Tcl
Tcl
Create XAdES with ec:InclusiveNamespaces within the Transforms
See more XML Digital Signatures Examples
Demonstrates how to generate XAdES that has a Reference that has Transforms that include an ec:InclusiveNamespaces.Chilkat Tcl Downloads
load ./chilkat.dll
set success 0
# This example requires the Chilkat API to have been previously unlocked.
# See Global Unlock Sample for sample code.
# This is the XML we'll be signing:
# <soapenv:Envelope xmlns:obs="http://csioz.gov.pl/zsmopl/ws/obslugakomunikatow/" xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
# <soapenv:Header>
# <wsse:Security
# xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
# xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" soapenv:mustUnderstand="1">
# <wsse:BinarySecurityToken
# EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary"
# ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509PKIPathv1"
# wsu:Id="X509-02BF0107214FC61449FD0013DF68F0359">MII...</wsse:BinarySecurityToken>
# </wsse:Security>
# </soapenv:Header>
# <soapenv:Body xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
# wsu:Id="id-396BB6026342EB5C0E1EA73593B3CC098">
# <obs:zapiszKomunikatOS>
# <komunikatOS>
# <idPodmiotuRaportujacego>
# <idBiznesowy>000000011986</idBiznesowy>
# <rodzajPodmiotuRaportujacego>PA</rodzajPodmiotuRaportujacego>
# </idPodmiotuRaportujacego>
# </komunikatOS>
# </obs:zapiszKomunikatOS>
# </soapenv:Body>
# </soapenv:Envelope>
#
# ----------------------------------------------------------------------
# IMPORTANT: This generated example requires Chilkat v9.5.0.77 or later.
# ----------------------------------------------------------------------
set success 1
# Create the above XML to be signed...
set xmlToSign [new_CkXml]
CkXml_put_Tag $xmlToSign "soapenv:Envelope"
CkXml_AddAttribute $xmlToSign "xmlns:obs" "http://csioz.gov.pl/zsmopl/ws/obslugakomunikatow/"
CkXml_AddAttribute $xmlToSign "xmlns:soapenv" "http://schemas.xmlsoap.org/soap/envelope/"
CkXml_UpdateAttrAt $xmlToSign "soapenv:Header|wsse:Security" 1 "xmlns:wsse" "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
CkXml_UpdateAttrAt $xmlToSign "soapenv:Header|wsse:Security" 1 "xmlns:wsu" "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
CkXml_UpdateAttrAt $xmlToSign "soapenv:Header|wsse:Security" 1 "soapenv:mustUnderstand" "1"
CkXml_UpdateAttrAt $xmlToSign "soapenv:Header|wsse:Security|wsse:BinarySecurityToken" 1 "EncodingType" "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary"
CkXml_UpdateAttrAt $xmlToSign "soapenv:Header|wsse:Security|wsse:BinarySecurityToken" 1 "ValueType" "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509PKIPathv1"
CkXml_UpdateAttrAt $xmlToSign "soapenv:Header|wsse:Security|wsse:BinarySecurityToken" 1 "wsu:Id" "X509-02BF0107214FC61449FD0013DF68F0359"
# Note: The content of this XML node is a placeholder that will be updated below with the X509PKIPathv1 for the signing certificate.
CkXml_UpdateChildContent $xmlToSign "soapenv:Header|wsse:Security|wsse:BinarySecurityToken" "BinarySecurityToken_Base64Binary_Content"
CkXml_UpdateAttrAt $xmlToSign "soapenv:Body" 1 "xmlns:wsu" "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
CkXml_UpdateAttrAt $xmlToSign "soapenv:Body" 1 "wsu:Id" "id-396BB6026342EB5C0E1EA73593B3CC098"
CkXml_UpdateChildContent $xmlToSign "soapenv:Body|obs:zapiszKomunikatOS|komunikatOS|idPodmiotuRaportujacego|idBiznesowy" "000000011986"
CkXml_UpdateChildContent $xmlToSign "soapenv:Body|obs:zapiszKomunikatOS|komunikatOS|idPodmiotuRaportujacego|rodzajPodmiotuRaportujacego" "PA"
set gen [new_CkXmlDSigGen]
CkXmlDSigGen_put_SigLocation $gen "soapenv:Envelope|soapenv:Header|wsse:Security"
CkXmlDSigGen_put_SigLocationMod $gen 0
CkXmlDSigGen_put_SigId $gen "SIG-BB965DFC3C8AAF87903C0ED898B8D2A8D"
CkXmlDSigGen_put_SigNamespacePrefix $gen "ds"
CkXmlDSigGen_put_SigNamespaceUri $gen "http://www.w3.org/2000/09/xmldsig#"
CkXmlDSigGen_put_SignedInfoCanonAlg $gen "EXCL_C14N"
CkXmlDSigGen_put_SignedInfoDigestMethod $gen "sha1"
# Set the KeyInfoId before adding references..
CkXmlDSigGen_put_KeyInfoId $gen "KI-9D95C38916099AD2EE87DDAC1A76E97E4"
# -------- Reference 1 --------
CkXmlDSigGen_AddSameDocRef $gen "id-396BB6026342EB5C0E1EA73593B3CC098" "sha1" "EXCL_C14N" "obs" ""
# The reference to be produced in the Signature should look like this:
# <ds:Reference URI="#id-396BB6026342EB5C0E1EA73593B3CC098">
# <ds:Transforms><ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
# <ec:InclusiveNamespaces xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#" PrefixList="obs"></ec:InclusiveNamespaces>
# </ds:Transform></ds:Transforms>
# <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></ds:DigestMethod>
# <ds:DigestValue>2e9hZYj/CN2nPsgQqUraU43k3ds=</ds:DigestValue>
# </ds:Reference>
#
# Provide a certificate + private key. (PFX password is test123)
set cert [new_CkCert]
set success [CkCert_LoadPfxFile $cert "qa_data/pfx/cert_test123.pfx" "test123"]
if {$success != 1} then {
puts [CkCert_lastErrorText $cert]
delete_CkXml $xmlToSign
delete_CkXmlDSigGen $gen
delete_CkCert $cert
exit
}
CkXmlDSigGen_SetX509Cert $gen $cert 1
CkXmlDSigGen_put_KeyInfoType $gen "Custom"
# Create the custom KeyInfo XML..
set xmlCustomKeyInfo [new_CkXml]
CkXml_put_Tag $xmlCustomKeyInfo "wsse:SecurityTokenReference"
CkXml_AddAttribute $xmlCustomKeyInfo "wsse11:TokenType" "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509PKIPathv1"
CkXml_AddAttribute $xmlCustomKeyInfo "xmlns:wsse11" "http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd"
CkXml_AddAttribute $xmlCustomKeyInfo "wsu:Id" "STR-FF238E7C061332C5B19752C2FBC8CDEF2"
CkXml_UpdateAttrAt $xmlCustomKeyInfo "wsse:Reference" 1 "URI" "#X509-02BF0107214FC61449FD0013DF68F0359"
CkXml_UpdateAttrAt $xmlCustomKeyInfo "wsse:Reference" 1 "ValueType" "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509PKIPathv1"
CkXml_put_EmitXmlDecl $xmlCustomKeyInfo 0
CkXmlDSigGen_put_CustomKeyInfoXml $gen [CkXml_getXml $xmlCustomKeyInfo]
# Load XML to be signed...
set sbXml [new_CkStringBuilder]
CkXml_GetXmlSb $xmlToSign $sbXml
# Update BinarySecurityToken_Base64Binary_Content with the actual X509PKIPathv1 of the signing cert.
set nReplaced [CkStringBuilder_Replace $sbXml "BinarySecurityToken_Base64Binary_Content" [CkCert_x509PKIPathv1 $cert]]
CkXmlDSigGen_put_Behaviors $gen "IndentedSignature"
# Sign the XML...
set success [CkXmlDSigGen_CreateXmlDSigSb $gen $sbXml]
if {$success != 1} then {
puts [CkXmlDSigGen_lastErrorText $gen]
delete_CkXml $xmlToSign
delete_CkXmlDSigGen $gen
delete_CkCert $cert
delete_CkXml $xmlCustomKeyInfo
delete_CkStringBuilder $sbXml
exit
}
# -----------------------------------------------
# Save the signed XML to a file.
set success [CkStringBuilder_WriteFile $sbXml "qa_output/signedXml.xml" "utf-8" 0]
puts [CkStringBuilder_getAsString $sbXml]
# ----------------------------------------
# Verify the signatures we just produced...
set verifier [new_CkXmlDSig]
set success [CkXmlDSig_LoadSignatureSb $verifier $sbXml]
if {$success != 1} then {
puts [CkXmlDSig_lastErrorText $verifier]
delete_CkXml $xmlToSign
delete_CkXmlDSigGen $gen
delete_CkCert $cert
delete_CkXml $xmlCustomKeyInfo
delete_CkStringBuilder $sbXml
delete_CkXmlDSig $verifier
exit
}
set numSigs [CkXmlDSig_get_NumSignatures $verifier]
set verifyIdx 0
while {$verifyIdx < $numSigs} {
CkXmlDSig_put_Selector $verifier $verifyIdx
set verified [CkXmlDSig_VerifySignature $verifier 1]
if {$verified != 1} then {
puts [CkXmlDSig_lastErrorText $verifier]
delete_CkXml $xmlToSign
delete_CkXmlDSigGen $gen
delete_CkCert $cert
delete_CkXml $xmlCustomKeyInfo
delete_CkStringBuilder $sbXml
delete_CkXmlDSig $verifier
exit
}
set verifyIdx [expr $verifyIdx + 1]
}
puts "All signatures were successfully verified."
delete_CkXml $xmlToSign
delete_CkXmlDSigGen $gen
delete_CkCert $cert
delete_CkXml $xmlCustomKeyInfo
delete_CkStringBuilder $sbXml
delete_CkXmlDSig $verifier