(VB.NET UWP/WinRT) Sign Italian SPID Metadata XML

Demonstrates how to create an XML digital signature for Italian SPID Metadata.

Chilkat Universal Windows Platform (UWP) / WinRT Downloads Chilkat for the Universal Windows Platform (UWP)

' This example assumes the Chilkat API to have been previously unlocked.
' See Global Unlock Sample for sample code.

Dim success As Boolean = True

' Load the XML to be signed.
Dim sbXml As New Chilkat.StringBuilder
success = sbXml.LoadFile("qa_data/xml_dsig/spid_metadata.xml","utf-8")
If (success = False) Then
    Debug.WriteLine("Failed to load the input file.")
    Exit Sub
End If


' The XML to sign contains XML such as this:

' <?xml version="1.0" encoding="utf-8"?>
' <md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" entityID="https://***.it" ID="_AE17AFFF-A600-49D5-B81D-76EEA55B50FF">
'     <md:SPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol" AuthnRequestsSigned="true" WantAssertionsSigned="true">
'         <md:KeyDescriptor use="signing">
'             <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
'                 <ds:X509Data>
'                     <ds:X509Certificate>MIIF5...</ds:X509Certificate>
'                 </ds:X509Data>
'             </ds:KeyInfo>
'         </md:KeyDescriptor>
'         <md:KeyDescriptor use="encryption">
'             <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
'                 <ds:X509Data>
'                     <ds:X509Certificate>MIIF5...</ds:X509Certificate>
'                 </ds:X509Data>
'             </ds:KeyInfo>
'         </md:KeyDescriptor>
'         <md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://***.it/it-it/spid/logout"/>
'         <md:NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:transient</md:NameIDFormat>
'         <md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://***.it/it-it/spid/loginresp" index="0" isDefault="true"/>
'         <md:AttributeConsumingService index="1">
'             <md:ServiceName xml:lang="it">Servizi Online</md:ServiceName>
'             <md:ServiceDescription xml:lang="it">Accesso ai Servizi Online</md:ServiceDescription>
'             <md:RequestedAttribute Name="spidCode" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic"/>
'             <md:RequestedAttribute Name="name" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic"/>
'             <md:RequestedAttribute Name="familyName" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic"/>
'             <md:RequestedAttribute Name="fiscalNumber" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic"/>
'         </md:AttributeConsumingService>
'     </md:SPSSODescriptor>
'     <md:Organization>
'         <md:OrganizationName xml:lang="it">SomeCompany s.r.l.</md:OrganizationName>
'         <md:OrganizationDisplayName xml:lang="it">SomeCompany s.r.l.</md:OrganizationDisplayName>
'         <md:OrganizationURL xml:lang="it">https://***.it</md:OrganizationURL>
'     </md:Organization>
' </md:EntityDescriptor>


Dim gen As New Chilkat.XmlDSigGen

gen.SigLocation = "md:EntityDescriptor|md:SPSSODescriptor"
gen.SigLocationMod = 2
gen.SignedInfoCanonAlg = "EXCL_C14N"
gen.SignedInfoDigestMethod = "sha256"

' -------- Reference 1 --------
gen.AddSameDocRef("_AE17AFFF-A600-49D5-B81D-76EEA55B50FF","sha256","EXCL_C14N","","")

' Provide a certificate + private key. (PFX password is test123)
Dim cert As New Chilkat.Cert
success = cert.LoadPfxFile("qa_data/pfx/cert_test123.pfx","test123")
If (success <> True) Then
    Debug.WriteLine(cert.LastErrorText)
    Exit Sub
End If

gen.SetX509Cert(cert,True)

gen.KeyInfoType = "X509Data+KeyValue"
gen.X509Type = "Certificate"

gen.Behaviors = "IndentedSignature,ForceAddEnvelopedSignatureTransform,OmitAlreadyDefinedSigNamespace"

' Sign the XML...
success = gen.CreateXmlDSigSb(sbXml)
If (success <> True) Then
    Debug.WriteLine(gen.LastErrorText)
    Exit Sub
End If

' -----------------------------------------------

' Save the signed XML to a file.
success = sbXml.WriteFile("qa_output/signedXml.xml","utf-8",False)

Debug.WriteLine(sbXml.GetAsString())

' ----------------------------------------
' Verify the signatures we just produced...
Dim verifier As New Chilkat.XmlDSig
success = verifier.LoadSignatureSb(sbXml)
If (success <> True) Then
    Debug.WriteLine(verifier.LastErrorText)
    Exit Sub
End If


Dim numSigs As Integer = verifier.NumSignatures
Dim verifyIdx As Integer = 0
While verifyIdx < numSigs
    verifier.Selector = verifyIdx
    Dim verified As Boolean = verifier.VerifySignature(True)
    If (verified <> True) Then
        Debug.WriteLine(verifier.LastErrorText)
        Exit Sub
    End If

    verifyIdx = verifyIdx + 1
End While
Debug.WriteLine("All signatures were successfully verified.")