Chilkat HOME .NET Core C# Android™ AutoIt C C# C++ Chilkat2-Python CkPython Classic ASP DataFlex Delphi ActiveX Delphi DLL Go Java Lianja Mono C# Node.js Objective-C PHP ActiveX PHP Extension Perl PowerBuilder PowerShell PureBasic Ruby SQL Server Swift 2 Swift 3,4,5... Tcl Unicode C Unicode C++ VB.NET VBScript Visual Basic 6.0 Visual FoxPro Xojo Plugin
(C) Sign XML for Zakat, Tax and Customs Authority (ZATCA)See more ZATCA ExamplesDemonstrates how to sign XML for Zakat, Tax and Customs Authority (ZATCA).
#include <C_CkStringBuilder.h> #include <C_CkXmlDSigGen.h> #include <C_CkXml.h> #include <C_CkCert.h> #include <C_CkPrivateKey.h> #include <C_CkXmlDSig.h> void ChilkatSample(void) { BOOL success; HCkStringBuilder sbXml; HCkXmlDSigGen gen; HCkXml object1; HCkXml xml1; HCkCert certFromPfx; HCkCert cert; HCkPrivateKey privKey; HCkXmlDSig verifier; int numSigs; int verifyIdx; BOOL verified; // This example requires the Chilkat API to have been previously unlocked. // See Global Unlock Sample for sample code. success = TRUE; // Load XML to be signed... sbXml = CkStringBuilder_Create(); success = CkStringBuilder_LoadFile(sbXml,"qa_data/xml_dsig_valid_samples/UBL_Saudi_ZATCA_Zakat_Tax_and_Customs_Authority_toBeSigned.xml","utf-8"); if (success == FALSE) { printf("Failed to load XML file to be signed.\n"); CkStringBuilder_Dispose(sbXml); return; } // Loads XML containing the following (with data modified from the original sample). // <?xml version="1.0" encoding="UTF-8"?> // <Invoice xmlns="urn:oasis:names:specification:ubl:schema:xsd:Invoice-2" xmlns:cac="urn:oasis:names:specification:ubl:schema:xsd:CommonAggregateComponents-2" xmlns:cbc="urn:oasis:names:specification:ubl:schema:xsd:CommonBasicComponents-2" xmlns:ext="urn:oasis:names:specification:ubl:schema:xsd:CommonExtensionComponents-2"><ext:UBLExtensions> // <ext:UBLExtension> // <ext:ExtensionURI>urn:oasis:names:specification:ubl:dsig:enveloped:xades</ext:ExtensionURI> // <ext:ExtensionContent> // <sig:UBLDocumentSignatures xmlns:sig="urn:oasis:names:specification:ubl:schema:xsd:CommonSignatureComponents-2" xmlns:sac="urn:oasis:names:specification:ubl:schema:xsd:SignatureAggregateComponents-2" xmlns:sbc="urn:oasis:names:specification:ubl:schema:xsd:SignatureBasicComponents-2"> // <sac:SignatureInformation> // <cbc:ID>urn:oasis:names:specification:ubl:signature:1</cbc:ID> // <sbc:ReferencedSignatureID>urn:oasis:names:specification:ubl:signature:Invoice</sbc:ReferencedSignatureID> // // </sac:SignatureInformation> // </sig:UBLDocumentSignatures> // </ext:ExtensionContent> // </ext:UBLExtension> // </ext:UBLExtensions> // // <cbc:ProfileID>reporting:1.0</cbc:ProfileID> // <cbc:ID>100</cbc:ID> // <cbc:UUID>3cf5ee18-ee25-44ea-a444-2c37ba7f28be</cbc:UUID> // <cbc:IssueDate>2021-04-25</cbc:IssueDate> // <cbc:IssueTime>15:30:00</cbc:IssueTime> // <cbc:InvoiceTypeCode name="0100000">388</cbc:InvoiceTypeCode> // <cbc:DocumentCurrencyCode>SAR</cbc:DocumentCurrencyCode> // <cbc:TaxCurrencyCode>SAR</cbc:TaxCurrencyCode> // <cbc:LineCountNumeric>2</cbc:LineCountNumeric> // <cac:AdditionalDocumentReference> // <cbc:ID>ICV</cbc:ID> // <cbc:UUID>46531</cbc:UUID> // </cac:AdditionalDocumentReference> // <cac:AdditionalDocumentReference> // <cbc:ID>PIH</cbc:ID> // <cac:Attachment> // <cbc:EmbeddedDocumentBinaryObject mimeCode="text/plain">NWZl......NTdlOQ==</cbc:EmbeddedDocumentBinaryObject> // </cac:Attachment> // </cac:AdditionalDocumentReference> // // // <cac:AdditionalDocumentReference> // <cbc:ID>QR</cbc:ID> // <cac:Attachment> // <cbc:EmbeddedDocumentBinaryObject mimeCode="text/plain">ARlBbC........FAau5g</cbc:EmbeddedDocumentBinaryObject> // </cac:Attachment> // </cac:AdditionalDocumentReference><cac:Signature> // <cbc:ID>urn:oasis:names:specification:ubl:signature:Invoice</cbc:ID> // <cbc:SignatureMethod>urn:oasis:names:specification:ubl:dsig:enveloped:xades</cbc:SignatureMethod> // </cac:Signature><cac:AccountingSupplierParty> // <cac:Party> // <cac:PartyIdentification> // <cbc:ID schemeID="MLS">123457890</cbc:ID> // </cac:PartyIdentification> // <cac:PostalAddress> // <cbc:StreetName>King Abdulaziz Road</cbc:StreetName> // <cbc:BuildingNumber>9999</cbc:BuildingNumber> // <cbc:PlotIdentification>9999</cbc:PlotIdentification> // <cbc:CitySubdivisionName>Al Amal</cbc:CitySubdivisionName> // <cbc:CityName>Riyadh</cbc:CityName> // <cbc:PostalZone>12643</cbc:PostalZone> // <cbc:CountrySubentity>Riyadh Region</cbc:CountrySubentity> // <cac:Country> // <cbc:IdentificationCode>SA</cbc:IdentificationCode> // </cac:Country> // </cac:PostalAddress> // <cac:PartyTaxScheme> // <cbc:CompanyID>300099999900003</cbc:CompanyID> // <cac:TaxScheme> // <cbc:ID>VAT</cbc:ID> // </cac:TaxScheme> // </cac:PartyTaxScheme> // <cac:PartyLegalEntity> // <cbc:RegistrationName>Example Co. LTD</cbc:RegistrationName> // </cac:PartyLegalEntity> // </cac:Party> // </cac:AccountingSupplierParty> // <cac:AccountingCustomerParty> // <cac:Party> // <cac:PartyIdentification> // <cbc:ID schemeID="SAG">123C12345678</cbc:ID> // </cac:PartyIdentification> // <cac:PostalAddress> // <cbc:StreetName>King Abdullah Road</cbc:StreetName> // <cbc:BuildingNumber>9999</cbc:BuildingNumber> // <cbc:PlotIdentification>9999</cbc:PlotIdentification> // <cbc:CitySubdivisionName>Al Mursalat</cbc:CitySubdivisionName> // <cbc:CityName>Riyadh</cbc:CityName> // <cbc:PostalZone>11564</cbc:PostalZone> // <cbc:CountrySubentity>Riyadh Region</cbc:CountrySubentity> // <cac:Country> // <cbc:IdentificationCode>SA</cbc:IdentificationCode> // </cac:Country> // </cac:PostalAddress> // <cac:PartyTaxScheme> // <cac:TaxScheme> // <cbc:ID>VAT</cbc:ID> // </cac:TaxScheme> // </cac:PartyTaxScheme> // <cac:PartyLegalEntity> // <cbc:RegistrationName>EXAMPLE MARKETS</cbc:RegistrationName> // </cac:PartyLegalEntity> // </cac:Party> // </cac:AccountingCustomerParty> // <cac:Delivery> // <cbc:ActualDeliveryDate>2022-04-25</cbc:ActualDeliveryDate> // </cac:Delivery> // <cac:PaymentMeans> // <cbc:PaymentMeansCode>42</cbc:PaymentMeansCode> // </cac:PaymentMeans> // <cac:TaxTotal> // <cbc:TaxAmount currencyID="SAR">135.00</cbc:TaxAmount> // <cac:TaxSubtotal> // <cbc:TaxableAmount currencyID="SAR">900.00</cbc:TaxableAmount> // <cbc:TaxAmount currencyID="SAR">135.00</cbc:TaxAmount> // <cac:TaxCategory> // <cbc:ID>S</cbc:ID> // <cbc:Percent>15</cbc:Percent> // <cac:TaxScheme> // <cbc:ID>VAT</cbc:ID> // </cac:TaxScheme> // </cac:TaxCategory> // </cac:TaxSubtotal> // </cac:TaxTotal> // <cac:TaxTotal> // <cbc:TaxAmount currencyID="SAR">135.00</cbc:TaxAmount> // </cac:TaxTotal> // <cac:LegalMonetaryTotal> // <cbc:LineExtensionAmount currencyID="SAR">900.00</cbc:LineExtensionAmount> // <cbc:TaxExclusiveAmount currencyID="SAR">900.00</cbc:TaxExclusiveAmount> // <cbc:TaxInclusiveAmount currencyID="SAR">1035.00</cbc:TaxInclusiveAmount> // <cbc:AllowanceTotalAmount currencyID="SAR">0.00</cbc:AllowanceTotalAmount> // <cbc:PayableAmount currencyID="SAR">1035.00</cbc:PayableAmount> // </cac:LegalMonetaryTotal> // <cac:InvoiceLine> // <cbc:ID>1</cbc:ID> // <cbc:InvoicedQuantity unitCode="PCE">1</cbc:InvoicedQuantity> // <cbc:LineExtensionAmount currencyID="SAR">200.00</cbc:LineExtensionAmount> // <cac:TaxTotal> // <cbc:TaxAmount currencyID="SAR">30.00</cbc:TaxAmount> // <cbc:RoundingAmount currencyID="SAR">230.00</cbc:RoundingAmount> // </cac:TaxTotal> // <cac:Item> // <cbc:Name>Item A</cbc:Name> // <cac:ClassifiedTaxCategory> // <cbc:ID>S</cbc:ID> // <cbc:Percent>15</cbc:Percent> // <cac:TaxScheme> // <cbc:ID>VAT</cbc:ID> // </cac:TaxScheme> // </cac:ClassifiedTaxCategory> // </cac:Item> // <cac:Price> // <cbc:PriceAmount currencyID="SAR">200.00</cbc:PriceAmount> // </cac:Price> // </cac:InvoiceLine> // <cac:InvoiceLine> // <cbc:ID>2</cbc:ID> // <cbc:InvoicedQuantity unitCode="PCE">2</cbc:InvoicedQuantity> // <cbc:LineExtensionAmount currencyID="SAR">700.00</cbc:LineExtensionAmount> // <cac:TaxTotal> // <cbc:TaxAmount currencyID="SAR">105.00</cbc:TaxAmount> // <cbc:RoundingAmount currencyID="SAR">805.00</cbc:RoundingAmount> // </cac:TaxTotal> // <cac:Item> // <cbc:Name>Item B</cbc:Name> // <cac:ClassifiedTaxCategory> // <cbc:ID>S</cbc:ID> // <cbc:Percent>15</cbc:Percent> // <cac:TaxScheme> // <cbc:ID>VAT</cbc:ID> // </cac:TaxScheme> // </cac:ClassifiedTaxCategory> // </cac:Item> // <cac:Price> // <cbc:PriceAmount currencyID="SAR">350.00</cbc:PriceAmount> // </cac:Price> // </cac:InvoiceLine> // </Invoice> gen = CkXmlDSigGen_Create(); CkXmlDSigGen_putSigLocation(gen,"Invoice|ext:UBLExtensions|ext:UBLExtension|ext:ExtensionContent|sig:UBLDocumentSignatures|sac:SignatureInformation"); CkXmlDSigGen_putSigLocationMod(gen,0); CkXmlDSigGen_putSigId(gen,"signature"); CkXmlDSigGen_putSigNamespacePrefix(gen,"ds"); CkXmlDSigGen_putSigNamespaceUri(gen,"http://www.w3.org/2000/09/xmldsig#"); CkXmlDSigGen_putSignedInfoCanonAlg(gen,"C14N_11"); CkXmlDSigGen_putSignedInfoDigestMethod(gen,"sha256"); // Create an Object to be added to the Signature. object1 = CkXml_Create(); CkXml_putTag(object1,"xades:QualifyingProperties"); CkXml_AddAttribute(object1,"xmlns:xades","http://uri.etsi.org/01903/v1.3.2#"); CkXml_AddAttribute(object1,"Target","signature"); CkXml_UpdateAttrAt(object1,"xades:SignedProperties",TRUE,"Id","xadesSignedProperties"); CkXml_UpdateChildContent(object1,"xades:SignedProperties|xades:SignedSignatureProperties|xades:SigningTime","TO BE GENERATED BY CHILKAT"); CkXml_UpdateAttrAt(object1,"xades:SignedProperties|xades:SignedSignatureProperties|xades:SigningCertificate|xades:Cert|xades:CertDigest|ds:DigestMethod",TRUE,"Algorithm","http://www.w3.org/2001/04/xmlenc#sha256"); CkXml_UpdateChildContent(object1,"xades:SignedProperties|xades:SignedSignatureProperties|xades:SigningCertificate|xades:Cert|xades:CertDigest|ds:DigestValue","TO BE GENERATED BY CHILKAT"); CkXml_UpdateChildContent(object1,"xades:SignedProperties|xades:SignedSignatureProperties|xades:SigningCertificate|xades:Cert|xades:IssuerSerial|ds:X509IssuerName","TO BE GENERATED BY CHILKAT"); CkXml_UpdateChildContent(object1,"xades:SignedProperties|xades:SignedSignatureProperties|xades:SigningCertificate|xades:Cert|xades:IssuerSerial|ds:X509SerialNumber","TO BE GENERATED BY CHILKAT"); CkXmlDSigGen_AddObject(gen,"",CkXml_getXml(object1),"",""); // -------- Reference 1 -------- xml1 = CkXml_Create(); CkXml_putTag(xml1,"ds:Transforms"); CkXml_UpdateAttrAt(xml1,"ds:Transform",TRUE,"Algorithm","http://www.w3.org/TR/1999/REC-xpath-19991116"); CkXml_UpdateChildContent(xml1,"ds:Transform|ds:XPath","not(//ancestor-or-self::ext:UBLExtensions)"); CkXml_UpdateAttrAt(xml1,"ds:Transform[1]",TRUE,"Algorithm","http://www.w3.org/TR/1999/REC-xpath-19991116"); CkXml_UpdateChildContent(xml1,"ds:Transform[1]|ds:XPath","not(//ancestor-or-self::cac:Signature)"); CkXml_UpdateAttrAt(xml1,"ds:Transform[2]",TRUE,"Algorithm","http://www.w3.org/TR/1999/REC-xpath-19991116"); CkXml_UpdateChildContent(xml1,"ds:Transform[2]|ds:XPath","not(//ancestor-or-self::cac:AdditionalDocumentReference[cbc:ID='QR'])"); CkXml_UpdateAttrAt(xml1,"ds:Transform[3]",TRUE,"Algorithm","http://www.w3.org/2006/12/xml-c14n11"); CkXmlDSigGen_AddSameDocRef2(gen,"","sha256",xml1,""); CkXmlDSigGen_SetRefIdAttr(gen,"","invoiceSignedData"); // -------- Reference 2 -------- CkXmlDSigGen_AddObjectRef(gen,"xadesSignedProperties","sha256","","","http://www.w3.org/2000/09/xmldsig#SignatureProperties"); // Provide a certificate + private key. (PFX password is test123) certFromPfx = CkCert_Create(); success = CkCert_LoadPfxFile(certFromPfx,"qa_data/pfx/cert_test123.pfx","test123"); if (success != TRUE) { printf("%s\n",CkCert_lastErrorText(certFromPfx)); CkStringBuilder_Dispose(sbXml); CkXmlDSigGen_Dispose(gen); CkXml_Dispose(object1); CkXml_Dispose(xml1); CkCert_Dispose(certFromPfx); return; } // Alternatively, if your certificate and private key are in separate PEM files, do this: cert = CkCert_Create(); success = CkCert_LoadFromFile(cert,"qa_data/zatca/cert.pem"); if (success != TRUE) { printf("%s\n",CkCert_lastErrorText(cert)); CkStringBuilder_Dispose(sbXml); CkXmlDSigGen_Dispose(gen); CkXml_Dispose(object1); CkXml_Dispose(xml1); CkCert_Dispose(certFromPfx); CkCert_Dispose(cert); return; } printf("%s\n",CkCert_subjectCN(cert)); // Load the private key. privKey = CkPrivateKey_Create(); success = CkPrivateKey_LoadPemFile(privKey,"qa_data/zatca/ec-secp256k1-priv-key.pem"); if (success != TRUE) { printf("%s\n",CkPrivateKey_lastErrorText(privKey)); CkStringBuilder_Dispose(sbXml); CkXmlDSigGen_Dispose(gen); CkXml_Dispose(object1); CkXml_Dispose(xml1); CkCert_Dispose(certFromPfx); CkCert_Dispose(cert); CkPrivateKey_Dispose(privKey); return; } printf("Key Type: %s\n",CkPrivateKey_keyType(privKey)); // Associate the private key with the certificate. success = CkCert_SetPrivateKey(cert,privKey); if (success != TRUE) { printf("%s\n",CkCert_lastErrorText(cert)); CkStringBuilder_Dispose(sbXml); CkXmlDSigGen_Dispose(gen); CkXml_Dispose(object1); CkXml_Dispose(xml1); CkCert_Dispose(certFromPfx); CkCert_Dispose(cert); CkPrivateKey_Dispose(privKey); return; } // The certificate passed to SetX509Cert must have an associated private key. // If the cert was loaded from a PFX, then it should automatically has an associated private key. // If the cert was loaded from PEM, then the private key was explicitly associated as shown above. success = CkXmlDSigGen_SetX509Cert(gen,cert,TRUE); if (success != TRUE) { printf("%s\n",CkXmlDSigGen_lastErrorText(gen)); CkStringBuilder_Dispose(sbXml); CkXmlDSigGen_Dispose(gen); CkXml_Dispose(object1); CkXml_Dispose(xml1); CkCert_Dispose(certFromPfx); CkCert_Dispose(cert); CkPrivateKey_Dispose(privKey); return; } CkXmlDSigGen_putKeyInfoType(gen,"X509Data"); CkXmlDSigGen_putX509Type(gen,"Certificate"); // ---------------- This is important ----------------------------------------- // Starting in Chilkat v9.5.0.92, add the "ZATCA" behavior to produce the format required by ZATCA. CkXmlDSigGen_putBehaviors(gen,"IndentedSignature,TransformSignatureXPath,ZATCA"); // ---------------------------------------------------------------------------- // Sign the XML... success = CkXmlDSigGen_CreateXmlDSigSb(gen,sbXml); if (success != TRUE) { printf("%s\n",CkXmlDSigGen_lastErrorText(gen)); CkStringBuilder_Dispose(sbXml); CkXmlDSigGen_Dispose(gen); CkXml_Dispose(object1); CkXml_Dispose(xml1); CkCert_Dispose(certFromPfx); CkCert_Dispose(cert); CkPrivateKey_Dispose(privKey); return; } // ----------------------------------------------- // Save the signed XML to a file. success = CkStringBuilder_WriteFile(sbXml,"qa_output/signedXml.xml","utf-8",FALSE); printf("%s\n",CkStringBuilder_getAsString(sbXml)); // ---------------------------------------- // Verify the signatures we just produced... verifier = CkXmlDSig_Create(); success = CkXmlDSig_LoadSignatureSb(verifier,sbXml); if (success != TRUE) { printf("%s\n",CkXmlDSig_lastErrorText(verifier)); CkStringBuilder_Dispose(sbXml); CkXmlDSigGen_Dispose(gen); CkXml_Dispose(object1); CkXml_Dispose(xml1); CkCert_Dispose(certFromPfx); CkCert_Dispose(cert); CkPrivateKey_Dispose(privKey); CkXmlDSig_Dispose(verifier); return; } // ---------------- This is important ----------------------------------------- // Starting in Chilkat v9.5.0.92, specify "ZATCA" in uncommon options // to validate signed XML according to ZATCA needs. // ---------------------------------------------------------------------------- CkXmlDSig_putUncommonOptions(verifier,"ZATCA"); numSigs = CkXmlDSig_getNumSignatures(verifier); verifyIdx = 0; while (verifyIdx < numSigs) { CkXmlDSig_putSelector(verifier,verifyIdx); verified = CkXmlDSig_VerifySignature(verifier,TRUE); if (verified != TRUE) { printf("%s\n",CkXmlDSig_lastErrorText(verifier)); CkStringBuilder_Dispose(sbXml); CkXmlDSigGen_Dispose(gen); CkXml_Dispose(object1); CkXml_Dispose(xml1); CkCert_Dispose(certFromPfx); CkCert_Dispose(cert); CkPrivateKey_Dispose(privKey); CkXmlDSig_Dispose(verifier); return; } verifyIdx = verifyIdx + 1; } printf("All signatures were successfully verified.\n"); CkStringBuilder_Dispose(sbXml); CkXmlDSigGen_Dispose(gen); CkXml_Dispose(object1); CkXml_Dispose(xml1); CkCert_Dispose(certFromPfx); CkCert_Dispose(cert); CkPrivateKey_Dispose(privKey); CkXmlDSig_Dispose(verifier); } |
© 2000-2024 Chilkat Software, Inc. All Rights Reserved.