Sample code for 30+ languages & platforms
AutoIt

XAdES using TSA Requiring Client Certificate

See more XML Digital Signatures Examples

Demonstrates how to create an XMLDSig (XAdES) signed document which includes an EncapsulatedTimestamp using a TSA (TimeStamp Authority) server requiring client certificate authentication. One such TSA is https://www3.postsignum.cz/TSS/TSS_crt/

Chilkat AutoIt Downloads

AutoIt
Local $bSuccess = False

; This example requires the Chilkat API to have been previously unlocked.
; See Global Unlock Sample for sample code.

$bSuccess = True

; Load the XML to be signed.  For example, the XML to be signed might contain something like this:

; <?xml version="1.0" encoding="utf-8"?>
; <TransakcniLogSystemu xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://nsess.public.cz/erms_trans/v_01_01" Id="Signature1">
;   <TransLogInfo>
;     <Identifikator>XYZ ABC</Identifikator>
;     <DatumVzniku>2022-12-20T14:39:02.3625922+01:00</DatumVzniku>
;     <DatumCasOd>2022-12-20T14:26:26.88</DatumCasOd>
;     <DatumCasDo>2022-12-20T14:39:02.287</DatumCasDo>
;     <Software>XYZ</Software>
;     <VerzeSoftware>2.0.19.32</VerzeSoftware>
;   </TransLogInfo>
;   <Udalosti>
;     <Udalost>
;       <Poradi>1</Poradi>
; ...

; Load the XML to be signed from a file.
; (XML can be loaded from other source, such as a string variable.)
$oSbXml = ObjCreate("Chilkat.StringBuilder")
$bSuccess = $oSbXml.LoadFile("xmlToSign.xml","utf-8")

$oGen = ObjCreate("Chilkat.XmlDSigGen")

$oGen.SigLocation = "TransakcniLogSystemu"
$oGen.SigLocationMod = 0
$oGen.SigId = "SignatureID-Signature1"
$oGen.SigNamespacePrefix = "ds"
$oGen.SigNamespaceUri = "http://www.w3.org/2000/09/xmldsig#"
$oGen.SignedInfoCanonAlg = "C14N"
$oGen.SignedInfoDigestMethod = "sha256"

; Set the KeyInfoId before adding references..
$oGen.KeyInfoId = "KeyInfoId-Signature-Signature1"

; Create an Object to be added to the Signature.

; Note: Chilkat will automatically fill in the values marked as "TO BE GENERATED BY CHILKAT" at the time of signing.
; The EncapsulatedTimestamp will be automatically generated.

$oObject1 = ObjCreate("Chilkat.Xml")
$oObject1.Tag = "xades:QualifyingProperties"
$oObject1.AddAttribute("xmlns:xades","http://uri.etsi.org/01903/v1.3.2#")
$oObject1.AddAttribute("Target","#Signature1")

$oObject1.UpdateAttrAt("xades:SignedProperties",True,"Id","SignedProperties-Signature-Signature1")
$oObject1.UpdateChildContent "xades:SignedProperties|xades:SignedSignatureProperties|xades:SigningTime","TO BE GENERATED BY CHILKAT"
$oObject1.UpdateAttrAt("xades:SignedProperties|xades:SignedSignatureProperties|xades:SigningCertificateV2|xades:Cert|xades:CertDigest|ds:DigestMethod",True,"Algorithm","http://www.w3.org/2001/04/xmlenc#sha256")
$oObject1.UpdateChildContent "xades:SignedProperties|xades:SignedSignatureProperties|xades:SigningCertificateV2|xades:Cert|xades:CertDigest|ds:DigestValue","TO BE GENERATED BY CHILKAT"
$oObject1.UpdateChildContent "xades:SignedProperties|xades:SignedSignatureProperties|xades:SigningCertificateV2|xades:Cert|xades:IssuerSerialV2","TO BE GENERATED BY CHILKAT"

; The EncapsulatedTimestamp will be included in the unsigned properties.
$oObject1.UpdateAttrAt("xades:UnsignedProperties|xades:UnsignedSignatureProperties|xades:SignatureTimeStamp",True,"Id","signature-timestamp-5561-8212-3316-5191")
$oObject1.UpdateAttrAt("xades:UnsignedProperties|xades:UnsignedSignatureProperties|xades:SignatureTimeStamp|ds:CanonicalizationMethod",True,"Algorithm","http://www.w3.org/2001/10/xml-exc-c14n#")
$oObject1.UpdateAttrAt("xades:UnsignedProperties|xades:UnsignedSignatureProperties|xades:SignatureTimeStamp|xades:EncapsulatedTimeStamp",True,"Encoding","http://uri.etsi.org/01903/v1.2.2#DER")
$oObject1.UpdateChildContent "xades:UnsignedProperties|xades:UnsignedSignatureProperties|xades:SignatureTimeStamp|xades:EncapsulatedTimeStamp","TO BE GENERATED BY CHILKAT"

$oGen.AddObject("XadesObjectId-Signature1",$oObject1.GetXml(),"","")

; -------- Reference 1 --------
$oGen.AddObjectRef("SignedProperties-Signature-Signature1","sha256","EXCL_C14N","","http://uri.etsi.org/01903#SignedProperties")

; -------- Reference 2 --------
$oGen.AddSameDocRef("KeyInfoId-Signature-Signature1","sha256","EXCL_C14N","","")
$oGen.SetRefIdAttr("KeyInfoId-Signature-Signature1","ReferenceKeyInfo")

; -------- Reference 3 --------
$oGen.AddSameDocRef("","sha256","EXCL_C14N","","")
$oGen.SetRefIdAttr("","Reference-Signature1")

; Provide a certificate + private key. (PFX password is test123)
$oCert = ObjCreate("Chilkat.Cert")
$bSuccess = $oCert.LoadPfxFile("qa_data/pfx/cert_test123.pfx","test123")
If ($bSuccess <> True) Then
    ConsoleWrite($oCert.LastErrorText & @CRLF)
    Exit
EndIf

$oGen.SetX509Cert($oCert,True)

$oGen.KeyInfoType = "X509Data"
$oGen.X509Type = "Certificate"

$oGen.Behaviors = "IndentedSignature"

; -------------------------------------------------------------------------------------------
; To have the EncapsulatedTimeStamp automatically added... 
; 1) Add the <xades:EncapsulatedTimeStamp Encoding="http://uri.etsi.org/01903/v1.2.2#DER">TO BE GENERATED BY CHILKAT</xades:EncapsulatedTimeStamp>
;    to the unsigned properties.  (This was accomplished in the above code.)
; 2) Specify the TSA URL (Timestamping Authority URL).
;    Here we specify the TSA URL:
; -------------------------------------------------------------------------------------------

$oJsonTsa = ObjCreate("Chilkat.JsonObject")
$oJsonTsa.UpdateString("timestampToken.tsaUrl","https://www3.postsignum.cz/TSS/TSS_crt/")
$oJsonTsa.UpdateBool("timestampToken.requestTsaCert",True)
$oGen.SetTsa($oJsonTsa)

; -------------------------------------------------------------------------------------------
; In this case, the TSA requires client certificate authentication.
; To provide your client certificate, the application will instantiate a Chilkat HTTP object,
; then set it up with a SSL/TLS client certificate, and then tell the XmlDSigGen object
; to use the HTTP object for connections to the TSA server.
; -------------------------------------------------------------------------------------------
$oHttp = ObjCreate("Chilkat.Http")
$bSuccess = $oHttp.SetSslClientCertPfx("/home/bob/pfxFiles/myClientSideCertWithPrivateKey.pfx","pfxPassword")
If ($bSuccess <> True) Then
    ConsoleWrite($oHttp.LastErrorText & @CRLF)
    Exit
EndIf

; Tell the XmlDSigGen object to use the above HTTP object for TSA communications.
$oGen.SetHttpObj $oHttp

; Sign the XML...
$bSuccess = $oGen.CreateXmlDSigSb($oSbXml)
If ($bSuccess <> True) Then
    ConsoleWrite($oGen.LastErrorText & @CRLF)
    Exit
EndIf

; -----------------------------------------------

; Save the signed XML to a file.
$bSuccess = $oSbXml.WriteFile("c:/temp/qa_output/signedXml.xml","utf-8",False)

ConsoleWrite($oSbXml.GetAsString() & @CRLF)