DataFlex
DataFlex
Sign SOAP XML using a wsse:SecurityTokenReference
See more XML Digital Signatures Examples
This example signs SOAP XML such that the KeyInfo in the XML Signature is a wsse:SecurityTokenReference to the X.509 certificate embedded elsewhere in the SOAP XML.Chilkat DataFlex Downloads
Use ChilkatAx-win32.pkg
Procedure Test
Boolean iSuccess
Variant vSbXml
Handle hoSbXml
Handle hoHttp
Data Handle hoPfxData
Handle hoPfx
String sPassword
Variant vCert
Handle hoCert
Variant vBdCert
Handle hoBdCert
Integer iNumReplaced
Handle hoRefXml
Handle hoGen
String sTemp1
Move False To iSuccess
// This example requires the Chilkat API to have been previously unlocked.
// See Global Unlock Sample for sample code.
// To begin, we'll need a PFX containing a certificate and private key, and the SOAP XML to be signed.
// Chilkat provides sample data at chilkatsoft.com and chilkatdownload.com, and our first step is to download.
// -------------------------------------------------------------------------
// Step 1: Get the SOAP XML template to be signed.
//
Get Create (RefClass(cComChilkatStringBuilder)) To hoSbXml
If (Not(IsComObjectCreated(hoSbXml))) Begin
Send CreateComObject of hoSbXml
End
Get Create (RefClass(cComChilkatHttp)) To hoHttp
If (Not(IsComObjectCreated(hoHttp))) Begin
Send CreateComObject of hoHttp
End
Get pvComObject of hoSbXml to vSbXml
Get ComQuickGetSb Of hoHttp "https://www.chilkatsoft.com/exampleData/wssSoapTemplate.xml" vSbXml To iSuccess
If (iSuccess = False) Begin
Get ComLastErrorText Of hoHttp To sTemp1
Showln sTemp1
Procedure_Return
End
// The SOAP XML template contains this:
// <?xml version="1.0" encoding="UTF8"?>
// <SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/">
// <SOAP-ENV:Header>
// <wsse:Security xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
// xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
// xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
// xmlns:xenc="http://www.w3.org/2001/04/xmlenc#" SOAP-ENV:mustUnderstand="1">
// <wsse:BinarySecurityToken
// EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary"
// ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509"
// wsu:Id="x509cert00">BASE64_CERT</wsse:BinarySecurityToken>
// </wsse:Security>
// </SOAP-ENV:Header>
// <SOAP-ENV:Body xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="TheBody">
// <getVersion xmlns="http://msgsec.wssecfvt.ws.ibm.com"/>
// </SOAP-ENV:Body>
// </SOAP-ENV:Envelope>
//
// -------------------------------------------------------------------------
// Step 2: Get the test certificate and private key stored in a .pfx
//
Get Create (RefClass(cComChilkatBinData)) To hoPfxData
If (Not(IsComObjectCreated(hoPfxData))) Begin
Send CreateComObject of hoPfxData
End
Get pvComObject of hoPfxData to vPfxData
Get ComQuickGetBd Of hoHttp "http://chilkatdownload.com/example_data/testcertificate.pfx" vPfxData To iSuccess
If (iSuccess = False) Begin
Get ComLastErrorText Of hoHttp To sTemp1
Showln sTemp1
Procedure_Return
End
Get Create (RefClass(cComChilkatPfx)) To hoPfx
If (Not(IsComObjectCreated(hoPfx))) Begin
Send CreateComObject of hoPfx
End
Move "test" To sPassword
Get ComGetEncoded Of hoPfxData "base64" To sTemp1
Get ComLoadPfxEncoded Of hoPfx sTemp1 "base64" sPassword To iSuccess
If (iSuccess = False) Begin
Get ComLastErrorText Of hoPfx To sTemp1
Showln sTemp1
Procedure_Return
End
// -------------------------------------------------------------------------
// Step 3: Get the certificate from the PFX.
//
Get Create (RefClass(cComChilkatCert)) To hoCert
If (Not(IsComObjectCreated(hoCert))) Begin
Send CreateComObject of hoCert
End
Get pvComObject of hoCert to vCert
Get ComCertAt Of hoPfx 0 vCert To iSuccess
If (iSuccess = False) Begin
Get ComLastErrorText Of hoPfx To sTemp1
Showln sTemp1
Procedure_Return
End
// -------------------------------------------------------------------------
// Step 4: Replace "BASE64_CERT" with the actual base64 encoded certificate.
//
Get Create (RefClass(cComChilkatBinData)) To hoBdCert
If (Not(IsComObjectCreated(hoBdCert))) Begin
Send CreateComObject of hoBdCert
End
Get pvComObject of hoBdCert to vBdCert
Get ComExportCertDerBd Of hoCert vBdCert To iSuccess
Get ComGetEncoded Of hoBdCert "base64" To sTemp1
Get ComReplace Of hoSbXml "BASE64_CERT" sTemp1 To iNumReplaced
// -------------------------------------------------------------------------
// Step 5: Build the wsse:SecurityTokenReference XML.
// This will be the CustomKeyInfoXml (see below).
//
Get Create (RefClass(cComChilkatXml)) To hoRefXml
If (Not(IsComObjectCreated(hoRefXml))) Begin
Send CreateComObject of hoRefXml
End
Set ComTag Of hoRefXml To "wsse:SecurityTokenReference"
Get ComUpdateAttrAt Of hoRefXml "wsse:Reference" True "URI" "#x509cert00" To iSuccess
Get ComUpdateAttrAt Of hoRefXml "wsse:Reference" True "ValueType" "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509" To iSuccess
// The above lines of code builds the following XML:
// <wsse:SecurityTokenReference>
// <wsse:Reference URI="#x509cert00" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509" />
// </wsse:SecurityTokenReference>
//
Set ComEmitXmlDecl Of hoRefXml To False
Get ComGetXml Of hoRefXml To sTemp1
Showln sTemp1
// -------------------------------------------------------------------------
// Step 6: Setup the XML Digital Signature Generator and add the XML Signature.
//
Get Create (RefClass(cComChilkatXmlDSigGen)) To hoGen
If (Not(IsComObjectCreated(hoGen))) Begin
Send CreateComObject of hoGen
End
Set ComSigLocation Of hoGen To "SOAP-ENV:Envelope|SOAP-ENV:Header|wsse:Security"
Set ComSignedInfoPrefixList Of hoGen To "wsse SOAP-ENV"
Get ComAddSameDocRef Of hoGen "TheBody" "sha1" "EXCL_C14N" "" "" To iSuccess
Set ComKeyInfoType Of hoGen To "Custom"
Set ComEmitCompact Of hoRefXml To True
Get ComGetXml Of hoRefXml To sTemp1
Set ComCustomKeyInfoXml Of hoGen To sTemp1
Get pvComObject of hoCert to vCert
Get ComSetX509Cert Of hoGen vCert True To iSuccess
Get pvComObject of hoSbXml to vSbXml
Get ComCreateXmlDSigSb Of hoGen vSbXml To iSuccess
If (iSuccess = False) Begin
Get ComLastErrorText Of hoGen To sTemp1
Showln sTemp1
Procedure_Return
End
// Examine the signed XML
Get ComGetAsString Of hoSbXml To sTemp1
Showln sTemp1
// Pretty-printed, the XML signature looks as shown here:
// (The exact XML signature is shown below. Pretty-printing invalidates the XML signature.)
// <?xml version="1.0" encoding="UTF8" ?>
// <SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/">
// <SOAP-ENV:Header>
// <wsse:Security xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#" SOAP-ENV:mustUnderstand="1">
// <wsse:BinarySecurityToken EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509" wsu:Id="x509cert00">MIID...</wsse:BinarySecurityToken>
// <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
// <ds:SignedInfo>
// <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
// <InclusiveNamespaces xmlns="http://www.w3.org/2001/10/xml-exc-c14n#" PrefixList="wsse SOAP-ENV" />
// </ds:CanonicalizationMethod>
// <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256" />
// <ds:Reference URI="#TheBody">
// <ds:Transforms>
// <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
// </ds:Transforms>
// <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
// <ds:DigestValue>VhsSnaEAFsY0OYegKQh99v9csXg=</ds:DigestValue>
// </ds:Reference>
// </ds:SignedInfo>
// <ds:SignatureValue>Ynp3H4rtzpXIh4TaVxkpEkS1bMCCu672aeCzUOzheNNfnpmLsCZz3+zQjMBbchPggCayC5ihpEdhRe3XvPXjPXXAgxDP4mic091QPmjHlmUcu8yqRKfxnPtD35nqaxDtCYw+jGIzj+ch094vA4RPCfY8JQnb1mpy1ZjjsMW8741CIh1epbsd/0bZt6tfINUQ37seg07yvLbCJZ/Zf+h8FlFryQk6lHTTeZl/GfQ9NlDBcShby3x8Hc1KwW++zFqEA7G783R9AYPYn3fWTOBhYk5gkgFc+HaPRLR/L0Bp7ZPbmOR/iZQ+HK4W672tTdN/R2GdN7/deV7QTp2DYK1Z8w==</ds:SignatureValue>
// <ds:KeyInfo>
// <wsse:SecurityTokenReference>
// <wsse:Reference URI="#x509cert00" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509" />
// </wsse:SecurityTokenReference>
// </ds:KeyInfo>
// </ds:Signature>
// </wsse:Security>
// </SOAP-ENV:Header>
// <SOAP-ENV:Body xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="TheBody">
// <getVersion xmlns="http://msgsec.wssecfvt.ws.ibm.com" />
// </SOAP-ENV:Body>
// </SOAP-ENV:Envelope>
//
// --------------------------------------------------------------------------------------------
// This is the XML signature, which is also available at https://www.chilkatsoft.com/exampleData/signedSoapBinarySecurityToken.xml
//
// <?xml version="1.0" encoding="UTF8"?>
// <SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/">
// <SOAP-ENV:Header>
// <wsse:Security xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
// xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
// xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
// xmlns:xenc="http://www.w3.org/2001/04/xmlenc#" SOAP-ENV:mustUnderstand="1">
// <wsse:BinarySecurityToken
// EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary"
// ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509"
// wsu:Id="x509cert00">MIIDg...</wsse:BinarySecurityToken>
// <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#"><ds:SignedInfo><ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"><InclusiveNamespaces xmlns="http://www.w3.org/2001/10/xml-exc-c14n#" PrefixList="wsse SOAP-ENV"/></ds:CanonicalizationMethod><ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/><ds:Reference URI="#TheBody"><ds:Transforms><ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/></ds:Transforms><ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><ds:DigestValue>VhsSnaEAFsY0OYegKQh99v9csXg=</ds:DigestValue></ds:Reference></ds:SignedInfo><ds:SignatureValue>Ynp3H4rtzpXIh4TaVxkpEkS1bMCCu672aeCzUOzheNNfnpmLsCZz3+zQjMBbchPggCayC5ihpEdhRe3XvPXjPXXAgxDP4mic091QPmjHlmUcu8yqRKfxnPtD35nqaxDtCYw+jGIzj+ch094vA4RPCfY8JQnb1mpy1ZjjsMW8741CIh1epbsd/0bZt6tfINUQ37seg07yvLbCJZ/Zf+h8FlFryQk6lHTTeZl/GfQ9NlDBcShby3x8Hc1KwW++zFqEA7G783R9AYPYn3fWTOBhYk5gkgFc+HaPRLR/L0Bp7ZPbmOR/iZQ+HK4W672tTdN/R2GdN7/deV7QTp2DYK1Z8w==</ds:SignatureValue><ds:KeyInfo><wsse:SecurityTokenReference><wsse:Reference URI="#x509cert00" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509" /></wsse:SecurityTokenReference></ds:KeyInfo></ds:Signature></wsse:Security>
// </SOAP-ENV:Header>
// <SOAP-ENV:Body xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="TheBody">
// <getVersion xmlns="http://msgsec.wssecfvt.ws.ibm.com"/>
// </SOAP-ENV:Body>
// </SOAP-ENV:Envelope>
//
End_Procedure