Sample code for 30+ languages & platforms
Classic ASP

Sign XML for Zakat, Tax and Customs Authority (ZATCA)

See more ZATCA Examples

Demonstrates how to sign XML for Zakat, Tax and Customs Authority (ZATCA).

Chilkat Classic ASP Downloads

Classic ASP
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
</head>
<body>
<%
success = 0

' This example requires the Chilkat API to have been previously unlocked.
' See Global Unlock Sample for sample code.

success = 1

' Load XML to be signed...
set sbXml = Server.CreateObject("Chilkat.StringBuilder")
success = sbXml.LoadFile("qa_data/xml_dsig_valid_samples/UBL_Saudi_ZATCA_Zakat_Tax_and_Customs_Authority_toBeSigned.xml","utf-8")
If (success = 0) Then
    Response.Write "<pre>" & Server.HTMLEncode( "Failed to load XML file to be signed.") & "</pre>"
    Response.End
End If

' Loads XML containing the following (with data modified from the original sample).

' <?xml version="1.0" encoding="UTF-8"?>
' <Invoice xmlns="urn:oasis:names:specification:ubl:schema:xsd:Invoice-2" xmlns:cac="urn:oasis:names:specification:ubl:schema:xsd:CommonAggregateComponents-2" xmlns:cbc="urn:oasis:names:specification:ubl:schema:xsd:CommonBasicComponents-2" xmlns:ext="urn:oasis:names:specification:ubl:schema:xsd:CommonExtensionComponents-2"><ext:UBLExtensions>
'     <ext:UBLExtension>
'         <ext:ExtensionURI>urn:oasis:names:specification:ubl:dsig:enveloped:xades</ext:ExtensionURI>
'         <ext:ExtensionContent>
'             <sig:UBLDocumentSignatures xmlns:sig="urn:oasis:names:specification:ubl:schema:xsd:CommonSignatureComponents-2" xmlns:sac="urn:oasis:names:specification:ubl:schema:xsd:SignatureAggregateComponents-2" xmlns:sbc="urn:oasis:names:specification:ubl:schema:xsd:SignatureBasicComponents-2">
'                 <sac:SignatureInformation>
'                     <cbc:ID>urn:oasis:names:specification:ubl:signature:1</cbc:ID>
'                     <sbc:ReferencedSignatureID>urn:oasis:names:specification:ubl:signature:Invoice</sbc:ReferencedSignatureID>
'                     
'                 </sac:SignatureInformation>
'             </sig:UBLDocumentSignatures>
'         </ext:ExtensionContent>
'     </ext:UBLExtension>
' </ext:UBLExtensions>
'    
'    <cbc:ProfileID>reporting:1.0</cbc:ProfileID>
'    <cbc:ID>100</cbc:ID>
'    <cbc:UUID>3cf5ee18-ee25-44ea-a444-2c37ba7f28be</cbc:UUID>
'    <cbc:IssueDate>2021-04-25</cbc:IssueDate>
'    <cbc:IssueTime>15:30:00</cbc:IssueTime>
'    <cbc:InvoiceTypeCode name="0100000">388</cbc:InvoiceTypeCode>
'    <cbc:DocumentCurrencyCode>SAR</cbc:DocumentCurrencyCode>
'    <cbc:TaxCurrencyCode>SAR</cbc:TaxCurrencyCode>
'    <cbc:LineCountNumeric>2</cbc:LineCountNumeric>
'    <cac:AdditionalDocumentReference>
'       <cbc:ID>ICV</cbc:ID>
'       <cbc:UUID>46531</cbc:UUID>
'    </cac:AdditionalDocumentReference>
'    <cac:AdditionalDocumentReference>
'       <cbc:ID>PIH</cbc:ID>
'       <cac:Attachment>
'          <cbc:EmbeddedDocumentBinaryObject mimeCode="text/plain">NWZl......NTdlOQ==</cbc:EmbeddedDocumentBinaryObject>
'       </cac:Attachment>
'    </cac:AdditionalDocumentReference>
'    
'   
'    <cac:AdditionalDocumentReference>
'         <cbc:ID>QR</cbc:ID>
'         <cac:Attachment>
'             <cbc:EmbeddedDocumentBinaryObject mimeCode="text/plain">ARlBbC........FAau5g</cbc:EmbeddedDocumentBinaryObject>
'         </cac:Attachment>
' </cac:AdditionalDocumentReference><cac:Signature>
'       <cbc:ID>urn:oasis:names:specification:ubl:signature:Invoice</cbc:ID>
'       <cbc:SignatureMethod>urn:oasis:names:specification:ubl:dsig:enveloped:xades</cbc:SignatureMethod>
' </cac:Signature><cac:AccountingSupplierParty>
'       <cac:Party>
'          <cac:PartyIdentification>
'             <cbc:ID schemeID="MLS">123457890</cbc:ID>
'          </cac:PartyIdentification>
'          <cac:PostalAddress>
'             <cbc:StreetName>King Abdulaziz Road</cbc:StreetName>
'             <cbc:BuildingNumber>9999</cbc:BuildingNumber>
'             <cbc:PlotIdentification>9999</cbc:PlotIdentification>
'             <cbc:CitySubdivisionName>Al Amal</cbc:CitySubdivisionName>
'             <cbc:CityName>Riyadh</cbc:CityName>
'             <cbc:PostalZone>12643</cbc:PostalZone>
'             <cbc:CountrySubentity>Riyadh Region</cbc:CountrySubentity>
'             <cac:Country>
'                <cbc:IdentificationCode>SA</cbc:IdentificationCode>
'             </cac:Country>
'          </cac:PostalAddress>
'          <cac:PartyTaxScheme>
'             <cbc:CompanyID>300099999900003</cbc:CompanyID>
'             <cac:TaxScheme>
'                <cbc:ID>VAT</cbc:ID>
'             </cac:TaxScheme>
'          </cac:PartyTaxScheme>
'          <cac:PartyLegalEntity>
'             <cbc:RegistrationName>Example Co. LTD</cbc:RegistrationName>
'          </cac:PartyLegalEntity>
'       </cac:Party>
'    </cac:AccountingSupplierParty>
'    <cac:AccountingCustomerParty>
'       <cac:Party>
'          <cac:PartyIdentification>
'             <cbc:ID schemeID="SAG">123C12345678</cbc:ID>
'          </cac:PartyIdentification>
'          <cac:PostalAddress>
'             <cbc:StreetName>King Abdullah Road</cbc:StreetName>
'             <cbc:BuildingNumber>9999</cbc:BuildingNumber>
'             <cbc:PlotIdentification>9999</cbc:PlotIdentification>
'             <cbc:CitySubdivisionName>Al Mursalat</cbc:CitySubdivisionName>
'             <cbc:CityName>Riyadh</cbc:CityName>
'             <cbc:PostalZone>11564</cbc:PostalZone>
'             <cbc:CountrySubentity>Riyadh Region</cbc:CountrySubentity>
'             <cac:Country>
'                <cbc:IdentificationCode>SA</cbc:IdentificationCode>
'             </cac:Country>
'          </cac:PostalAddress>
'          <cac:PartyTaxScheme>
'             <cac:TaxScheme>
'                <cbc:ID>VAT</cbc:ID>
'             </cac:TaxScheme>
'          </cac:PartyTaxScheme>
'          <cac:PartyLegalEntity>
'             <cbc:RegistrationName>EXAMPLE MARKETS</cbc:RegistrationName>
'          </cac:PartyLegalEntity>
'       </cac:Party>
'    </cac:AccountingCustomerParty>
'    <cac:Delivery>
'       <cbc:ActualDeliveryDate>2022-04-25</cbc:ActualDeliveryDate>
'    </cac:Delivery>
'    <cac:PaymentMeans>
'       <cbc:PaymentMeansCode>42</cbc:PaymentMeansCode>
'    </cac:PaymentMeans>
'    <cac:TaxTotal>
'       <cbc:TaxAmount currencyID="SAR">135.00</cbc:TaxAmount>
'       <cac:TaxSubtotal>
'          <cbc:TaxableAmount currencyID="SAR">900.00</cbc:TaxableAmount>
'          <cbc:TaxAmount currencyID="SAR">135.00</cbc:TaxAmount>
'          <cac:TaxCategory>
'             <cbc:ID>S</cbc:ID>
'             <cbc:Percent>15</cbc:Percent>
'             <cac:TaxScheme>
'                <cbc:ID>VAT</cbc:ID>
'             </cac:TaxScheme>
'          </cac:TaxCategory>
'       </cac:TaxSubtotal>
'    </cac:TaxTotal>
'    <cac:TaxTotal>
'       <cbc:TaxAmount currencyID="SAR">135.00</cbc:TaxAmount>
'    </cac:TaxTotal>
'    <cac:LegalMonetaryTotal>
'       <cbc:LineExtensionAmount currencyID="SAR">900.00</cbc:LineExtensionAmount>
'       <cbc:TaxExclusiveAmount currencyID="SAR">900.00</cbc:TaxExclusiveAmount>
'       <cbc:TaxInclusiveAmount currencyID="SAR">1035.00</cbc:TaxInclusiveAmount>
'       <cbc:AllowanceTotalAmount currencyID="SAR">0.00</cbc:AllowanceTotalAmount>
'       <cbc:PayableAmount currencyID="SAR">1035.00</cbc:PayableAmount>
'    </cac:LegalMonetaryTotal>
'    <cac:InvoiceLine>
'       <cbc:ID>1</cbc:ID>
'       <cbc:InvoicedQuantity unitCode="PCE">1</cbc:InvoicedQuantity>
'       <cbc:LineExtensionAmount currencyID="SAR">200.00</cbc:LineExtensionAmount>
'       <cac:TaxTotal>
'          <cbc:TaxAmount currencyID="SAR">30.00</cbc:TaxAmount>
'          <cbc:RoundingAmount currencyID="SAR">230.00</cbc:RoundingAmount>
'       </cac:TaxTotal>
'       <cac:Item>
'          <cbc:Name>Item A</cbc:Name>
'          <cac:ClassifiedTaxCategory>
'             <cbc:ID>S</cbc:ID>
'             <cbc:Percent>15</cbc:Percent>
'             <cac:TaxScheme>
'                <cbc:ID>VAT</cbc:ID>
'             </cac:TaxScheme>
'          </cac:ClassifiedTaxCategory>
'       </cac:Item>
'       <cac:Price>
'          <cbc:PriceAmount currencyID="SAR">200.00</cbc:PriceAmount>
'       </cac:Price>
'    </cac:InvoiceLine>
'    <cac:InvoiceLine>
'       <cbc:ID>2</cbc:ID>
'       <cbc:InvoicedQuantity unitCode="PCE">2</cbc:InvoicedQuantity>
'       <cbc:LineExtensionAmount currencyID="SAR">700.00</cbc:LineExtensionAmount>
'       <cac:TaxTotal>
'          <cbc:TaxAmount currencyID="SAR">105.00</cbc:TaxAmount>
'          <cbc:RoundingAmount currencyID="SAR">805.00</cbc:RoundingAmount>
'       </cac:TaxTotal>
'       <cac:Item>
'          <cbc:Name>Item B</cbc:Name>
'          <cac:ClassifiedTaxCategory>
'             <cbc:ID>S</cbc:ID>
'             <cbc:Percent>15</cbc:Percent>
'             <cac:TaxScheme>
'                <cbc:ID>VAT</cbc:ID>
'             </cac:TaxScheme>
'          </cac:ClassifiedTaxCategory>
'       </cac:Item>
'       <cac:Price>
'          <cbc:PriceAmount currencyID="SAR">350.00</cbc:PriceAmount>
'       </cac:Price>
'    </cac:InvoiceLine>
' </Invoice>

set gen = Server.CreateObject("Chilkat.XmlDSigGen")

gen.SigLocation = "Invoice|ext:UBLExtensions|ext:UBLExtension|ext:ExtensionContent|sig:UBLDocumentSignatures|sac:SignatureInformation"
gen.SigLocationMod = 0
gen.SigId = "signature"
gen.SigNamespacePrefix = "ds"
gen.SigNamespaceUri = "http://www.w3.org/2000/09/xmldsig#"
gen.SignedInfoCanonAlg = "C14N_11"
gen.SignedInfoDigestMethod = "sha256"

' Create an Object to be added to the Signature.
set object1 = Server.CreateObject("Chilkat.Xml")
object1.Tag = "xades:QualifyingProperties"
success = object1.AddAttribute("xmlns:xades","http://uri.etsi.org/01903/v1.3.2#")
success = object1.AddAttribute("Target","signature")
success = object1.UpdateAttrAt("xades:SignedProperties",1,"Id","xadesSignedProperties")
object1.UpdateChildContent "xades:SignedProperties|xades:SignedSignatureProperties|xades:SigningTime","TO BE GENERATED BY CHILKAT"
success = object1.UpdateAttrAt("xades:SignedProperties|xades:SignedSignatureProperties|xades:SigningCertificate|xades:Cert|xades:CertDigest|ds:DigestMethod",1,"Algorithm","http://www.w3.org/2001/04/xmlenc#sha256")
object1.UpdateChildContent "xades:SignedProperties|xades:SignedSignatureProperties|xades:SigningCertificate|xades:Cert|xades:CertDigest|ds:DigestValue","TO BE GENERATED BY CHILKAT"
object1.UpdateChildContent "xades:SignedProperties|xades:SignedSignatureProperties|xades:SigningCertificate|xades:Cert|xades:IssuerSerial|ds:X509IssuerName","TO BE GENERATED BY CHILKAT"
object1.UpdateChildContent "xades:SignedProperties|xades:SignedSignatureProperties|xades:SigningCertificate|xades:Cert|xades:IssuerSerial|ds:X509SerialNumber","TO BE GENERATED BY CHILKAT"

success = gen.AddObject("",object1.GetXml(),"","")

' -------- Reference 1 --------
set xml1 = Server.CreateObject("Chilkat.Xml")
xml1.Tag = "ds:Transforms"
success = xml1.UpdateAttrAt("ds:Transform",1,"Algorithm","http://www.w3.org/TR/1999/REC-xpath-19991116")
xml1.UpdateChildContent "ds:Transform|ds:XPath","not(//ancestor-or-self::ext:UBLExtensions)"
success = xml1.UpdateAttrAt("ds:Transform[1]",1,"Algorithm","http://www.w3.org/TR/1999/REC-xpath-19991116")
xml1.UpdateChildContent "ds:Transform[1]|ds:XPath","not(//ancestor-or-self::cac:Signature)"
success = xml1.UpdateAttrAt("ds:Transform[2]",1,"Algorithm","http://www.w3.org/TR/1999/REC-xpath-19991116")
xml1.UpdateChildContent "ds:Transform[2]|ds:XPath","not(//ancestor-or-self::cac:AdditionalDocumentReference[cbc:ID='QR'])"
success = xml1.UpdateAttrAt("ds:Transform[3]",1,"Algorithm","http://www.w3.org/2006/12/xml-c14n11")

success = gen.AddSameDocRef2("","sha256",xml1,"")

success = gen.SetRefIdAttr("","invoiceSignedData")

' -------- Reference 2 --------
success = gen.AddObjectRef("xadesSignedProperties","sha256","","","http://www.w3.org/2000/09/xmldsig#SignatureProperties")

' Provide a certificate + private key. (PFX password is test123)
set certFromPfx = Server.CreateObject("Chilkat.Cert")
success = certFromPfx.LoadPfxFile("qa_data/pfx/cert_test123.pfx","test123")
If (success <> 1) Then
    Response.Write "<pre>" & Server.HTMLEncode( certFromPfx.LastErrorText) & "</pre>"
    Response.End
End If

' Alternatively, if your certificate and private key are in separate PEM files, do this:
set cert = Server.CreateObject("Chilkat.Cert")
success = cert.LoadFromFile("qa_data/zatca/cert.pem")
If (success <> 1) Then
    Response.Write "<pre>" & Server.HTMLEncode( cert.LastErrorText) & "</pre>"
    Response.End
End If

Response.Write "<pre>" & Server.HTMLEncode( cert.SubjectCN) & "</pre>"

' Load the private key.
set privKey = Server.CreateObject("Chilkat.PrivateKey")
success = privKey.LoadPemFile("qa_data/zatca/ec-secp256k1-priv-key.pem")
If (success <> 1) Then
    Response.Write "<pre>" & Server.HTMLEncode( privKey.LastErrorText) & "</pre>"
    Response.End
End If

Response.Write "<pre>" & Server.HTMLEncode( "Key Type: " & privKey.KeyType) & "</pre>"

' Associate the private key with the certificate.
success = cert.SetPrivateKey(privKey)
If (success <> 1) Then
    Response.Write "<pre>" & Server.HTMLEncode( cert.LastErrorText) & "</pre>"
    Response.End
End If

' The certificate passed to SetX509Cert must have an associated private key.
' If the cert was loaded from a PFX, then it should automatically has an associated private key.
' If the cert was loaded from PEM, then the private key was explicitly associated as shown above.
success = gen.SetX509Cert(cert,1)
If (success <> 1) Then
    Response.Write "<pre>" & Server.HTMLEncode( gen.LastErrorText) & "</pre>"
    Response.End
End If

gen.KeyInfoType = "X509Data"
gen.X509Type = "Certificate"

' ---------------- This is important -----------------------------------------
' Starting in Chilkat v9.5.0.92, add the "ZATCA" behavior to produce the format required by ZATCA.
gen.Behaviors = "IndentedSignature,TransformSignatureXPath,ZATCA"
' ----------------------------------------------------------------------------

' Sign the XML...
success = gen.CreateXmlDSigSb(sbXml)
If (success <> 1) Then
    Response.Write "<pre>" & Server.HTMLEncode( gen.LastErrorText) & "</pre>"
    Response.End
End If

' -----------------------------------------------

' Save the signed XML to a file.
success = sbXml.WriteFile("qa_output/signedXml.xml","utf-8",0)

Response.Write "<pre>" & Server.HTMLEncode( sbXml.GetAsString()) & "</pre>"

' ----------------------------------------
' Verify the signatures we just produced...
set verifier = Server.CreateObject("Chilkat.XmlDSig")
success = verifier.LoadSignatureSb(sbXml)
If (success <> 1) Then
    Response.Write "<pre>" & Server.HTMLEncode( verifier.LastErrorText) & "</pre>"
    Response.End
End If

' ---------------- This is important -----------------------------------------
' Starting in Chilkat v9.5.0.92, specify "ZATCA" in uncommon options 
' to validate signed XML according to ZATCA needs.
' ----------------------------------------------------------------------------
verifier.UncommonOptions = "ZATCA"

numSigs = verifier.NumSignatures
verifyIdx = 0
Do While verifyIdx < numSigs
    verifier.Selector = verifyIdx
    verified = verifier.VerifySignature(1)
    If (verified <> 1) Then
        Response.Write "<pre>" & Server.HTMLEncode( verifier.LastErrorText) & "</pre>"
        Response.End
    End If

    verifyIdx = verifyIdx + 1
Loop
Response.Write "<pre>" & Server.HTMLEncode( "All signatures were successfully verified.") & "</pre>"

%>
</body>
</html>