This example demonstrates how to sign an XML document with digital signature by using of the SOAP Message component.
//You will need to add the following units to your Uses section: clSoapSecurity, clCertificate, clCertificateStore.
SOAP.BatchSize := 8192;
SOAP.EncodingStyle := 'http://schemas.xmlsoap.org/soap/encoding/';
//we have added a special SecurityConfig property and moved all security-related properties to this new property.
SOAP.SecurityConfig.CSP := 'Microsoft Base Cryptographic Provider v1.0';
SOAP.SecurityConfig.ProviderType := 1;
SOAP.SecurityConfig.IdName := 'Id';
SOAP.SecurityConfig.SignatureStyle := ssJava;
//The old version 7.8 supports the only one certificate information style. It inserts X509 binary security token to the resulting XML.
//Starting from the version 9.1, the library supports different styles for including the certificate info: X509 binary security token, certificate subject key identifier, and certificate thumbprint.
//The new version also supports multiple digital signatures. So both these properties were moved to TclSoapSignatureInfo (see the Signatures collection).
//You can choose the desired style by using of the KeyClassName property of the TclSoapSignatureInfo class. Instances of this class are stored within the Signatures collection.
//As a result, the IsIncludeCertificate was removed.
//SOAP.IsIncludeCertificate := true;
SOAP.Signatures.Add();
SOAP.Signatures[0].ID := 'your_signature_id';//in most cases, you should not leave this property empty
SOAP.Signatures[0].KeyClassName := 'TclXmlX509KeyInfo'; //By default, the X509 binary security token is used for created signatures. In your case, you can leave this property unchanged.
SOAP.Signatures[0].SignatureMethod := 'http://www.w3.org/2000/09/xmldsig#rsa-sha1';//this value is used by default. In your case, you can leave this property unchanged.
//A sample of using of the TclSoapMessage component for making digital signatures can be seen below:
SOAP.OnGetSigningCertificate := GetSigningCertificateEventHandler;
SOAP.SecurityConfig.IdName := 'Id';
SOAP.SecurityConfig.SignatureStyle := ssJava;
SOAP.BuildSoapMessage('your_xml', '');
SOAP.Signatures.Add();
SOAP.Signatures[0].ID := 'your_signature_id';
SOAP.Signatures[0].KeyReferenceID := 'your_key_reference_id';
SOAP.BodyID := 'your_enveloped_body_id';
//Optional parameters. Depending on your task, you can leave it empty.
SOAP.Addressing.AddItem('To', 'your_address_id', 'your_address_value');
SOAP.Timestamp.ID := 'your_timestamp_id';
SOAP.Timestamp.Created := 'created_str';
SOAP.Timestamp.Expires := 'expires_str';
SOAP.Signatures[0].References.Clear();
SOAP.Signatures[0].References.Add().URI := '#your_enveloped_body_id';
SOAP.Signatures[0].References.Add().URI := '#your_timestamp_id'; //if you didn't specify the timestamp, do not add this reference.
SOAP.Signatures[0].References.Add('#your_address_id'); //see the comment above
SOAP.Sign();
An event handler for loading the signing certificate.
procedure TForm1.GetSigningCertificateEventHandler(Sender: TObject;
AKeyInfo: TclXmlKeyInfo; var ACertificate: TclCertificate;
AExtraCerts: TclCertificateList; var Handled: Boolean);
begin
ACertificate := CertificateStore.CertificateByThumbprint('123456...');
Handled := True;
end;
Article ID: 105, Created: August 8, 2018 at 1:00 PM, Modified: August 8, 2018 at 1:16 PM