AutoIt
AutoIt
XAdES using TSA Requiring Client Certificate
See more XML Digital Signatures Examples
Demonstrates how to create an XMLDSig (XAdES) signed document which includes an EncapsulatedTimestamp using a TSA (TimeStamp Authority) server requiring client certificate authentication. One such TSA is https://www3.postsignum.cz/TSS/TSS_crt/Chilkat AutoIt Downloads
Local $bSuccess = False
; This example requires the Chilkat API to have been previously unlocked.
; See Global Unlock Sample for sample code.
$bSuccess = True
; Load the XML to be signed. For example, the XML to be signed might contain something like this:
; <?xml version="1.0" encoding="utf-8"?>
; <TransakcniLogSystemu xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://nsess.public.cz/erms_trans/v_01_01" Id="Signature1">
; <TransLogInfo>
; <Identifikator>XYZ ABC</Identifikator>
; <DatumVzniku>2022-12-20T14:39:02.3625922+01:00</DatumVzniku>
; <DatumCasOd>2022-12-20T14:26:26.88</DatumCasOd>
; <DatumCasDo>2022-12-20T14:39:02.287</DatumCasDo>
; <Software>XYZ</Software>
; <VerzeSoftware>2.0.19.32</VerzeSoftware>
; </TransLogInfo>
; <Udalosti>
; <Udalost>
; <Poradi>1</Poradi>
; ...
; Load the XML to be signed from a file.
; (XML can be loaded from other source, such as a string variable.)
$oSbXml = ObjCreate("Chilkat.StringBuilder")
$bSuccess = $oSbXml.LoadFile("xmlToSign.xml","utf-8")
$oGen = ObjCreate("Chilkat.XmlDSigGen")
$oGen.SigLocation = "TransakcniLogSystemu"
$oGen.SigLocationMod = 0
$oGen.SigId = "SignatureID-Signature1"
$oGen.SigNamespacePrefix = "ds"
$oGen.SigNamespaceUri = "http://www.w3.org/2000/09/xmldsig#"
$oGen.SignedInfoCanonAlg = "C14N"
$oGen.SignedInfoDigestMethod = "sha256"
; Set the KeyInfoId before adding references..
$oGen.KeyInfoId = "KeyInfoId-Signature-Signature1"
; Create an Object to be added to the Signature.
; Note: Chilkat will automatically fill in the values marked as "TO BE GENERATED BY CHILKAT" at the time of signing.
; The EncapsulatedTimestamp will be automatically generated.
$oObject1 = ObjCreate("Chilkat.Xml")
$oObject1.Tag = "xades:QualifyingProperties"
$oObject1.AddAttribute("xmlns:xades","http://uri.etsi.org/01903/v1.3.2#")
$oObject1.AddAttribute("Target","#Signature1")
$oObject1.UpdateAttrAt("xades:SignedProperties",True,"Id","SignedProperties-Signature-Signature1")
$oObject1.UpdateChildContent "xades:SignedProperties|xades:SignedSignatureProperties|xades:SigningTime","TO BE GENERATED BY CHILKAT"
$oObject1.UpdateAttrAt("xades:SignedProperties|xades:SignedSignatureProperties|xades:SigningCertificateV2|xades:Cert|xades:CertDigest|ds:DigestMethod",True,"Algorithm","http://www.w3.org/2001/04/xmlenc#sha256")
$oObject1.UpdateChildContent "xades:SignedProperties|xades:SignedSignatureProperties|xades:SigningCertificateV2|xades:Cert|xades:CertDigest|ds:DigestValue","TO BE GENERATED BY CHILKAT"
$oObject1.UpdateChildContent "xades:SignedProperties|xades:SignedSignatureProperties|xades:SigningCertificateV2|xades:Cert|xades:IssuerSerialV2","TO BE GENERATED BY CHILKAT"
; The EncapsulatedTimestamp will be included in the unsigned properties.
$oObject1.UpdateAttrAt("xades:UnsignedProperties|xades:UnsignedSignatureProperties|xades:SignatureTimeStamp",True,"Id","signature-timestamp-5561-8212-3316-5191")
$oObject1.UpdateAttrAt("xades:UnsignedProperties|xades:UnsignedSignatureProperties|xades:SignatureTimeStamp|ds:CanonicalizationMethod",True,"Algorithm","http://www.w3.org/2001/10/xml-exc-c14n#")
$oObject1.UpdateAttrAt("xades:UnsignedProperties|xades:UnsignedSignatureProperties|xades:SignatureTimeStamp|xades:EncapsulatedTimeStamp",True,"Encoding","http://uri.etsi.org/01903/v1.2.2#DER")
$oObject1.UpdateChildContent "xades:UnsignedProperties|xades:UnsignedSignatureProperties|xades:SignatureTimeStamp|xades:EncapsulatedTimeStamp","TO BE GENERATED BY CHILKAT"
$oGen.AddObject("XadesObjectId-Signature1",$oObject1.GetXml(),"","")
; -------- Reference 1 --------
$oGen.AddObjectRef("SignedProperties-Signature-Signature1","sha256","EXCL_C14N","","http://uri.etsi.org/01903#SignedProperties")
; -------- Reference 2 --------
$oGen.AddSameDocRef("KeyInfoId-Signature-Signature1","sha256","EXCL_C14N","","")
$oGen.SetRefIdAttr("KeyInfoId-Signature-Signature1","ReferenceKeyInfo")
; -------- Reference 3 --------
$oGen.AddSameDocRef("","sha256","EXCL_C14N","","")
$oGen.SetRefIdAttr("","Reference-Signature1")
; Provide a certificate + private key. (PFX password is test123)
$oCert = ObjCreate("Chilkat.Cert")
$bSuccess = $oCert.LoadPfxFile("qa_data/pfx/cert_test123.pfx","test123")
If ($bSuccess <> True) Then
ConsoleWrite($oCert.LastErrorText & @CRLF)
Exit
EndIf
$oGen.SetX509Cert($oCert,True)
$oGen.KeyInfoType = "X509Data"
$oGen.X509Type = "Certificate"
$oGen.Behaviors = "IndentedSignature"
; -------------------------------------------------------------------------------------------
; To have the EncapsulatedTimeStamp automatically added...
; 1) Add the <xades:EncapsulatedTimeStamp Encoding="http://uri.etsi.org/01903/v1.2.2#DER">TO BE GENERATED BY CHILKAT</xades:EncapsulatedTimeStamp>
; to the unsigned properties. (This was accomplished in the above code.)
; 2) Specify the TSA URL (Timestamping Authority URL).
; Here we specify the TSA URL:
; -------------------------------------------------------------------------------------------
$oJsonTsa = ObjCreate("Chilkat.JsonObject")
$oJsonTsa.UpdateString("timestampToken.tsaUrl","https://www3.postsignum.cz/TSS/TSS_crt/")
$oJsonTsa.UpdateBool("timestampToken.requestTsaCert",True)
$oGen.SetTsa($oJsonTsa)
; -------------------------------------------------------------------------------------------
; In this case, the TSA requires client certificate authentication.
; To provide your client certificate, the application will instantiate a Chilkat HTTP object,
; then set it up with a SSL/TLS client certificate, and then tell the XmlDSigGen object
; to use the HTTP object for connections to the TSA server.
; -------------------------------------------------------------------------------------------
$oHttp = ObjCreate("Chilkat.Http")
$bSuccess = $oHttp.SetSslClientCertPfx("/home/bob/pfxFiles/myClientSideCertWithPrivateKey.pfx","pfxPassword")
If ($bSuccess <> True) Then
ConsoleWrite($oHttp.LastErrorText & @CRLF)
Exit
EndIf
; Tell the XmlDSigGen object to use the above HTTP object for TSA communications.
$oGen.SetHttpObj $oHttp
; Sign the XML...
$bSuccess = $oGen.CreateXmlDSigSb($oSbXml)
If ($bSuccess <> True) Then
ConsoleWrite($oGen.LastErrorText & @CRLF)
Exit
EndIf
; -----------------------------------------------
; Save the signed XML to a file.
$bSuccess = $oSbXml.WriteFile("c:/temp/qa_output/signedXml.xml","utf-8",False)
ConsoleWrite($oSbXml.GetAsString() & @CRLF)