Sample code for 30+ languages & platforms
SQL Server

Add EncapsulatedTimestamp to Already-Signed XML

See more XML Digital Signatures Examples

Demonstrates how to add an EncapsulatedTimestamp to an existing XML signature.

Note: This example requires Chilkat v9.5.0.90 or greater.

Chilkat SQL Server Downloads

SQL Server
-- Important: See this note about string length limitations for strings returned by sp_OAMethod calls.
--
CREATE PROCEDURE ChilkatSample
AS
BEGIN
    DECLARE @hr int
    DECLARE @iTmp0 int
    -- Important: Do not use nvarchar(max).  See the warning about using nvarchar(max).
    DECLARE @sTmp0 nvarchar(4000)
    DECLARE @success int
    SELECT @success = 0

    -- This example requires the Chilkat API to have been previously unlocked.
    -- See Global Unlock Sample for sample code.

    -- Note: We cannot load the already-signed XML into a Chilkat XML object because it would re-format the XML when re-emitted.
    -- (i.e. indentation and whitespace could change, and it would invalidate the existing signature.)
    -- We must use a StringBuilder.
    DECLARE @sbXml int
    EXEC @hr = sp_OACreate 'Chilkat.StringBuilder', @sbXml OUT
    IF @hr <> 0
    BEGIN
        PRINT 'Failed to create ActiveX component'
        RETURN
    END

    EXEC sp_OAMethod @sbXml, 'LoadFile', @success OUT, 'qa_data/xml_dsig_valid_samples/encapsulatedTimestamp_not_yet_added.xml', 'utf-8'
    IF @success = 0
      BEGIN

        PRINT 'Failed to load the XML file.'
        EXEC @hr = sp_OADestroy @sbXml
        RETURN
      END

    DECLARE @dsig int
    EXEC @hr = sp_OACreate 'Chilkat.XmlDSig', @dsig OUT

    EXEC sp_OAMethod @dsig, 'LoadSignatureSb', @success OUT, @sbXml
    IF @success = 0
      BEGIN
        EXEC sp_OAGetProperty @dsig, 'LastErrorText', @sTmp0 OUT
        PRINT @sTmp0
        EXEC @hr = sp_OADestroy @sbXml
        EXEC @hr = sp_OADestroy @dsig
        RETURN
      END

    EXEC sp_OAMethod @dsig, 'HasEncapsulatedTimeStamp', @iTmp0 OUT
    IF @iTmp0 = 1
      BEGIN

        PRINT 'This signed XML already has an EncapsulatedTimeStamp'
        EXEC @hr = sp_OADestroy @sbXml
        EXEC @hr = sp_OADestroy @dsig
        RETURN
      END

    -- Specify the timestamping authority URL
    DECLARE @json int
    EXEC @hr = sp_OACreate 'Chilkat.JsonObject', @json OUT

    EXEC sp_OAMethod @json, 'UpdateString', @success OUT, 'timestampToken.tsaUrl', 'http://timestamp.digicert.com'
    EXEC sp_OAMethod @json, 'UpdateBool', @success OUT, 'timestampToken.requestTsaCert', 1

    -- Call AddEncapsulatedTimeStamp to add the EncapsulatedTimeStamp to the signature.
    -- Note: If the signed XML contains multiple signatures, the signature modified is the one 
    -- indicated by the dsig.Selector property.
    DECLARE @sbOut int
    EXEC @hr = sp_OACreate 'Chilkat.StringBuilder', @sbOut OUT

    EXEC sp_OAMethod @dsig, 'AddEncapsulatedTimeStamp', @success OUT, @json, @sbOut
    IF @success = 0
      BEGIN
        EXEC sp_OAGetProperty @dsig, 'LastErrorText', @sTmp0 OUT
        PRINT @sTmp0
        EXEC @hr = sp_OADestroy @sbXml
        EXEC @hr = sp_OADestroy @dsig
        EXEC @hr = sp_OADestroy @json
        EXEC @hr = sp_OADestroy @sbOut
        RETURN
      END

    EXEC sp_OAMethod @sbOut, 'WriteFile', @success OUT, 'qa_output/addedEncapsulatedTimeStamp.xml', 'utf-8', 0

    -- The EncapsulatedTimeStamp can be validated when validating the signature by adding the VerifyEncapsulatedTimeStamp
    -- keyword to UncommonOptions.  See here:

    -- ----------------------------------------
    -- Verify the signatures we just produced...
    DECLARE @verifier int
    EXEC @hr = sp_OACreate 'Chilkat.XmlDSig', @verifier OUT

    EXEC sp_OAMethod @verifier, 'LoadSignatureSb', @success OUT, @sbOut
    IF @success <> 1
      BEGIN
        EXEC sp_OAGetProperty @verifier, 'LastErrorText', @sTmp0 OUT
        PRINT @sTmp0
        EXEC @hr = sp_OADestroy @sbXml
        EXEC @hr = sp_OADestroy @dsig
        EXEC @hr = sp_OADestroy @json
        EXEC @hr = sp_OADestroy @sbOut
        EXEC @hr = sp_OADestroy @verifier
        RETURN
      END

    -- Add "VerifyEncapsulatedTimeStamp" to the UncommonOptions to also verify any EncapsulatedTimeStamps
    EXEC sp_OASetProperty @verifier, 'UncommonOptions', 'VerifyEncapsulatedTimeStamp'

    DECLARE @numSigs int
    EXEC sp_OAGetProperty @verifier, 'NumSignatures', @numSigs OUT
    DECLARE @verifyIdx int
    SELECT @verifyIdx = 0
    WHILE @verifyIdx < @numSigs
      BEGIN
        EXEC sp_OASetProperty @verifier, 'Selector', @verifyIdx
        DECLARE @verified int
        EXEC sp_OAMethod @verifier, 'VerifySignature', @verified OUT, 1
        IF @verified <> 1
          BEGIN
            EXEC sp_OAGetProperty @verifier, 'LastErrorText', @sTmp0 OUT
            PRINT @sTmp0
            EXEC @hr = sp_OADestroy @sbXml
            EXEC @hr = sp_OADestroy @dsig
            EXEC @hr = sp_OADestroy @json
            EXEC @hr = sp_OADestroy @sbOut
            EXEC @hr = sp_OADestroy @verifier
            RETURN
          END
        SELECT @verifyIdx = @verifyIdx + 1
      END

    PRINT 'All signatures were successfully verified.'

    EXEC @hr = sp_OADestroy @sbXml
    EXEC @hr = sp_OADestroy @dsig
    EXEC @hr = sp_OADestroy @json
    EXEC @hr = sp_OADestroy @sbOut
    EXEC @hr = sp_OADestroy @verifier


END
GO