AutoIt
AutoIt
Signed Zip as Base64 with XAdES-BES
See more XAdES Examples
This example is to help companies implement a solution for sending XAdES-BES to the Polish government for reporting purposes. Specifically:Przed podpisaniem deklaracja zbiorcza (PIT-11Z, PIT-8CZ, PIT-40Z, PIT-RZ) musi zostać
umieszczona w archiwum ZIP. W tym przypadku, podpisywany jest plik archiwum ZIP,
przyjmujący w podpisie XAdES-BES formę zakodowaną base64.
The example demonstrates the following:
- Zip an XML file (PIT-11Z.xml is zipped to PIT-11Z.zip)
- Create XML to be signed, where the XML contains the base64 encoded content of the PIT-11Z.zip archive.
- XAdES-BES sign the XML containing the base64 zip.
This example will also show the reverse:
- Verify the signed XML.
- Extract the PIT-11z.zip from the signed XML.
- Unzip the PIT-11Z.zip to get the original PIT-11Z.xml
Chilkat AutoIt Downloads
Local $bSuccess = False
; This example assumes the Chilkat API to have been previously unlocked.
; See Global Unlock Sample for sample code.
; Zip the PIT-11Z.xml to create PIT-11Z.zip (not as a .zip file, but in-memory).
$oSbXmlToZip = ObjCreate("Chilkat.StringBuilder")
$bSuccess = $oSbXmlToZip.LoadFile("qa_data/xml/PIT-11Z.xml","utf-8")
If ($bSuccess <> True) Then
ConsoleWrite("Failed to load the XML to be zipped." & @CRLF)
Exit
EndIf
$oZip = ObjCreate("Chilkat.Zip")
; Initialize the zip object. No file is created in this call.
; It should always return True.
$bSuccess = $oZip.NewZip("PIT-11Z.zip")
; Add the XML to be zipped.
$oZip.AddSb("PIT-11Z.xml",$oSbXmlToZip,"utf-8")
; Write the zip to a BinData object.
$oBdZip = ObjCreate("Chilkat.BinData")
$oZip.WriteBd($oBdZip)
; The contents of the bdZip will be retrieved in base64 format when needed below..
$oGen = ObjCreate("Chilkat.XmlDSigGen")
$oGen.SigLocation = ""
$oGen.SigLocationMod = 0
$oGen.SigId = "Signature_2a8df7f8-b958-40cc-83f6-edb53b837347_19"
$oGen.SigNamespacePrefix = "ds"
$oGen.SigNamespaceUri = "http://www.w3.org/2000/09/xmldsig#"
$oGen.SigValueId = "SignatureValue_2a8df7f8-b958-40cc-83f6-edb53b837347_52"
$oGen.SignedInfoId = "SignedInfo_2a8df7f8-b958-40cc-83f6-edb53b837347_41"
$oGen.SignedInfoCanonAlg = "C14N"
$oGen.SignedInfoDigestMethod = "sha1"
; Set the KeyInfoId before adding references..
$oGen.KeyInfoId = "KeyInfo_2a8df7f8-b958-40cc-83f6-edb53b837347_24"
; Create an Object to be added to the Signature.
$oObject1 = ObjCreate("Chilkat.Xml")
$oObject1.Tag = "xades:QualifyingProperties"
$oObject1.AddAttribute("xmlns:xades","http://uri.etsi.org/01903/v1.3.2#")
$oObject1.AddAttribute("Id","QualifyingProperties_2a8df7f8-b958-40cc-83f6-edb53b837347_43")
$oObject1.AddAttribute("Target","#Signature_2a8df7f8-b958-40cc-83f6-edb53b837347_19")
$oObject1.UpdateAttrAt("xades:SignedProperties",True,"Id","SignedProperties_2a8df7f8-b958-40cc-83f6-edb53b837347_4e")
$oObject1.UpdateAttrAt("xades:SignedProperties|xades:SignedSignatureProperties",True,"Id","SignedSignatureProperties_2a8df7f8-b958-40cc-83f6-edb53b837347_0a")
; Chilkat will replace the strings "TO BE GENERATED BY CHILKAT" with actual values when the signature is created.
$oObject1.UpdateChildContent "xades:SignedProperties|xades:SignedSignatureProperties|xades:SigningTime","TO BE GENERATED BY CHILKAT"
; Note: It may be that http://www.w3.org/2001/04/xmlenc#sha256 is needed in the following line instead of http://www.w3.org/2000/09/xmldsig#sha1
$oObject1.UpdateAttrAt("xades:SignedProperties|xades:SignedSignatureProperties|xades:SigningCertificateV2|xades:Cert|xades:CertDigest|ds:DigestMethod",True,"Algorithm","http://www.w3.org/2000/09/xmldsig#sha1")
$oObject1.UpdateChildContent "xades:SignedProperties|xades:SignedSignatureProperties|xades:SigningCertificateV2|xades:Cert|xades:CertDigest|ds:DigestValue","TO BE GENERATED BY CHILKAT"
$oObject1.UpdateChildContent "xades:SignedProperties|xades:SignedSignatureProperties|xades:SigningCertificateV2|xades:Cert|xades:IssuerSerialV2","TO BE GENERATED BY CHILKAT"
$oObject1.UpdateAttrAt("xades:SignedProperties|xades:SignedDataObjectProperties",True,"Id","SignedDataObjectProperties_2a8df7f8-b958-40cc-83f6-edb53b837347_4b")
$oObject1.UpdateAttrAt("xades:SignedProperties|xades:SignedDataObjectProperties|xades:DataObjectFormat",True,"ObjectReference","#Reference1_2a8df7f8-b958-40cc-83f6-edb53b837347_27")
$oObject1.UpdateChildContent "xades:SignedProperties|xades:SignedDataObjectProperties|xades:DataObjectFormat|xades:Description","MIME-Version: 1.0" & @CRLF & "Content-Type: application/zip" & @CRLF & "Content-Transfer-Encoding: binary" & @CRLF & "Content-Disposition: filename="PIT-11Z.zip""
$oObject1.UpdateAttrAt("xades:SignedProperties|xades:SignedDataObjectProperties|xades:DataObjectFormat|xades:ObjectIdentifier|xades:Identifier",True,"Qualifier","OIDAsURI")
$oObject1.UpdateChildContent "xades:SignedProperties|xades:SignedDataObjectProperties|xades:DataObjectFormat|xades:ObjectIdentifier|xades:Identifier","http://www.certum.pl/OIDAsURI/signedFile/1.2.616.1.113527.3.1.1.3.1"
$oObject1.UpdateChildContent "xades:SignedProperties|xades:SignedDataObjectProperties|xades:DataObjectFormat|xades:ObjectIdentifier|xades:Description","Opis formatu dokumentu oraz jego pelna nazwa"
$oObject1.UpdateChildContent "xades:SignedProperties|xades:SignedDataObjectProperties|xades:DataObjectFormat|xades:ObjectIdentifier|xades:DocumentationReferences|xades:DocumentationReference","http://www.certum.pl/OIDAsURI/signedFile.pdf"
$oObject1.UpdateChildContent "xades:SignedProperties|xades:SignedDataObjectProperties|xades:DataObjectFormat|xades:MimeType","application/zip"
$oObject1.UpdateChildContent "xades:SignedProperties|xades:SignedDataObjectProperties|xades:CommitmentTypeIndication|xades:CommitmentTypeId|xades:Identifier","http://uri.etsi.org/01903/v1.2.2#ProofOfApproval"
$oObject1.UpdateChildContent "xades:SignedProperties|xades:SignedDataObjectProperties|xades:CommitmentTypeIndication|xades:AllSignedDataObjects",""
$oObject1.UpdateAttrAt("xades:UnsignedProperties",True,"Id","UnsignedProperties_2a8df7f8-b958-40cc-83f6-edb53b837347_55")
; Emit XML in compact (single-line) format to avoid whitespace problems.
$oObject1.EmitCompact = True
$oGen.AddObject("",$oObject1.GetXml(),"","")
; Create an Object to be added to the Signature.
; This is where we add the base64 representation of the PIT-11Z.zip
$oGen.AddObject("Object1_2a8df7f8-b958-40cc-83f6-edb53b837347",$oBdZip.GetEncoded("base64"),"","http://www.w3.org/2000/09/xmldsig#base64")
; -------- Reference 1 --------
$oGen.AddObjectRef("Object1_2a8df7f8-b958-40cc-83f6-edb53b837347","sha1","C14N_WithComments","","")
$oGen.SetRefIdAttr("Object1_2a8df7f8-b958-40cc-83f6-edb53b837347","Reference1_2a8df7f8-b958-40cc-83f6-edb53b837347_27")
; -------- Reference 2 --------
$oGen.AddObjectRef("SignedProperties_2a8df7f8-b958-40cc-83f6-edb53b837347_4e","sha1","","","http://uri.etsi.org/01903#SignedProperties")
$oGen.SetRefIdAttr("SignedProperties_2a8df7f8-b958-40cc-83f6-edb53b837347_4e","SignedProperties-Reference_2a8df7f8-b958-40cc-83f6-edb53b837347_28")
; Provide a certificate + private key. (PFX password is test123)
$oCert = ObjCreate("Chilkat.Cert")
$bSuccess = $oCert.LoadPfxFile("qa_data/pfx/cert_test123.pfx","test123")
If ($bSuccess = False) Then
ConsoleWrite($oCert.LastErrorText & @CRLF)
Exit
EndIf
$oGen.SetX509Cert($oCert,True)
$oGen.KeyInfoType = "X509Data"
$oGen.X509Type = "Certificate"
; This will be an enveloping signature where the Signature element
; is the XML document root, the signed data is contained within Object
; tag(s) within the Signature.
; Therefore, pass an empty sbXml to CreateXmlDsigSb.
$oSbXml = ObjCreate("Chilkat.StringBuilder")
; The Polish government's XmlDSig implementation requires that we reproduce an attribute-sorting error.
; (This is an error in the XML canonicalization that is not noticed when both the signature-creation code and signature-verification code use
; the same XML canonicalization implementation w/ the bug.)
$oGen.Behaviors = "AttributeSortingBug,CompactSignedXml"
; Sign the XML...
$bSuccess = $oGen.CreateXmlDSigSb($oSbXml)
If ($bSuccess = False) Then
ConsoleWrite($oGen.LastErrorText & @CRLF)
Exit
EndIf
; -----------------------------------------------
; Save the signed XML to a file.
$bSuccess = $oSbXml.WriteFile("qa_output/signedXml.xml","utf-8",False)
ConsoleWrite($oSbXml.GetAsString() & @CRLF)
; ----------------------------------------
; Verify the signature we just produced...
$oVerifier = ObjCreate("Chilkat.XmlDSig")
$bSuccess = $oVerifier.LoadSignatureSb($oSbXml)
If ($bSuccess = False) Then
ConsoleWrite($oVerifier.LastErrorText & @CRLF)
Exit
EndIf
Local $bVerified = $oVerifier.VerifySignature(True)
If ($bVerified <> True) Then
ConsoleWrite($oVerifier.LastErrorText & @CRLF)
Exit
EndIf
ConsoleWrite("This signature was successfully verified." & @CRLF)
; ------------------------------------
; Finally, let's extract the .zip from the signed XML, and then unzip the original PIT-11Z.xml from the in-memory zip.
$oXml = ObjCreate("Chilkat.Xml")
$oXml.LoadSb($oSbXml,True)
; The base64 image of the PIT-11Z.zip is in the 2nd ds:Object child of the ds:Signature (the ds:Signature is the root element of the signed XML).
; (ds:Object[0] would be the 1st ds:Object child. Index 1 is the 2nd ds:Object child.)
Local $strZipBase64 = $oXml.GetChildContent("ds:Object[1]")
$oBdZip.Clear()
$oBdZip.AppendEncoded($strZipBase64,"base64")
If ($oBdZip.NumBytes = 0) Then
ConsoleWrite("Something went wrong.. we dont' have any data.." & @CRLF)
Exit
EndIf
$bSuccess = $oZip.OpenBd($oBdZip)
If ($bSuccess = False) Then
ConsoleWrite($oZip.LastErrorText & @CRLF)
Exit
EndIf
; Get the 1st file in the zip, which should be the PIT-11Z.xml
$oEntry = ObjCreate("Chilkat.ZipEntry")
$bSuccess = $oZip.EntryAt(0,$oEntry)
If ($bSuccess = False) Then
ConsoleWrite("Zip contains no files..." & @CRLF)
Exit
EndIf
; Get the XML:
Local $sOrigXml = $oEntry.UnzipToString(0,"utf-8")
ConsoleWrite("Original XML extracted from base64 zip:" & @CRLF)
ConsoleWrite($sOrigXml & @CRLF)