This example demonstrates how to sign an XML document with digital signature by using of the SOAP Message component.
//You will need to add the following units to your Uses section: clSoapSecurity, clCertificate, clCertificateStore. SOAP.BatchSize := 8192; SOAP.EncodingStyle := 'http://schemas.xmlsoap.org/soap/encoding/'; //we have added a special SecurityConfig property and moved all security-related properties to this new property. SOAP.SecurityConfig.CSP := 'Microsoft Base Cryptographic Provider v1.0'; SOAP.SecurityConfig.ProviderType := 1; SOAP.SecurityConfig.IdName := 'Id'; SOAP.SecurityConfig.SignatureStyle := ssJava; //The old version 7.8 supports the only one certificate information style. It inserts X509 binary security token to the resulting XML. //Starting from the version 9.1, the library supports different styles for including the certificate info: X509 binary security token, certificate subject key identifier, and certificate thumbprint. //The new version also supports multiple digital signatures. So both these properties were moved to TclSoapSignatureInfo (see the Signatures collection). //You can choose the desired style by using of the KeyClassName property of the TclSoapSignatureInfo class. Instances of this class are stored within the Signatures collection. //As a result, the IsIncludeCertificate was removed. //SOAP.IsIncludeCertificate := true; SOAP.Signatures.Add(); SOAP.Signatures[0].ID := 'your_signature_id';//in most cases, you should not leave this property empty SOAP.Signatures[0].KeyClassName := 'TclXmlX509KeyInfo'; //By default, the X509 binary security token is used for created signatures. In your case, you can leave this property unchanged. SOAP.Signatures[0].SignatureMethod := 'http://www.w3.org/2000/09/xmldsig#rsa-sha1';//this value is used by default. In your case, you can leave this property unchanged. //A sample of using of the TclSoapMessage component for making digital signatures can be seen below: SOAP.OnGetSigningCertificate := GetSigningCertificateEventHandler; SOAP.SecurityConfig.IdName := 'Id'; SOAP.SecurityConfig.SignatureStyle := ssJava; SOAP.BuildSoapMessage('your_xml', ''); SOAP.Signatures.Add(); SOAP.Signatures[0].ID := 'your_signature_id'; SOAP.Signatures[0].KeyReferenceID := 'your_key_reference_id'; SOAP.BodyID := 'your_enveloped_body_id'; //Optional parameters. Depending on your task, you can leave it empty. SOAP.Addressing.AddItem('To', 'your_address_id', 'your_address_value'); SOAP.Timestamp.ID := 'your_timestamp_id'; SOAP.Timestamp.Created := 'created_str'; SOAP.Timestamp.Expires := 'expires_str'; SOAP.Signatures[0].References.Clear(); SOAP.Signatures[0].References.Add().URI := '#your_enveloped_body_id'; SOAP.Signatures[0].References.Add().URI := '#your_timestamp_id'; //if you didn't specify the timestamp, do not add this reference. SOAP.Signatures[0].References.Add('#your_address_id'); //see the comment above SOAP.Sign();
An event handler for loading the signing certificate.
procedure TForm1.GetSigningCertificateEventHandler(Sender: TObject; AKeyInfo: TclXmlKeyInfo; var ACertificate: TclCertificate; AExtraCerts: TclCertificateList; var Handled: Boolean); begin ACertificate := CertificateStore.CertificateByThumbprint('123456...'); Handled := True; end;
Trouble logging in? Simply enter your email address OR username in order to reset your password.
For faster and more reliable delivery, add admin@clevercomponents.com to your trusted senders list in your email software.