(Delphi DLL) Sign Mexico Pedimento

Add a signature to a Mexico pedimento file.

Chilkat for Delphi Downloads Chilkat non-ActiveX DLL for Delphi Chilkat ActiveX DLL for Delphi * The examples here use the non-ActiveX DLL.

uses
    Winapi.Windows, Winapi.Messages, System.SysUtils, System.Variants, System.Classes, Vcl.Graphics,
    Vcl.Controls, Vcl.Forms, Vcl.Dialogs, Vcl.StdCtrls, Asn, Cert, StringBuilder, BinData, PrivateKey, Xml, Rsa;

...

procedure TForm1.Button1Click(Sender: TObject);
var
success: Boolean;
bCRLF: Boolean;
sb: HCkStringBuilder;
md5_base64: PWideChar;
privKey: HCkPrivateKey;
xml: HCkXml;
asn: HCkAsn;
rsa: HCkRsa;
bdSig: HCkBinData;
cert: HCkCert;
serialHex: PWideChar;
sbSerial: HCkStringBuilder;
numReplaced: Integer;

begin
// This example requires the Chilkat API to have been previously unlocked.
// See Global Unlock Sample for sample code.

// This is the contents before signing:

// 500|1|3621|4199800|400||
// 601|3621|4199800|400|IN|1||EKU9003173C9|EKU9003173C9FRNN09|1||
// 507|4199800|IM|2006-7888">
// 507|4199800|MS|2">
// 800|4199800|1">
// 801|M3621037.222|1|5|011|

// This is the contents after signing

// 500|1|3621|4199800|400||
// 601|3621|4199800|400|IN|1||EKU9003173C9|EKU9003173C9FRNN09|1||
// 507|4199800|IM|2006-7888">
// 507|4199800|MS|2">
// 800|4199800|1|fhP2Ker54D2+3+UZch23F0E72 .... 9qNSPIuAqpj524qLZbbA==|30001000000500003416|
// 801|M3621037.222|1|5|011|

// First create the text to be signed.
bCRLF := True;
sb := CkStringBuilder_Create();
// Use CRLF line endings.
CkStringBuilder_AppendLine(sb,'500|1|3621|4199800|400||',bCRLF);
CkStringBuilder_AppendLine(sb,'601|3621|4199800|400|IN|1||EKU9003173C9|EKU9003173C9FRNN09|1||',bCRLF);
CkStringBuilder_AppendLine(sb,'507|4199800|IM|2006-7888">',bCRLF);
CkStringBuilder_AppendLine(sb,'507|4199800|MS|2">',bCRLF);

// Generate the MD5 hash of what we have so far..
md5_base64 := CkStringBuilder__getHash(sb,'md5','base64','utf-8');
Memo1.Lines.Add('MD5 hash = ' + md5_base64);

// Complete the original file.
// After signing, we'll update the BASE64_SIGNATURE and CERT_SERIAL
CkStringBuilder_AppendLine(sb,'800|4199800|1|BASE64_SIGNATURE|CERT_SERIAL|',bCRLF);
CkStringBuilder_AppendLine(sb,'801|M3621037.222|1|5|011|',bCRLF);

// We're going to sign the MD5 hash using the private key.
privKey := CkPrivateKey_Create();
success := CkPrivateKey_LoadAnyFormatFile(privKey,'qa_data/certs/mexico_test/Certificados_de_Prueba/Certificados_Pruebas/Personas Morales/EKU9003173C9_20230517223532/CSD_EKU9003173C9_20230517223903/CSD_Sucursal_1_EKU9003173C9_20230517_223850.key','12345678a');
if (success = False) then
  begin
    Memo1.Lines.Add(CkPrivateKey__lastErrorText(privKey));
    Exit;
  end;

// Generate the ASN.1 to be signed.

// <sequence>
//     <sequence>
//         <oid>1.2.840.113549.2.5</oid>
//         <null/>
//     </sequence>
//     <octets>SwxHfaJhG+N3pPqay6UzVA==</octets>
// </sequence>

xml := CkXml_Create();
CkXml_putTag(xml,'sequence');
CkXml_UpdateChildContent(xml,'sequence|oid','1.2.840.113549.2.5');
CkXml_UpdateChildContent(xml,'sequence|null','');
CkXml_UpdateChildContent(xml,'octets',md5_base64);

asn := CkAsn_Create();
CkAsn_LoadAsnXml(asn,CkXml__getXml(xml));
Memo1.Lines.Add('ASN.1 = ' + CkAsn__getEncodedDer(asn,'base64'));

// Sign with the private key.
rsa := CkRsa_Create();
success := CkRsa_ImportPrivateKeyObj(rsa,privKey);
if (success = False) then
  begin
    Memo1.Lines.Add(CkRsa__lastErrorText(rsa));
    Exit;
  end;

// Create the opaque signature.
bdSig := CkBinData_Create();
CkBinData_AppendEncoded(bdSig,CkAsn__getEncodedDer(asn,'base64'),'base64');
success := CkRsa_OpenSslSignBd(rsa,bdSig);
if (success = False) then
  begin
    Memo1.Lines.Add(CkRsa__lastErrorText(rsa));
    Exit;
  end;

// bd now contains the opaque signature, which embeds the ASN.1, which contains the MD5 hash.
// We're going to add this line:
// 800|4199800|1|BASE64_SIGNATURE|CERT_SERIAL_NUM|

cert := CkCert_Create();
success := CkCert_LoadFromFile(cert,'qa_data/certs/mexico_test/Certificados_de_Prueba/Certificados_Pruebas/Personas Morales/EKU9003173C9_20230517223532/CSD_EKU9003173C9_20230517223903/CSD_Sucursal_1_EKU9003173C9_20230517_223850.cer');
if (success = False) then
  begin
    Memo1.Lines.Add(CkCert__lastErrorText(cert));
    Exit;
  end;
serialHex := CkCert__serialNumber(cert);
// The serial in hex form looks like this:   3330303031303030303030353030303033343136
// Decode to us-ascii.
sbSerial := CkStringBuilder_Create();
CkStringBuilder_DecodeAndAppend(sbSerial,serialHex,'hex','us-ascii');
Memo1.Lines.Add('serial number in us-ascii: ' + CkStringBuilder__getAsString(sbSerial));

numReplaced := CkStringBuilder_Replace(sb,'CERT_SERIAL',CkStringBuilder__getAsString(sbSerial));
numReplaced := CkStringBuilder_Replace(sb,'BASE64_SIGNATURE',CkBinData__getEncoded(bdSig,'base64'));

Memo1.Lines.Add('------------------------------------');
Memo1.Lines.Add('Result:');
Memo1.Lines.Add(CkStringBuilder__getAsString(sb));

CkStringBuilder_Dispose(sb);
CkPrivateKey_Dispose(privKey);
CkXml_Dispose(xml);
CkAsn_Dispose(asn);
CkRsa_Dispose(rsa);
CkBinData_Dispose(bdSig);
CkCert_Dispose(cert);
CkStringBuilder_Dispose(sbSerial);

end;