Sample code for 30+ languages & platforms
Classic ASP

Sign Italian SPID Metadata XML

See more XML Digital Signatures Examples

Demonstrates how to create an XML digital signature for Italian SPID Metadata.

Chilkat Classic ASP Downloads

Classic ASP
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
</head>
<body>
<%
success = 0

' This example assumes the Chilkat API to have been previously unlocked.
' See Global Unlock Sample for sample code.

success = 1

' Load the XML to be signed.
set sbXml = Server.CreateObject("Chilkat.StringBuilder")
success = sbXml.LoadFile("qa_data/xml_dsig/spid_metadata.xml","utf-8")
If (success = 0) Then
    Response.Write "<pre>" & Server.HTMLEncode( "Failed to load the input file.") & "</pre>"
    Response.End
End If

' The XML to sign contains XML such as this:

' <?xml version="1.0" encoding="utf-8"?>
' <md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" entityID="https://***.it" ID="_AE17AFFF-A600-49D5-B81D-76EEA55B50FF">
'     <md:SPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol" AuthnRequestsSigned="true" WantAssertionsSigned="true">
'         <md:KeyDescriptor use="signing">
'             <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
'                 <ds:X509Data>
'                     <ds:X509Certificate>MIIF5...</ds:X509Certificate>
'                 </ds:X509Data>
'             </ds:KeyInfo>
'         </md:KeyDescriptor>
'         <md:KeyDescriptor use="encryption">
'             <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
'                 <ds:X509Data>
'                     <ds:X509Certificate>MIIF5...</ds:X509Certificate>
'                 </ds:X509Data>
'             </ds:KeyInfo>
'         </md:KeyDescriptor>
'         <md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://***.it/it-it/spid/logout"/>
'         <md:NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:transient</md:NameIDFormat>
'         <md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://***.it/it-it/spid/loginresp" index="0" isDefault="true"/>
'         <md:AttributeConsumingService index="1">
'             <md:ServiceName xml:lang="it">Servizi Online</md:ServiceName>
'             <md:ServiceDescription xml:lang="it">Accesso ai Servizi Online</md:ServiceDescription>
'             <md:RequestedAttribute Name="spidCode" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic"/>
'             <md:RequestedAttribute Name="name" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic"/>
'             <md:RequestedAttribute Name="familyName" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic"/>
'             <md:RequestedAttribute Name="fiscalNumber" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic"/>
'         </md:AttributeConsumingService>
'     </md:SPSSODescriptor>
'     <md:Organization>
'         <md:OrganizationName xml:lang="it">SomeCompany s.r.l.</md:OrganizationName>
'         <md:OrganizationDisplayName xml:lang="it">SomeCompany s.r.l.</md:OrganizationDisplayName>
'         <md:OrganizationURL xml:lang="it">https://***.it</md:OrganizationURL>
'     </md:Organization>
' </md:EntityDescriptor>

set gen = Server.CreateObject("Chilkat.XmlDSigGen")

gen.SigLocation = "md:EntityDescriptor|md:SPSSODescriptor"
gen.SigLocationMod = 2
gen.SignedInfoCanonAlg = "EXCL_C14N"
gen.SignedInfoDigestMethod = "sha256"

' -------- Reference 1 --------
success = gen.AddSameDocRef("_AE17AFFF-A600-49D5-B81D-76EEA55B50FF","sha256","EXCL_C14N","","")

' Provide a certificate + private key. (PFX password is test123)
set cert = Server.CreateObject("Chilkat.Cert")
success = cert.LoadPfxFile("qa_data/pfx/cert_test123.pfx","test123")
If (success <> 1) Then
    Response.Write "<pre>" & Server.HTMLEncode( cert.LastErrorText) & "</pre>"
    Response.End
End If

success = gen.SetX509Cert(cert,1)

gen.KeyInfoType = "X509Data+KeyValue"
gen.X509Type = "Certificate"

gen.Behaviors = "IndentedSignature,ForceAddEnvelopedSignatureTransform,OmitAlreadyDefinedSigNamespace"

' Sign the XML...
success = gen.CreateXmlDSigSb(sbXml)
If (success <> 1) Then
    Response.Write "<pre>" & Server.HTMLEncode( gen.LastErrorText) & "</pre>"
    Response.End
End If

' -----------------------------------------------

' Save the signed XML to a file.
success = sbXml.WriteFile("qa_output/signedXml.xml","utf-8",0)

Response.Write "<pre>" & Server.HTMLEncode( sbXml.GetAsString()) & "</pre>"

' ----------------------------------------
' Verify the signatures we just produced...
set verifier = Server.CreateObject("Chilkat.XmlDSig")
success = verifier.LoadSignatureSb(sbXml)
If (success <> 1) Then
    Response.Write "<pre>" & Server.HTMLEncode( verifier.LastErrorText) & "</pre>"
    Response.End
End If

numSigs = verifier.NumSignatures
verifyIdx = 0
Do While verifyIdx < numSigs
    verifier.Selector = verifyIdx
    verified = verifier.VerifySignature(1)
    If (verified <> 1) Then
        Response.Write "<pre>" & Server.HTMLEncode( verifier.LastErrorText) & "</pre>"
        Response.End
    End If

    verifyIdx = verifyIdx + 1
Loop
Response.Write "<pre>" & Server.HTMLEncode( "All signatures were successfully verified.") & "</pre>"

%>
</body>
</html>