Sample code for 30+ languages & platforms
Pascal (Lazarus/Delphi)

eHealth.gov.be RequestSecurityToken

Request a security token for use with the eHealth.gov.be SOAP web services.

Chilkat Pascal (Lazarus/Delphi) Downloads

Pascal (Lazarus/Delphi)
program ChilkatDemo;

// Demonstrates using the Chilkat Pascal wrapper via the C bridge DLL.
// Builds as a console application under Lazarus (FPC) or Delphi.

{$IFDEF FPC}
  {$MODE DELPHI}
{$ENDIF}
{$APPTYPE CONSOLE}

uses
  {$IFDEF UNIX}
  cthreads,
  {$ENDIF}
  SysUtils,
  CkDllLoader,
  Chilkat.XmlDSigGen,
  Chilkat.CkDateTime,
  Chilkat.HttpResponse,
  Chilkat.StringBuilder,
  Chilkat.BinData,
  Chilkat.Cert,
  Chilkat.Http,
  Chilkat.Xml;

// ---------------------------------------------------------------------------

procedure RunDemo;
var
  success: Boolean;
  cert: TCert;
  xmlToSign: TXml;
  bdCert: TBinData;
  dt: TCkDateTime;
  gen: TXmlDSigGen;
  xmlCustomKeyInfo: TXml;
  sbXml: TStringBuilder;
  http: THttp;
  url: string;
  resp: THttpResponse;
  responseStatus: Integer;
  bdSecToken: TBinData;

begin
  success := False;

  //  This requires the Chilkat API to have been previously unlocked.
  //  See Global Unlock Sample for sample code.

  //  Provide a certificate + private key.
  //  Note: If your certificate + private key is located on a hardware token or smartcard, you can call a different function to load from smartcard..
  cert := TCert.Create;
  success := cert.LoadPfxFile('SSIN=12345678.acc.p12','p12_password');
  if (success = False) then
    begin
      WriteLn(cert.LastErrorText);
      Exit;
    end;

  //  Create the following XML to be signed..

  //  <?xml version="1.0" encoding="UTF-8"?>
  //  <soapenv:Envelope xmlns:ns="http://docs.oasis-open.org/ws-sx/ws-trust/200512" xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
  //  	<soapenv:Header>
  //  		<wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" 
  //  		xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
  //  			<wsse:BinarySecurityToken EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" 
  //  			    ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" 
  //  			    wsu:Id="X509-4A13D668E59AAC4F3816750824965588">{organization certificate}</wsse:BinarySecurityToken>			
  //  			<wsu:Timestamp wsu:Id="TS-4A13D668E59AAC4F3816750824965567">
  //  				<wsu:Created>2023-02-01T12:42:11.156Z</wsu:Created>
  //  				<wsu:Expires>2023-02-01T12:58:51.156Z</wsu:Expires>
  //  			</wsu:Timestamp>
  //  		</wsse:Security>
  //  	</soapenv:Header>
  //  	<soapenv:Body wsu:Id="id-4A13D668E59AAC4F38167508249655911" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
  //  		<wst:RequestSecurityToken Context="RC-302613de-a809-46b5-931a-0a55bfca5937" 
  //  		    xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706"
  //  		    xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
  //  		    xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/08/addressing"
  //  		    xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"
  //  		    xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
  //  		    xmlns:wst="http://docs.oasis-open.org/ws-sx/ws-trust/200512">
  //  			<wst:TokenType>http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1</wst:TokenType>
  //  			<wst:RequestType>http://docs.oasis-open.org/ws-sx/ws-trust/200512/Issue</wst:RequestType>
  //  			<wst:Claims Dialect="http://docs.oasis-open.org/wsfed/authorization/200706/authclaims">
  //  				<auth:ClaimType Uri="urn:be:fgov:kbo-bce:organization:cbe-number">
  //  					<auth:Value>{cbenumber}</auth:Value>
  //  				</auth:ClaimType>
  //  				<auth:ClaimType Uri="urn:be:fgov:ehealth:1.0:certificateholder:enterprise:cbe-number">
  //  					<auth:Value>{cbenumber}</auth:Value>
  //  				</auth:ClaimType>
  //  			</wst:Claims>
  //  			<wst:Lifetime>
  //  				<wsu:Created>2023-02-01T08:30:10+02:00</wsu:Created>
  //  				<wsu:Expires>2023-02-01T09:30:10+02:00</wsu:Expires>
  //  			</wst:Lifetime>
  //  			<wst:KeyType>http://docs.oasis-open.org/ws-sx/wstrust/200512/PublicKey</wst:KeyType>
  //  		</wst:RequestSecurityToken>
  //  	</soapenv:Body>
  //  </soapenv:Envelope>

  xmlToSign := TXml.Create;
  xmlToSign.Tag := 'soapenv:Envelope';
  xmlToSign.AddAttribute('xmlns:ns','http://docs.oasis-open.org/ws-sx/ws-trust/200512');
  xmlToSign.AddAttribute('xmlns:soapenv','http://schemas.xmlsoap.org/soap/envelope/');
  xmlToSign.UpdateAttrAt('soapenv:Header|wsse:Security',True,'xmlns:wsse','http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd');
  xmlToSign.UpdateAttrAt('soapenv:Header|wsse:Security',True,'xmlns:wsu','http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd');
  xmlToSign.UpdateAttrAt('soapenv:Header|wsse:Security|wsse:BinarySecurityToken',True,'EncodingType','http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary');
  xmlToSign.UpdateAttrAt('soapenv:Header|wsse:Security|wsse:BinarySecurityToken',True,'ValueType','http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3');
  xmlToSign.UpdateAttrAt('soapenv:Header|wsse:Security|wsse:BinarySecurityToken',True,'wsu:Id','X509-4A13D668E59AAC4F3816750824965588');

  bdCert := TBinData.Create;
  cert.ExportCertDerBd(bdCert);
  xmlToSign.UpdateChildContent('soapenv:Header|wsse:Security|wsse:BinarySecurityToken',bdCert.GetEncoded('base64'));

  xmlToSign.UpdateAttrAt('soapenv:Header|wsse:Security|wsu:Timestamp',True,'wsu:Id','TS-4A13D668E59AAC4F3816750824965567');

  dt := TCkDateTime.Create;
  dt.SetFromCurrentSystemTime();
  xmlToSign.UpdateChildContent('soapenv:Header|wsse:Security|wsu:Timestamp|wsu:Created',dt.GetAsTimestamp(False));
  dt.AddSeconds(300);
  xmlToSign.UpdateChildContent('soapenv:Header|wsse:Security|wsu:Timestamp|wsu:Expires',dt.GetAsTimestamp(False));
  dt.AddSeconds(-300);

  xmlToSign.UpdateAttrAt('soapenv:Body',True,'wsu:Id','id-4A13D668E59AAC4F38167508249655911');
  xmlToSign.UpdateAttrAt('soapenv:Body',True,'xmlns:wsu','http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd');
  xmlToSign.UpdateAttrAt('soapenv:Body|wst:RequestSecurityToken',True,'Context','RC-302613de-a809-46b5-931a-0a55bfca5937');
  xmlToSign.UpdateAttrAt('soapenv:Body|wst:RequestSecurityToken',True,'xmlns:auth','http://docs.oasis-open.org/wsfed/authorization/200706');
  xmlToSign.UpdateAttrAt('soapenv:Body|wst:RequestSecurityToken',True,'xmlns:ds','http://www.w3.org/2000/09/xmldsig#');
  xmlToSign.UpdateAttrAt('soapenv:Body|wst:RequestSecurityToken',True,'xmlns:wsa','http://schemas.xmlsoap.org/ws/2004/08/addressing');
  xmlToSign.UpdateAttrAt('soapenv:Body|wst:RequestSecurityToken',True,'xmlns:wsp','http://schemas.xmlsoap.org/ws/2004/09/policy');
  xmlToSign.UpdateAttrAt('soapenv:Body|wst:RequestSecurityToken',True,'xmlns:wsse','http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd');
  xmlToSign.UpdateAttrAt('soapenv:Body|wst:RequestSecurityToken',True,'xmlns:wst','http://docs.oasis-open.org/ws-sx/ws-trust/200512');
  xmlToSign.UpdateChildContent('soapenv:Body|wst:RequestSecurityToken|wst:TokenType','http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1');
  xmlToSign.UpdateChildContent('soapenv:Body|wst:RequestSecurityToken|wst:RequestType','http://docs.oasis-open.org/ws-sx/ws-trust/200512/Issue');

  success := xmlToSign.UpdateAttrAt('soapenv:Body|wst:RequestSecurityToken|wst:Claims',True,'Dialect','http://docs.oasis-open.org/wsfed/authorization/200706/authclaims');
  success := xmlToSign.UpdateAttrAt('soapenv:Body|wst:RequestSecurityToken|wst:Claims|auth:ClaimType[1]',True,'Uri','urn:be:fgov:ehealth:1.0:certificateholder:person:ssin');

  xmlToSign.UpdateChildContent('soapenv:Body|wst:RequestSecurityToken|wst:KeyType','http://docs.oasis-open.org/ws-sx/wstrust/200512/PublicKey');

  gen := TXmlDSigGen.Create;

  gen.SigLocation := 'soapenv:Envelope|soapenv:Header|wsse:Security|wsse:BinarySecurityToken';
  gen.SigLocationMod := 1;
  gen.SigId := 'SIG-4A13D668E59AAC4F38167508249656212';
  gen.SigNamespacePrefix := 'ds';
  gen.SigNamespaceUri := 'http://www.w3.org/2000/09/xmldsig#';
  gen.SignedInfoPrefixList := 'soapenv urn urn1';
  gen.IncNamespacePrefix := 'ec';
  gen.IncNamespaceUri := 'http://www.w3.org/2001/10/xml-exc-c14n#';
  gen.SignedInfoCanonAlg := 'EXCL_C14N';
  gen.SignedInfoDigestMethod := 'sha256';

  //  Set the KeyInfoId before adding references..
  gen.KeyInfoId := 'KI-4A13D668E59AAC4F3816750824965589';

  //  -------- Reference 1 --------
  gen.AddSameDocRef('TS-4A13D668E59AAC4F3816750824965567','sha256','EXCL_C14N','wsse soapenv urn urn1','');

  //  -------- Reference 2 --------
  gen.AddSameDocRef('id-4A13D668E59AAC4F38167508249655911','sha256','EXCL_C14N','urn urn1','');

  //  -------- Reference 3 --------
  gen.AddSameDocRef('X509-4A13D668E59AAC4F3816750824965588','sha256','EXCL_C14N','_EMPTY_','');

  gen.SetX509Cert(cert,True);

  gen.KeyInfoType := 'Custom';

  //  Create the custom KeyInfo XML..
  xmlCustomKeyInfo := TXml.Create;
  xmlCustomKeyInfo.Tag := 'wsse:SecurityTokenReference';
  xmlCustomKeyInfo.AddAttribute('wsu:Id','STR-4A13D668E59AAC4F38167508249655810');
  xmlCustomKeyInfo.UpdateAttrAt('wsse:Reference',True,'URI','#X509-4A13D668E59AAC4F3816750824965588');
  xmlCustomKeyInfo.UpdateAttrAt('wsse:Reference',True,'ValueType','http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3');

  xmlCustomKeyInfo.EmitXmlDecl := False;
  gen.CustomKeyInfoXml := xmlCustomKeyInfo.GetXml();

  //  Load XML to be signed...
  sbXml := TStringBuilder.Create;
  xmlToSign.GetXmlSb(sbXml);

  gen.Behaviors := 'IndentedSignature';

  //  Sign the XML...
  success := gen.CreateXmlDSigSb(sbXml);
  if (success = False) then
    begin
      WriteLn(gen.LastErrorText);
      Exit;
    end;

  //  The sbXml is sent as the HTTP request body below..
  WriteLn(sbXml.GetAsString());

  //  -----------------------------------------------------------------------------------------------------------
  //  Send the SOAP requet to ask the server to issue a security token, which can then be used to access other SOAP services..
  http := THttp.Create;

  success := http.SetSslClientCert(cert);
  if (success = False) then
    begin
      WriteLn(http.LastErrorText);
      Exit;
    end;

  http.SetRequestHeader('Content-Type','text/xml');

  url := 'https://services-acpt.ehealth.fgov.be/IAM/SecurityTokenService/v1/RequestSecurityToken';
  resp := THttpResponse.Create;
  success := http.HttpSb('POST',url,sbXml,'utf-8','application/xml',resp);
  if (success = False) then
    begin
      WriteLn(http.LastErrorText);
      Exit;
    end;

  responseStatus := resp.StatusCode;
  WriteLn('Response Status Code = ' + responseStatus);

  //  You'll want to check to see if the response status code = 200.
  //  If not, then the response body contains error information instead of a security token.
  //  This example will assume we received 200 status code.

  WriteLn(resp.BodyStr);

  //  The response body contains XML like this:

  //  <SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/">
  //      <SOAP-ENV:Header/>
  //      <SOAP-ENV:Body>
  //          <wst:RequestSecurityTokenResponse xmlns:wst="http://docs.oasis-open.org/ws-sx/ws-trust/200512" Context="RC-302613de-a809-46b5-931a-0a55bfca5937">
  //              <wst:RequestedSecurityToken>
  //                  <Assertion xmlns="urn:oasis:names:tc:SAML:1.0:assertion" AssertionID="_3e8ea5c951b2167c274974750ace9b5d" 
  //  ...
  //                  </Assertion>
  //              </wst:RequestedSecurityToken>
  //          </wst:RequestSecurityTokenResponse>
  //      </SOAP-ENV:Body>
  //  </SOAP-ENV:Envelope>

  //  The portion of the response from  <Assertion ..> ... </Assertion>  is the SAML security token to be included
  //  in a subsesquent SOAP request.  It is extremely important to not modify the contents of the security token in any way, including not changing
  //  whitespace or any formatting.  Therefore, we get the response body exactly as-is, to be used in a SOAP request.

  //  Copy the response body to a Chilkat BinData object.
  bdSecToken := TBinData.Create;
  resp.GetBodyBd(bdSecToken);

  //  Let's save the bdSecToken to a file, and pick it up in the next example where it is used
  //  in a SOAP request, such as in this example:  AddressBook Search for Professionals

  bdSecToken.WriteFile('qa_data/tokens/ehealth-fgov-be-sectoken.xml');

  WriteLn('OK');


  cert.Free;
  xmlToSign.Free;
  bdCert.Free;
  dt.Free;
  gen.Free;
  xmlCustomKeyInfo.Free;
  sbXml.Free;
  http.Free;
  resp.Free;
  bdSecToken.Free;

end;

// ---------------------------------------------------------------------------

begin

  try
    RunDemo;
  except
    on E: Exception do
      WriteLn('Unhandled exception: ', E.ClassName, ': ', E.Message);
  end;

  WriteLn;
  {$IFDEF MSWINDOWS}
  WriteLn('Press Enter to exit...');
  ReadLn;
  {$ENDIF}
end.