Sample code for 30+ languages & platforms
Java

Sign Italian SPID Metadata XML

See more XML Digital Signatures Examples

Demonstrates how to create an XML digital signature for Italian SPID Metadata.

Chilkat Java Downloads

Java
import com.chilkatsoft.*;

public class ChilkatExample {

  static {
    try {
        System.loadLibrary("chilkat");
    } catch (UnsatisfiedLinkError e) {
      System.err.println("Native code library failed to load.\n" + e);
      System.exit(1);
    }
  }

  public static void main(String argv[])
  {
    boolean success = false;

    // This example assumes the Chilkat API to have been previously unlocked.
    // See Global Unlock Sample for sample code.

    success = true;

    // Load the XML to be signed.
    CkStringBuilder sbXml = new CkStringBuilder();
    success = sbXml.LoadFile("qa_data/xml_dsig/spid_metadata.xml","utf-8");
    if (success == false) {
        System.out.println("Failed to load the input file.");
        return;
        }

    // The XML to sign contains XML such as this:

    // <?xml version="1.0" encoding="utf-8"?>
    // <md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" entityID="https://***.it" ID="_AE17AFFF-A600-49D5-B81D-76EEA55B50FF">
    //     <md:SPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol" AuthnRequestsSigned="true" WantAssertionsSigned="true">
    //         <md:KeyDescriptor use="signing">
    //             <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
    //                 <ds:X509Data>
    //                     <ds:X509Certificate>MIIF5...</ds:X509Certificate>
    //                 </ds:X509Data>
    //             </ds:KeyInfo>
    //         </md:KeyDescriptor>
    //         <md:KeyDescriptor use="encryption">
    //             <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
    //                 <ds:X509Data>
    //                     <ds:X509Certificate>MIIF5...</ds:X509Certificate>
    //                 </ds:X509Data>
    //             </ds:KeyInfo>
    //         </md:KeyDescriptor>
    //         <md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://***.it/it-it/spid/logout"/>
    //         <md:NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:transient</md:NameIDFormat>
    //         <md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://***.it/it-it/spid/loginresp" index="0" isDefault="true"/>
    //         <md:AttributeConsumingService index="1">
    //             <md:ServiceName xml:lang="it">Servizi Online</md:ServiceName>
    //             <md:ServiceDescription xml:lang="it">Accesso ai Servizi Online</md:ServiceDescription>
    //             <md:RequestedAttribute Name="spidCode" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic"/>
    //             <md:RequestedAttribute Name="name" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic"/>
    //             <md:RequestedAttribute Name="familyName" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic"/>
    //             <md:RequestedAttribute Name="fiscalNumber" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic"/>
    //         </md:AttributeConsumingService>
    //     </md:SPSSODescriptor>
    //     <md:Organization>
    //         <md:OrganizationName xml:lang="it">SomeCompany s.r.l.</md:OrganizationName>
    //         <md:OrganizationDisplayName xml:lang="it">SomeCompany s.r.l.</md:OrganizationDisplayName>
    //         <md:OrganizationURL xml:lang="it">https://***.it</md:OrganizationURL>
    //     </md:Organization>
    // </md:EntityDescriptor>

    CkXmlDSigGen gen = new CkXmlDSigGen();

    gen.put_SigLocation("md:EntityDescriptor|md:SPSSODescriptor");
    gen.put_SigLocationMod(2);
    gen.put_SignedInfoCanonAlg("EXCL_C14N");
    gen.put_SignedInfoDigestMethod("sha256");

    // -------- Reference 1 --------
    gen.AddSameDocRef("_AE17AFFF-A600-49D5-B81D-76EEA55B50FF","sha256","EXCL_C14N","","");

    // Provide a certificate + private key. (PFX password is test123)
    CkCert cert = new CkCert();
    success = cert.LoadPfxFile("qa_data/pfx/cert_test123.pfx","test123");
    if (success != true) {
        System.out.println(cert.lastErrorText());
        return;
        }

    gen.SetX509Cert(cert,true);

    gen.put_KeyInfoType("X509Data+KeyValue");
    gen.put_X509Type("Certificate");

    gen.put_Behaviors("IndentedSignature,ForceAddEnvelopedSignatureTransform,OmitAlreadyDefinedSigNamespace");

    // Sign the XML...
    success = gen.CreateXmlDSigSb(sbXml);
    if (success != true) {
        System.out.println(gen.lastErrorText());
        return;
        }

    // -----------------------------------------------

    // Save the signed XML to a file.
    success = sbXml.WriteFile("qa_output/signedXml.xml","utf-8",false);

    System.out.println(sbXml.getAsString());

    // ----------------------------------------
    // Verify the signatures we just produced...
    CkXmlDSig verifier = new CkXmlDSig();
    success = verifier.LoadSignatureSb(sbXml);
    if (success != true) {
        System.out.println(verifier.lastErrorText());
        return;
        }

    int numSigs = verifier.get_NumSignatures();
    int verifyIdx = 0;
    while (verifyIdx < numSigs) {
        verifier.put_Selector(verifyIdx);
        boolean verified = verifier.VerifySignature(true);
        if (verified != true) {
            System.out.println(verifier.lastErrorText());
            return;
            }

        verifyIdx = verifyIdx+1;
        }

    System.out.println("All signatures were successfully verified.");
  }
}