Signing a SOAP message, upgrading from version 7.x to 9.2

Applies to Clever Internet Suite version 9.2 and higher, see comments within the code
 
 
1. You will need to add the following units to your Uses section: clSoapSecurity, clCertificate, clCertificateStore.
 
SOAP.BatchSize := 8192;
SOAP.EncodingStyle := 'http://schemas.xmlsoap.org/soap/encoding/';

//We have added a special SecurityConfig property and moved all security-related
//properties to this new property.
SOAP.SecurityConfig.CSP := 'Microsoft Base Cryptographic Provider v1.0';
SOAP.SecurityConfig.ProviderType := 1;
SOAP.SecurityConfig.IdName := 'Id';
SOAP.SecurityConfig.SignatureStyle := ssJava;

//An event handler for loading the signing certificate.
SOAP.OnGetSigningCertificate := GetSigningCertificateEventHandler;

//Build a new SOAP message. Alternatively, 
//you can use the BuildSoapWSDL method to make a new RPC request.
SOAP.BuildSoapMessage('your_xml', '');

//The new version of TclSoapMessage can handle multiple signatures. 
//This means, you need to add at least one signature item to the Signatures collection 
//before using it.
SOAP.Signatures.Add();
SOAP.Signatures[0].ID := 'your_signature_id';
SOAP.Signatures[0].SignatureMethod := 'http://www.w3.org/2000/09/xmldsig#rsa-sha1'; 
//This value is used by default. You can choose the desired signature algorithm here.
SOAP.Signatures[0].KeyReferenceID := 'your_key_reference_id';

//SOAP.IsIncludeCertificate := True; //version 7.8 syntax
//The old version 7.8 supports the only one key information format.
//It inserts an X509 binary security token to the resulting XML.
//The new version supports different formats.
//Currently, the following formats are implemented: 
//X509 binary security token, certificate subject key identifier, and certificate thumbprint.
//You can choose the desired key format using the KeyClassName property.
SOAP.Signatures[0].KeyClassName := 'TclXmlX509KeyInfo'; 
//By default, the X509 binary security token is used.

//The SignReferences property was moved to the signature item.
//Also, we have renamed it to Reference.
//Do not forget to add the '#' symbol to the reference IDs. 
//The new version of TclSoapMessage requires the ID references to be prefixed with '#', 
//according to the SOAP security specification.
//SOAP.SignReferences.Clear();
//SOAP.SignReferences.Add('your_enveloped_body_id'); //version 7.8 syntax
SOAP.Signatures[0].References.Clear();
SOAP.Signatures[0].References.Add('#your_enveloped_body_id');
SOAP.Signatures[0].References.Add('#your_timestamp_id'); 
//If you didn't specify the Timestamp parameters, do not add this reference.
SOAP.Signatures[0].References.Add('#your_address_id'); 
//The same for Addressing.

SOAP.BodyID := 'your_enveloped_body_id';

//Optional parameters. Depending on your task, you can leave it empty.
SOAP.Addressing.AddItem('To', 'your_address_id', 'your_address_value');
SOAP.Timestamp.ID := 'your_timestamp_id';
createdOn := LocalTimeToGlobalTime(Now());
SOAP.Timestamp.Created := DateTimeToXMLTime(createdOn);
SOAP.Timestamp.Expires := DateTimeToXMLTime(createdOn + EncodeTime(0, 30, 0, 0));

//this option is available in Clever Internet Suite 9.5 and higher
//SOAP.Timestamp.Mode := tmAutoCreate;

//Sign the message.
SOAP.Sign();

//You can access the signed XML using the RequestSource TStringList property:
SOAP.RequestSource.SaveToFile('request.xml');

Add Feedback