Chilkat • HOME • .NET Core C# • Android™ • AutoIt • C • C# • C++ • Chilkat2-Python • CkPython • Classic ASP • DataFlex • Delphi ActiveX • Delphi DLL • Go • Java • Lianja • Mono C# • Node.js • Objective-C • PHP ActiveX • PHP Extension • Perl • PowerBuilder • PowerShell • PureBasic • Ruby • SQL Server • Swift 2 • Swift 3,4,5... • Tcl • Unicode C • Unicode C++ • VB.NET • VBScript • Visual Basic 6.0 • Visual FoxPro • Xojo Plugin
(AutoIt) XAdES using TSA Requiring Client CertificateSee more XML Digital Signatures ExamplesDemonstrates how to create an XMLDSig (XAdES) signed document which includes an EncapsulatedTimestamp using a TSA (TimeStamp Authority) server requiring client certificate authentication. One such TSA is https://www3.postsignum.cz/TSS/TSS_crt/
; This example requires the Chilkat API to have been previously unlocked. ; See Global Unlock Sample for sample code. Local $bSuccess = True ; Load the XML to be signed. For example, the XML to be signed might contain something like this: ; <?xml version="1.0" encoding="utf-8"?> ; <TransakcniLogSystemu xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://nsess.public.cz/erms_trans/v_01_01" Id="Signature1"> ; <TransLogInfo> ; <Identifikator>XYZ ABC</Identifikator> ; <DatumVzniku>2022-12-20T14:39:02.3625922+01:00</DatumVzniku> ; <DatumCasOd>2022-12-20T14:26:26.88</DatumCasOd> ; <DatumCasDo>2022-12-20T14:39:02.287</DatumCasDo> ; <Software>XYZ</Software> ; <VerzeSoftware>2.0.19.32</VerzeSoftware> ; </TransLogInfo> ; <Udalosti> ; <Udalost> ; <Poradi>1</Poradi> ; ... ; Load the XML to be signed from a file. ; (XML can be loaded from other source, such as a string variable.) $oSbXml = ObjCreate("Chilkat.StringBuilder") $bSuccess = $oSbXml.LoadFile("xmlToSign.xml","utf-8") $oGen = ObjCreate("Chilkat.XmlDSigGen") $oGen.SigLocation = "TransakcniLogSystemu" $oGen.SigLocationMod = 0 $oGen.SigId = "SignatureID-Signature1" $oGen.SigNamespacePrefix = "ds" $oGen.SigNamespaceUri = "http://www.w3.org/2000/09/xmldsig#" $oGen.SignedInfoCanonAlg = "C14N" $oGen.SignedInfoDigestMethod = "sha256" ; Set the KeyInfoId before adding references.. $oGen.KeyInfoId = "KeyInfoId-Signature-Signature1" ; Create an Object to be added to the Signature. ; Note: Chilkat will automatically fill in the values marked as "TO BE GENERATED BY CHILKAT" at the time of signing. ; The EncapsulatedTimestamp will be automatically generated. $oObject1 = ObjCreate("Chilkat.Xml") $oObject1.Tag = "xades:QualifyingProperties" $oObject1.AddAttribute("xmlns:xades","http://uri.etsi.org/01903/v1.3.2#") $oObject1.AddAttribute("Target","#Signature1") $oObject1.UpdateAttrAt("xades:SignedProperties",True,"Id","SignedProperties-Signature-Signature1") $oObject1.UpdateChildContent "xades:SignedProperties|xades:SignedSignatureProperties|xades:SigningTime","TO BE GENERATED BY CHILKAT" $oObject1.UpdateAttrAt("xades:SignedProperties|xades:SignedSignatureProperties|xades:SigningCertificateV2|xades:Cert|xades:CertDigest|ds:DigestMethod",True,"Algorithm","http://www.w3.org/2001/04/xmlenc#sha256") $oObject1.UpdateChildContent "xades:SignedProperties|xades:SignedSignatureProperties|xades:SigningCertificateV2|xades:Cert|xades:CertDigest|ds:DigestValue","TO BE GENERATED BY CHILKAT" $oObject1.UpdateChildContent "xades:SignedProperties|xades:SignedSignatureProperties|xades:SigningCertificateV2|xades:Cert|xades:IssuerSerialV2","TO BE GENERATED BY CHILKAT" ; The EncapsulatedTimestamp will be included in the unsigned properties. $oObject1.UpdateAttrAt("xades:UnsignedProperties|xades:UnsignedSignatureProperties|xades:SignatureTimeStamp",True,"Id","signature-timestamp-5561-8212-3316-5191") $oObject1.UpdateAttrAt("xades:UnsignedProperties|xades:UnsignedSignatureProperties|xades:SignatureTimeStamp|ds:CanonicalizationMethod",True,"Algorithm","http://www.w3.org/2001/10/xml-exc-c14n#") $oObject1.UpdateAttrAt("xades:UnsignedProperties|xades:UnsignedSignatureProperties|xades:SignatureTimeStamp|xades:EncapsulatedTimeStamp",True,"Encoding","http://uri.etsi.org/01903/v1.2.2#DER") $oObject1.UpdateChildContent "xades:UnsignedProperties|xades:UnsignedSignatureProperties|xades:SignatureTimeStamp|xades:EncapsulatedTimeStamp","TO BE GENERATED BY CHILKAT" $oGen.AddObject("XadesObjectId-Signature1",$oObject1.GetXml(),"","") ; -------- Reference 1 -------- $oGen.AddObjectRef("SignedProperties-Signature-Signature1","sha256","EXCL_C14N","","http://uri.etsi.org/01903#SignedProperties") ; -------- Reference 2 -------- $oGen.AddSameDocRef("KeyInfoId-Signature-Signature1","sha256","EXCL_C14N","","") $oGen.SetRefIdAttr("KeyInfoId-Signature-Signature1","ReferenceKeyInfo") ; -------- Reference 3 -------- $oGen.AddSameDocRef("","sha256","EXCL_C14N","","") $oGen.SetRefIdAttr("","Reference-Signature1") ; Provide a certificate + private key. (PFX password is test123) $oCert = ObjCreate("Chilkat.Cert") $bSuccess = $oCert.LoadPfxFile("qa_data/pfx/cert_test123.pfx","test123") If ($bSuccess <> True) Then ConsoleWrite($oCert.LastErrorText & @CRLF) Exit EndIf $oGen.SetX509Cert($oCert,True) $oGen.KeyInfoType = "X509Data" $oGen.X509Type = "Certificate" $oGen.Behaviors = "IndentedSignature" ; ------------------------------------------------------------------------------------------- ; To have the EncapsulatedTimeStamp automatically added... ; 1) Add the <xades:EncapsulatedTimeStamp Encoding="http://uri.etsi.org/01903/v1.2.2#DER">TO BE GENERATED BY CHILKAT</xades:EncapsulatedTimeStamp> ; to the unsigned properties. (This was accomplished in the above code.) ; 2) Specify the TSA URL (Timestamping Authority URL). ; Here we specify the TSA URL: ; ------------------------------------------------------------------------------------------- $oJsonTsa = ObjCreate("Chilkat.JsonObject") $oJsonTsa.UpdateString("timestampToken.tsaUrl","https://www3.postsignum.cz/TSS/TSS_crt/") $oJsonTsa.UpdateBool("timestampToken.requestTsaCert",True) $oGen.SetTsa($oJsonTsa) ; ------------------------------------------------------------------------------------------- ; In this case, the TSA requires client certificate authentication. ; To provide your client certificate, the application will instantiate a Chilkat HTTP object, ; then set it up with a SSL/TLS client certificate, and then tell the XmlDSigGen object ; to use the HTTP object for connections to the TSA server. ; ------------------------------------------------------------------------------------------- $oHttp = ObjCreate("Chilkat.Http") $bSuccess = $oHttp.SetSslClientCertPfx("/home/bob/pfxFiles/myClientSideCertWithPrivateKey.pfx","pfxPassword") If ($bSuccess <> True) Then ConsoleWrite($oHttp.LastErrorText & @CRLF) Exit EndIf ; Tell the XmlDSigGen object to use the above HTTP object for TSA communications. $oGen.SetHttpObj $oHttp ; Sign the XML... $bSuccess = $oGen.CreateXmlDSigSb($oSbXml) If ($bSuccess <> True) Then ConsoleWrite($oGen.LastErrorText & @CRLF) Exit EndIf ; ----------------------------------------------- ; Save the signed XML to a file. $bSuccess = $oSbXml.WriteFile("c:/temp/qa_output/signedXml.xml","utf-8",False) ConsoleWrite($oSbXml.GetAsString() & @CRLF) |
© 2000-2024 Chilkat Software, Inc. All Rights Reserved.