(DataFlex) Sign PDF and Provide Certificates in Chain to Root
Discusses how to provide certificates in the chain of authentication to the root certificate if the certs are not available to Chilkat.
If you provided a .p12 or .pfx, then it is likely the .p12/.pfx already contains the certs in the chain of authentication, and Chilkat will automatically find them.
Also, if running on a Windows system, then Chilkat will likely automatically find the intermediate CA certs and root CA cert as needed.
This example demonstrates how to explicitly provide the CA certs in the chain of authentication to any Chilkat application that is signing.
Note: This example requires Chilkat v9.5.0.92 or greater.
Use ChilkatAx-win32.pkg
Procedure Test
Variant vVault
Handle hoVault
Boolean iSuccess
Handle hoPdf
Variant vJson
Handle hoJson
Variant vCert
Handle hoCert
String sTemp1
// This example requires the Chilkat API to have been previously unlocked.
// See Global Unlock Sample for sample code.
// Assuming you don't have the intermediate CA and root CA certificates for the chain of authentication, then you'll need to locate them from your CA, download, and then use as shown below.
// For example, if your certificate has this certification path:
// 
// Then you should Google "AC DIGITALSIGN RFB G2".
// In this case, the resulting URL found by Google is: https://www.digitalsigncertificadora.com.br/repositorio/RFB
// You can download the certs from https://www.digitalsigncertificadora.com.br/repositorio/rfb/ACDIGITALSIGNRFB.p7b
// Load the certs from a .p7b into an XML certificate vault.
// Note: This example requires Chilkat v9.5.0.92 or greater. The ability to load .p7b files containing multiple certificates was added in v9.5.0.92
Get Create (RefClass(cComChilkatXmlCertVault)) To hoVault
If (Not(IsComObjectCreated(hoVault))) Begin
Send CreateComObject of hoVault
End
Get ComAddCertFile Of hoVault "qa_data/certs/ACDIGITALSIGNRFB.p7b" To iSuccess
If (iSuccess = False) Begin
Get ComLastErrorText Of hoVault To sTemp1
Showln sTemp1
Procedure_Return
End
// -----------------------------------
// See how the vault is used below...
// -----------------------------------
// The signed PDF produced by this example should be verifiable at https://verificador.iti.gov.br/verifier-2.6.2/
Get Create (RefClass(cComChilkatPdf)) To hoPdf
If (Not(IsComObjectCreated(hoPdf))) Begin
Send CreateComObject of hoPdf
End
// Load a PDF to be signed.
// The "hello.pdf" is available at https://chilkatsoft.com/hello.pdf
Get ComLoadFile Of hoPdf "qa_data/pdf/hello.pdf" To iSuccess
If (iSuccess = False) Begin
Get ComLastErrorText Of hoPdf To sTemp1
Showln sTemp1
Procedure_Return
End
Get Create (RefClass(cComChilkatJsonObject)) To hoJson
If (Not(IsComObjectCreated(hoJson))) Begin
Send CreateComObject of hoJson
End
// Define the appearance and location of the signature.
Get ComUpdateInt Of hoJson "page" 1 To iSuccess
Get ComUpdateString Of hoJson "appearance.y" "bottom" To iSuccess
Get ComUpdateString Of hoJson "appearance.x" "middle" To iSuccess
Get ComUpdateString Of hoJson "appearance.fontScale" "9.0" To iSuccess
Get ComUpdateString Of hoJson "appearance.text[0]" "Digitally signed by: cert_cn" To iSuccess
Get ComUpdateString Of hoJson "appearance.text[1]" "current_dt" To iSuccess
Get ComUpdateString Of hoJson "appearance.image" "document-accepted" To iSuccess
Get ComUpdateString Of hoJson "appearance.imagePlacement" "left" To iSuccess
Get ComUpdateString Of hoJson "appearance.imageOpacity" "100" To iSuccess
// Add the CMS options required for ICP-Brasil
Get ComUpdateInt Of hoJson "contentType" 1 To iSuccess
Get ComUpdateInt Of hoJson "messageDigest" 1 To iSuccess
Get ComUpdateInt Of hoJson "signingCertificateV2" 1 To iSuccess
// Listed here are the currently existing profiles. (Chilkat will add additional ICP Brasil policy profiles in future versions as new ones are created.)
// See https://www.gov.br/iti/pt-br/assuntos/repositorio/artefatos-de-assinatura-digital for more information.
//
// PA_PAdES_AD_RA_v1_0 --> 2.16.76.1.7.1.14.1
// PA_PAdES_AD_RA_v1_1 --> 2.16.76.1.7.1.14.1.1
// PA_PAdES_AD_RA_v1_2 --> 2.16.76.1.7.1.14.1.2
// PA_PAdES_AD_RB_v1_0 --> 2.16.76.1.7.1.11.1
// PA_PAdES_AD_RB_v1_1 --> 2.16.76.1.7.1.11.1.1
// PA_PAdES_AD_RC_v1_0 --> 2.16.76.1.7.1.13.1
// PA_PAdES_AD_RC_v1_1 --> 2.16.76.1.7.1.13.1.1
// PA_PAdES_AD_RC_v1_2 --> 2.16.76.1.7.1.13.1.2
// PA_PAdES_AD_RT_v1_0 --> 2.16.76.1.7.1.12.1
// PA_PAdES_AD_RT_v1_1 --> 2.16.76.1.7.1.12.1.1
// Set the policy OID and the profile name
Get ComUpdateString Of hoJson "policyId.id" "2.16.76.1.7.1.11.1.1" To iSuccess
Get ComUpdateString Of hoJson "policyId.profile" "PA_PAdES_AD_RB_v1_1" To iSuccess
// Also explicitly set the filter and subFilter
Get ComUpdateString Of hoJson "filter" "Adobe.PPKLite" To iSuccess
Get ComUpdateString Of hoJson "subFilter" "adbe.pkcs7.detached" To iSuccess
// Load the signing certificate.
// In this example, we'll load from a source where we don't have the certificates in the chain.
Get Create (RefClass(cComChilkatCert)) To hoCert
If (Not(IsComObjectCreated(hoCert))) Begin
Send CreateComObject of hoCert
End
Get ComLoadFromSmartcard Of hoCert "" To iSuccess
If (iSuccess = False) Begin
Get ComLastErrorText Of hoCert To sTemp1
Showln sTemp1
Procedure_Return
End
// ------------------------------------------------------------------------------------------
// Here's where we make the certificates in the chain of authentication available to Chilkat.
// If the certs in the chain of authentication are available in the vault, then Chilkat will
// automatically find them as needed.
// ------------------------------------------------------------------------------------------
Get pvComObject of hoVault to vVault
Get ComUseCertVault Of hoCert vVault To iSuccess
// Also, tell the PDF object we want to include certs in the chain of authentication to the root, if possible.
Get ComUpdateBool Of hoJson "embedCertChain" True To iSuccess
Get ComUpdateBool Of hoJson "includeRootCert" True To iSuccess
// Tell the pdf object to use the certificate for signing.
Get pvComObject of hoCert to vCert
Get ComSetSigningCert Of hoPdf vCert To iSuccess
If (iSuccess = False) Begin
Get ComLastErrorText Of hoPdf To sTemp1
Showln sTemp1
Procedure_Return
End
Get pvComObject of hoJson to vJson
Get ComSignPdf Of hoPdf vJson "qa_output/hello_signed.pdf" To iSuccess
If (iSuccess = False) Begin
Get ComLastErrorText Of hoPdf To sTemp1
Showln sTemp1
Procedure_Return
End
Get ComLastErrorText Of hoPdf To sTemp1
Showln sTemp1
Showln "The PDF has been successfully cryptographically signed."
End_Procedure
|
