we desire compact (single-line) signed XML. gen.Behaviors = "CompactSignedXml" ' Sign the XML. This adds the ds:Signature to the XML in sbLoginRequest. success = gen.CreateXmlDSigSb(sbLoginRequest) If (success <> True) Then Debug.WriteLine(gen.LastErrorText) Exit Sub End If ' Show the result Debug.WriteLine(sbLoginRequest.GetAsString()) Debug.WriteLine("----") ' Alternatively, we can create a completely non-compact signature, fully indented.. sbLoginRequest.Clear() xml.EmitCompact = False xml.GetXmlSb(sbLoginRequest) gen.Behaviors = "IndentedSignature" success = gen.CreateXmlDSigSb(sbLoginRequest) Debug.WriteLine(sbLoginRequest.GetAsString()) |
© 2000-2022 Chilkat Software, Inc. All Rights Reserved.