C
C
Add EncapsulatedTimestamp to Already-Signed XML
See more XML Digital Signatures Examples
Demonstrates how to add an EncapsulatedTimestamp to an existing XML signature.Note: This example requires Chilkat v9.5.0.90 or greater.
Chilkat C Downloads
#include <C_CkStringBuilder.h>
#include <C_CkXmlDSig.h>
#include <C_CkJsonObject.h>
void ChilkatSample(void)
{
BOOL success;
HCkStringBuilder sbXml;
HCkXmlDSig dsig;
HCkJsonObject json;
HCkStringBuilder sbOut;
HCkXmlDSig verifier;
int numSigs;
int verifyIdx;
BOOL verified;
success = FALSE;
// This example requires the Chilkat API to have been previously unlocked.
// See Global Unlock Sample for sample code.
// Note: We cannot load the already-signed XML into a Chilkat XML object because it would re-format the XML when re-emitted.
// (i.e. indentation and whitespace could change, and it would invalidate the existing signature.)
// We must use a StringBuilder.
sbXml = CkStringBuilder_Create();
success = CkStringBuilder_LoadFile(sbXml,"qa_data/xml_dsig_valid_samples/encapsulatedTimestamp_not_yet_added.xml","utf-8");
if (success == FALSE) {
printf("Failed to load the XML file.\n");
CkStringBuilder_Dispose(sbXml);
return;
}
dsig = CkXmlDSig_Create();
success = CkXmlDSig_LoadSignatureSb(dsig,sbXml);
if (success == FALSE) {
printf("%s\n",CkXmlDSig_lastErrorText(dsig));
CkStringBuilder_Dispose(sbXml);
CkXmlDSig_Dispose(dsig);
return;
}
if (CkXmlDSig_HasEncapsulatedTimeStamp(dsig) == TRUE) {
printf("This signed XML already has an EncapsulatedTimeStamp\n");
CkStringBuilder_Dispose(sbXml);
CkXmlDSig_Dispose(dsig);
return;
}
// Specify the timestamping authority URL
json = CkJsonObject_Create();
CkJsonObject_UpdateString(json,"timestampToken.tsaUrl","http://timestamp.digicert.com");
CkJsonObject_UpdateBool(json,"timestampToken.requestTsaCert",TRUE);
// Call AddEncapsulatedTimeStamp to add the EncapsulatedTimeStamp to the signature.
// Note: If the signed XML contains multiple signatures, the signature modified is the one
// indicated by the dsig.Selector property.
sbOut = CkStringBuilder_Create();
success = CkXmlDSig_AddEncapsulatedTimeStamp(dsig,json,sbOut);
if (success == FALSE) {
printf("%s\n",CkXmlDSig_lastErrorText(dsig));
CkStringBuilder_Dispose(sbXml);
CkXmlDSig_Dispose(dsig);
CkJsonObject_Dispose(json);
CkStringBuilder_Dispose(sbOut);
return;
}
CkStringBuilder_WriteFile(sbOut,"qa_output/addedEncapsulatedTimeStamp.xml","utf-8",FALSE);
// The EncapsulatedTimeStamp can be validated when validating the signature by adding the VerifyEncapsulatedTimeStamp
// keyword to UncommonOptions. See here:
// ----------------------------------------
// Verify the signatures we just produced...
verifier = CkXmlDSig_Create();
success = CkXmlDSig_LoadSignatureSb(verifier,sbOut);
if (success != TRUE) {
printf("%s\n",CkXmlDSig_lastErrorText(verifier));
CkStringBuilder_Dispose(sbXml);
CkXmlDSig_Dispose(dsig);
CkJsonObject_Dispose(json);
CkStringBuilder_Dispose(sbOut);
CkXmlDSig_Dispose(verifier);
return;
}
// Add "VerifyEncapsulatedTimeStamp" to the UncommonOptions to also verify any EncapsulatedTimeStamps
CkXmlDSig_putUncommonOptions(verifier,"VerifyEncapsulatedTimeStamp");
numSigs = CkXmlDSig_getNumSignatures(verifier);
verifyIdx = 0;
while (verifyIdx < numSigs) {
CkXmlDSig_putSelector(verifier,verifyIdx);
verified = CkXmlDSig_VerifySignature(verifier,TRUE);
if (verified != TRUE) {
printf("%s\n",CkXmlDSig_lastErrorText(verifier));
CkStringBuilder_Dispose(sbXml);
CkXmlDSig_Dispose(dsig);
CkJsonObject_Dispose(json);
CkStringBuilder_Dispose(sbOut);
CkXmlDSig_Dispose(verifier);
return;
}
verifyIdx = verifyIdx + 1;
}
printf("All signatures were successfully verified.\n");
CkStringBuilder_Dispose(sbXml);
CkXmlDSig_Dispose(dsig);
CkJsonObject_Dispose(json);
CkStringBuilder_Dispose(sbOut);
CkXmlDSig_Dispose(verifier);
}