Perl
Perl
Signing HTTP Messages
See more RSA Examples
Demonstrates how to sign HTTP messages per draft-cavage-http-signatures-10Chilkat Perl Downloads
use chilkat();
$success = 0;
# This example requires the Chilkat API to have been previously unlocked.
# See Global Unlock Sample for sample code.
$bCrlf = 1;
$sbPublicKeyPem = chilkat::CkStringBuilder->new();
$sbPublicKeyPem->AppendLine("-----BEGIN PUBLIC KEY-----",$bCrlf);
$sbPublicKeyPem->AppendLine("MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDCFENGw33yGihy92pDjZQhl0C3",$bCrlf);
$sbPublicKeyPem->AppendLine("6rPJj+CvfSC8+q28hxA161QFNUd13wuCTUcq0Qd2qsBe/2hFyc2DCJJg0h1L78+6",$bCrlf);
$sbPublicKeyPem->AppendLine("Z4UMR7EOcpfdUE9Hf3m/hs+FUR45uBJeDK1HSFHD8bHKD6kv8FPGfJTotc+2xjJw",$bCrlf);
$sbPublicKeyPem->AppendLine("oYi+1hqp1fIekaxsyQIDAQAB",$bCrlf);
$sbPublicKeyPem->AppendLine("-----END PUBLIC KEY-----",$bCrlf);
$pubKey = chilkat::CkPublicKey->new();
$pubKey->LoadFromString($sbPublicKeyPem->getAsString());
$sbPrivateKeyPem = chilkat::CkStringBuilder->new();
$sbPrivateKeyPem->AppendLine("-----BEGIN RSA PRIVATE KEY-----",$bCrlf);
$sbPrivateKeyPem->AppendLine("MIICXgIBAAKBgQDCFENGw33yGihy92pDjZQhl0C36rPJj+CvfSC8+q28hxA161QF",$bCrlf);
$sbPrivateKeyPem->AppendLine("NUd13wuCTUcq0Qd2qsBe/2hFyc2DCJJg0h1L78+6Z4UMR7EOcpfdUE9Hf3m/hs+F",$bCrlf);
$sbPrivateKeyPem->AppendLine("UR45uBJeDK1HSFHD8bHKD6kv8FPGfJTotc+2xjJwoYi+1hqp1fIekaxsyQIDAQAB",$bCrlf);
$sbPrivateKeyPem->AppendLine("AoGBAJR8ZkCUvx5kzv+utdl7T5MnordT1TvoXXJGXK7ZZ+UuvMNUCdN2QPc4sBiA",$bCrlf);
$sbPrivateKeyPem->AppendLine("QWvLw1cSKt5DsKZ8UETpYPy8pPYnnDEz2dDYiaew9+xEpubyeW2oH4Zx71wqBtOK",$bCrlf);
$sbPrivateKeyPem->AppendLine("kqwrXa/pzdpiucRRjk6vE6YY7EBBs/g7uanVpGibOVAEsqH1AkEA7DkjVH28WDUg",$bCrlf);
$sbPrivateKeyPem->AppendLine("f1nqvfn2Kj6CT7nIcE3jGJsZZ7zlZmBmHFDONMLUrXR/Zm3pR5m0tCmBqa5RK95u",$bCrlf);
$sbPrivateKeyPem->AppendLine("412jt1dPIwJBANJT3v8pnkth48bQo/fKel6uEYyboRtA5/uHuHkZ6FQF7OUkGogc",$bCrlf);
$sbPrivateKeyPem->AppendLine("mSJluOdc5t6hI1VsLn0QZEjQZMEOWr+wKSMCQQCC4kXJEsHAve77oP6HtG/IiEn7",$bCrlf);
$sbPrivateKeyPem->AppendLine("kpyUXRNvFsDE0czpJJBvL/aRFUJxuRK91jhjC68sA7NsKMGg5OXb5I5Jj36xAkEA",$bCrlf);
$sbPrivateKeyPem->AppendLine("gIT7aFOYBFwGgQAQkWNKLvySgKbAZRTeLBacpHMuQdl1DfdntvAyqpAZ0lY0RKmW",$bCrlf);
$sbPrivateKeyPem->AppendLine("G6aFKaqQfOXKCyWoUiVknQJAXrlgySFci/2ueKlIE1QqIiLSZ8V8OlpFLRnb1pzI",$bCrlf);
$sbPrivateKeyPem->AppendLine("7U1yQXnTAEFYM560yJlzUpOb1V4cScGd365tiSMvxLOvTA==",$bCrlf);
$sbPrivateKeyPem->AppendLine("-----END RSA PRIVATE KEY-----",$bCrlf);
$privKey = chilkat::CkPrivateKey->new();
$privKey->LoadPem($sbPrivateKeyPem->getAsString());
# All examples use this request:
#
# POST /foo?param=value&pet=dog HTTP/1.1
# Host: example.com
# Date: Sun, 05 Jan 2014 21:31:40 GMT
# Content-Type: application/json
# Digest: SHA-256=X48E9qOokqqrvdts8nOJRJN3OWDUoyWxBf7kbu9DBPE=
# Content-Length: 18
#
# {"hello": "world"}
# C.1. Default Test
#
# If a list of headers is not included, the date is the only header
# that is signed by default. The string to sign would be:
#
# date: Sun, 05 Jan 2014 21:31:40 GMT
#
# The Authorization header would be:
#
# Authorization: Signature keyId="Test",algorithm="rsa-sha256",
# signature="SjWJWbWN7i0wzBvtPl8rbASWz5xQW6mcJmn+ibttBqtifLN7Sazz
# 6m79cNfwwb8DMJ5cou1s7uEGKKCs+FLEEaDV5lp7q25WqS+lavg7T8hc0GppauB
# 6hbgEKTwblDHYGEtbGmtdHgVCk9SuS13F0hZ8FD0k/5OxEPXe5WozsbM="
#
# The Signature header would be:
#
# Signature: keyId="Test",algorithm="rsa-sha256",
# signature="SjWJWbWN7i0wzBvtPl8rbASWz5xQW6mcJmn+ibttBqtifLN7Sazz
# 6m79cNfwwb8DMJ5cou1s7uEGKKCs+FLEEaDV5lp7q25WqS+lavg7T8hc0GppauB
# 6hbgEKTwblDHYGEtbGmtdHgVCk9SuS13F0hZ8FD0k/5OxEPXe5WozsbM="
#
$dtNow = chilkat::CkDateTime->new();
$success = $dtNow->SetFromCurrentSystemTime();
$dateStr = $dtNow->getAsRfc822(0);
# To duplicate the above result, we'll hard-code the date string.
$dateStr = "Sun, 05 Jan 2014 21:31:40 GMT";
$rsa = chilkat::CkRsa->new();
$success = $rsa->UsePrivateKey($privKey);
if ($success == 0) {
print $rsa->lastErrorText() . "\r\n";
exit;
}
$sbStringToSign = chilkat::CkStringBuilder->new();
$sbStringToSign->Append("date: ");
$sbStringToSign->Append($dateStr);
$rsa->put_EncodingMode("base64");
$b64Signature = $rsa->signStringENC($sbStringToSign->getAsString(),"SHA256");
print $b64Signature . "\r\n";
print "---------------------------" . "\r\n";
# The result should be:
# SjWJWbWN7i0wzBvtPl8rbASW ... FD0k/5OxEPXe5WozsbM=
# ----------------------------------------------------------------------------------------------------
# C.2. Basic Test
#
# The minimum recommended data to sign is the (request-target), host,
# and date. In this case, the string to sign would be:
#
# (request-target): post /foo?param=value&pet=dog
# host: example.com
# date: Sun, 05 Jan 2014 21:31:40 GMT
#
# The Authorization header would be:
#
# Authorization: Signature keyId="Test",algorithm="rsa-sha256",
# headers="(request-target) host date", signature="qdx+H7PHHDZgy4
# y/Ahn9Tny9V3GP6YgBPyUXMmoxWtLbHpUnXS2mg2+SbrQDMCJypxBLSPQR2aAjn
# 7ndmw2iicw3HMbe8VfEdKFYRqzic+efkb3nndiv/x1xSHDJWeSWkx3ButlYSuBs
# kLu6kd9Fswtemr3lgdDEmn04swr2Os0="
$sbStringToSign->Clear();
$sbStringToSign->Append("(request-target): ");
$sbStringToSign->AppendLine("post /foo?param=value&pet=dog",0);
$sbStringToSign->Append("host: ");
$sbStringToSign->AppendLine("example.com",0);
$sbStringToSign->Append("date: ");
$sbStringToSign->Append($dateStr);
print "StringToSign:" . "\r\n";
print $sbStringToSign->getAsString() . "\r\n";
$b64Signature = $rsa->signStringENC($sbStringToSign->getAsString(),"SHA256");
print $b64Signature . "\r\n";
print "---------------------------" . "\r\n";
# The result should be:
# qdx+H7PHHDZgy4y/Ahn ... mn04swr2Os0=