|
Chilkat • HOME • .NET Core C# • Android™ • AutoIt • C • C# • C++ • Chilkat2-Python • CkPython • Classic ASP • DataFlex • Delphi ActiveX • Delphi DLL • Go • Java • Lianja • Mono C# • Node.js • Objective-C • PHP ActiveX • PHP Extension • Perl • PowerBuilder • PowerShell • PureBasic • Ruby • SQL Server • Swift 2 • Swift 3,4,5... • Tcl • Unicode C • Unicode C++ • VB.NET • VBScript • Visual Basic 6.0 • Visual FoxPro • Xojo Plugin
(Chilkat2-Python) CADES-BES Signature using ePass2003 TokenSee more Egypt ITIDA ExamplesDemonstrates using a certificate and private key located on an ePass2003 USB token to create a CADES-BES signature. (Demonstrates how to create a .p7s signature that fits Egypt's ITIDA requirements where Chilkat automatically does the ITIDA JSON canonicalization.)
import sys import chilkat2 # This example requires the Chilkat API to have been previously unlocked. # See Global Unlock Sample for sample code. scmd = chilkat2.ScMinidriver() # Reader names (smart card readers or USB tokens) can be discovered # via List Readers or Find Smart Cards readerName = "FS USB Token 0" success = scmd.AcquireContext(readerName) if (success == False): print(scmd.LastErrorText) sys.exit() # If successful, the name of the currently inserted smart card is available: print("Card name: " + scmd.CardName) # If desired, perform regular PIN authentication with the smartcard. # For more details about smart card PIN authentication, see the Smart Card PIN Authentication Example retval = scmd.PinAuthenticate("user","12345678") if (retval != 0): print("PIN Authentication failed.") # You can find a cerficate using any of the following certificate parts: # "subjectDN" -- The full distinguished name of the cert. # "subjectDN_withTags" -- Same as above, but in a format that includes the subject part tags, such as the "CN=" in "CN=something" # "subjectCN" -- The common name part (CN) of the certificate's subject. # "serial" -- The certificate serial number. # "serial:issuerCN" -- The certificate serial number + the issuer's common name, delimited with a colon char. # These are the same certificate parts that can be retrieved by listing certificates on the smart card (or USB token). # See List Certificates on Smart Card Example certPart = "subjectCN" partValue = "Matt" # If the certificate is found, it is loaded into the cert object. # Note: We imported this certificate from a .p12/.pfx using code such as this Example to Import a .pfx/.p12 onto a Smart Card cert = chilkat2.Cert() success = scmd.FindCert(certPart,partValue,cert) if (success == False): print("Failed to find the certificate.") scmd.DeleteContext() sys.exit() print("Successfully loaded the cert object from the smart card / USB token.") # Note: When successful, the cert object is internally linked to the ScMinidriver object's authenticated session. # The cert object can now be used to sign or do other cryptographic operations that occur on the smart card / USB token. # If your application calls PinDeauthenticate or DeleteContext, the cert will no longer be able to sign on the smart card # because the smart card ScMinidriver session will no longer be authenticated or deleted. # ------------------------------------------------------------------------------------------------------------ # Here we have to code to create the CADES-BES signature using Chilkat Crypt2.. crypt = chilkat2.Crypt2() # Tell the crypt class to use the cert on the ePass2003 token. success = crypt.SetSigningCert(cert) if (success != True): print(crypt.LastErrorText) sys.exit() cmsOptions = chilkat2.JsonObject() # Setting "DigestData" causes OID 1.2.840.113549.1.7.5 (digestData) to be used. cmsOptions.UpdateBool("DigestData",True) cmsOptions.UpdateBool("OmitAlgorithmIdNull",True) # Indicate that we are passing normal JSON and we want Chilkat do automatically # do the ITIDA JSON canonicalization: cmsOptions.UpdateBool("CanonicalizeITIDA",True) crypt.CmsOptions = cmsOptions.Emit() # The CadesEnabled property applies to all methods that create CMS/PKCS7 signatures. # To create a CAdES-BES signature, set this property equal to true. crypt.CadesEnabled = True crypt.HashAlgorithm = "sha256" jsonSigningAttrs = chilkat2.JsonObject() jsonSigningAttrs.UpdateInt("contentType",1) jsonSigningAttrs.UpdateInt("signingTime",1) jsonSigningAttrs.UpdateInt("messageDigest",1) jsonSigningAttrs.UpdateInt("signingCertificateV2",1) crypt.SigningAttributes = jsonSigningAttrs.Emit() # By default, all the certs in the chain of authentication are included in the signature. # If desired, we can choose to only include the signing certificate: crypt.IncludeCertChain = False # Pass a JSON document such as the following. Chilkat will do the ITIDA canonicalization. # (It is the canonicalized JSON that gets signed.) # { # "issuer":{ # "address":{ # "branchID":"0", # "country":"EG", # "regionCity":"Cairo", # "postalCode":"", # "buildingNumber":"0", # "street":"123rd Street", # "governate":"GOVERNATE" # }, # "type":"B", # "id":"209999899", # "name":"Xyz SAE" # }, # "receiver":{ # "address":{ # "country":"EG", # "regionCity":"CAIRO", # "postalCode":"11435", # "buildingNumber":"0", # "street":"Autostrad Road Abc", # "governate":"GOVERNATE" # }, # "type":"B", # "id":"999999999", # "name":"XYZ EGYPT FOR TRADE" # }, # "documentType":"I", # "documentTypeVersion":"1.0", # "dateTimeIssued":"2020-11-15T11:04:53Z", # "taxpayerActivityCode":"1073", # "internalID":"ZZZZ999", # "purchaseOrderReference":"2009199918", # "salesOrderReference":"", # "payment":{ # "bankName":"", # "bankAddress":"", # "bankAccountNo":"", # "bankAccountIBAN":"", # "swiftCode":"", # "terms":"" # }, # "delivery":{ # "approach":"", # "packaging":"", # "dateValidity":"", # "exportPort":"", # "countryOfOrigin":"EG", # "grossWeight":0, # "netWeight":0, # "terms":"" # }, # "invoiceLines":[ # { # "description":"CDM Widget 48GX99X12BA", # "itemType":"GS1", # "itemCode":"7622213335056", # "unitType":"CS", # "quantity":1.00, # "unitValue":{ # "currencySold":"EGP", # "amountEGP":588.67, # "amountSold":0, # "currencyExchangeRate":0 # }, # "salesTotal":588.67, # "total":603.97, # "valueDifference":0, # "totalTaxableFees":0, # "netTotal":529.8, # "itemsDiscount":0, # "discount":{ # "rate":10.00, # "amount":58.87 # }, # "taxableItems":[ # { # "taxType":"T1", # "amount":74.17, # "subType":"No sub", # "rate":14.00 # } # ], # "internalCode":"9099994" # } # ], # "totalSales":588.67, # "totalSalesAmount":588.67, # "totalDiscountAmount":58.87, # "netAmount":529.80, # "taxTotals":[ # { # "taxType":"T1", # "amount":74.17 # } # ], # "extraDiscountAmount":0, # "totalItemsDiscountAmount":0, # "totalAmount":603.97, # } # json = chilkat2.JsonObject() success = json.LoadFile("qa_data/itida/sdk.invoicing.eta.gov.eg/files/one-doc.json") if (success == False): print(json.LastErrorText) sys.exit() json.EmitCompact = False # Create the CAdES-BES signature. crypt.EncodingMode = "base64" # Make sure we sign the utf-8 byte representation of the JSON string crypt.Charset = "utf-8" sigBase64 = crypt.SignStringENC(json.Emit()) if (crypt.LastMethodSuccess == False): print(crypt.LastErrorText) sys.exit() print("Base64 signature:") print(sigBase64) # Add the signature to the JSON. json.UpdateString("signatures[0].signatureType","I") json.UpdateString("signatures[0].value",sigBase64) print("JSON with signature added:") print(json.Emit()) # ------------------------------------------------------------------------------------------------------------ # Cleanup our ScMinidriver session... # When finished with operations that required authentication, you may if you wish, deauthenticate the session. success = scmd.PinDeauthenticate("user") if (success == False): print(scmd.LastErrorText) # Delete the context when finished with the card. success = scmd.DeleteContext() if (success == False): print(scmd.LastErrorText) |
||||
© 2000-2024 Chilkat Software, Inc. All Rights Reserved.