Sample code for 30+ languages & platforms
Visual FoxPro

Sign XML for Zakat, Tax and Customs Authority (ZATCA)

See more ZATCA Examples

Demonstrates how to sign XML for Zakat, Tax and Customs Authority (ZATCA).

Chilkat Visual FoxPro Downloads

Visual FoxPro
LOCAL lnSuccess
LOCAL loSbXml
LOCAL loGen
LOCAL loObject1
LOCAL loXml1
LOCAL loCertFromPfx
LOCAL loCert
LOCAL loPrivKey
LOCAL loVerifier
LOCAL lnNumSigs
LOCAL lnVerifyIdx
LOCAL lnVerified

lnSuccess = 0

* This example requires the Chilkat API to have been previously unlocked.
* See Global Unlock Sample for sample code.

lnSuccess = 1

* Load XML to be signed...
loSbXml = CreateObject('Chilkat.StringBuilder')
lnSuccess = loSbXml.LoadFile("qa_data/xml_dsig_valid_samples/UBL_Saudi_ZATCA_Zakat_Tax_and_Customs_Authority_toBeSigned.xml","utf-8")
IF (lnSuccess = 0) THEN
    ? "Failed to load XML file to be signed."
    RELEASE loSbXml
    CANCEL
ENDIF

* Loads XML containing the following (with data modified from the original sample).

* <?xml version="1.0" encoding="UTF-8"?>
* <Invoice xmlns="urn:oasis:names:specification:ubl:schema:xsd:Invoice-2" xmlns:cac="urn:oasis:names:specification:ubl:schema:xsd:CommonAggregateComponents-2" xmlns:cbc="urn:oasis:names:specification:ubl:schema:xsd:CommonBasicComponents-2" xmlns:ext="urn:oasis:names:specification:ubl:schema:xsd:CommonExtensionComponents-2"><ext:UBLExtensions>
*     <ext:UBLExtension>
*         <ext:ExtensionURI>urn:oasis:names:specification:ubl:dsig:enveloped:xades</ext:ExtensionURI>
*         <ext:ExtensionContent>
*             <sig:UBLDocumentSignatures xmlns:sig="urn:oasis:names:specification:ubl:schema:xsd:CommonSignatureComponents-2" xmlns:sac="urn:oasis:names:specification:ubl:schema:xsd:SignatureAggregateComponents-2" xmlns:sbc="urn:oasis:names:specification:ubl:schema:xsd:SignatureBasicComponents-2">
*                 <sac:SignatureInformation>
*                     <cbc:ID>urn:oasis:names:specification:ubl:signature:1</cbc:ID>
*                     <sbc:ReferencedSignatureID>urn:oasis:names:specification:ubl:signature:Invoice</sbc:ReferencedSignatureID>
*                     
*                 </sac:SignatureInformation>
*             </sig:UBLDocumentSignatures>
*         </ext:ExtensionContent>
*     </ext:UBLExtension>
* </ext:UBLExtensions>
*    
*    <cbc:ProfileID>reporting:1.0</cbc:ProfileID>
*    <cbc:ID>100</cbc:ID>
*    <cbc:UUID>3cf5ee18-ee25-44ea-a444-2c37ba7f28be</cbc:UUID>
*    <cbc:IssueDate>2021-04-25</cbc:IssueDate>
*    <cbc:IssueTime>15:30:00</cbc:IssueTime>
*    <cbc:InvoiceTypeCode name="0100000">388</cbc:InvoiceTypeCode>
*    <cbc:DocumentCurrencyCode>SAR</cbc:DocumentCurrencyCode>
*    <cbc:TaxCurrencyCode>SAR</cbc:TaxCurrencyCode>
*    <cbc:LineCountNumeric>2</cbc:LineCountNumeric>
*    <cac:AdditionalDocumentReference>
*       <cbc:ID>ICV</cbc:ID>
*       <cbc:UUID>46531</cbc:UUID>
*    </cac:AdditionalDocumentReference>
*    <cac:AdditionalDocumentReference>
*       <cbc:ID>PIH</cbc:ID>
*       <cac:Attachment>
*          <cbc:EmbeddedDocumentBinaryObject mimeCode="text/plain">NWZl......NTdlOQ==</cbc:EmbeddedDocumentBinaryObject>
*       </cac:Attachment>
*    </cac:AdditionalDocumentReference>
*    
*   
*    <cac:AdditionalDocumentReference>
*         <cbc:ID>QR</cbc:ID>
*         <cac:Attachment>
*             <cbc:EmbeddedDocumentBinaryObject mimeCode="text/plain">ARlBbC........FAau5g</cbc:EmbeddedDocumentBinaryObject>
*         </cac:Attachment>
* </cac:AdditionalDocumentReference><cac:Signature>
*       <cbc:ID>urn:oasis:names:specification:ubl:signature:Invoice</cbc:ID>
*       <cbc:SignatureMethod>urn:oasis:names:specification:ubl:dsig:enveloped:xades</cbc:SignatureMethod>
* </cac:Signature><cac:AccountingSupplierParty>
*       <cac:Party>
*          <cac:PartyIdentification>
*             <cbc:ID schemeID="MLS">123457890</cbc:ID>
*          </cac:PartyIdentification>
*          <cac:PostalAddress>
*             <cbc:StreetName>King Abdulaziz Road</cbc:StreetName>
*             <cbc:BuildingNumber>9999</cbc:BuildingNumber>
*             <cbc:PlotIdentification>9999</cbc:PlotIdentification>
*             <cbc:CitySubdivisionName>Al Amal</cbc:CitySubdivisionName>
*             <cbc:CityName>Riyadh</cbc:CityName>
*             <cbc:PostalZone>12643</cbc:PostalZone>
*             <cbc:CountrySubentity>Riyadh Region</cbc:CountrySubentity>
*             <cac:Country>
*                <cbc:IdentificationCode>SA</cbc:IdentificationCode>
*             </cac:Country>
*          </cac:PostalAddress>
*          <cac:PartyTaxScheme>
*             <cbc:CompanyID>300099999900003</cbc:CompanyID>
*             <cac:TaxScheme>
*                <cbc:ID>VAT</cbc:ID>
*             </cac:TaxScheme>
*          </cac:PartyTaxScheme>
*          <cac:PartyLegalEntity>
*             <cbc:RegistrationName>Example Co. LTD</cbc:RegistrationName>
*          </cac:PartyLegalEntity>
*       </cac:Party>
*    </cac:AccountingSupplierParty>
*    <cac:AccountingCustomerParty>
*       <cac:Party>
*          <cac:PartyIdentification>
*             <cbc:ID schemeID="SAG">123C12345678</cbc:ID>
*          </cac:PartyIdentification>
*          <cac:PostalAddress>
*             <cbc:StreetName>King Abdullah Road</cbc:StreetName>
*             <cbc:BuildingNumber>9999</cbc:BuildingNumber>
*             <cbc:PlotIdentification>9999</cbc:PlotIdentification>
*             <cbc:CitySubdivisionName>Al Mursalat</cbc:CitySubdivisionName>
*             <cbc:CityName>Riyadh</cbc:CityName>
*             <cbc:PostalZone>11564</cbc:PostalZone>
*             <cbc:CountrySubentity>Riyadh Region</cbc:CountrySubentity>
*             <cac:Country>
*                <cbc:IdentificationCode>SA</cbc:IdentificationCode>
*             </cac:Country>
*          </cac:PostalAddress>
*          <cac:PartyTaxScheme>
*             <cac:TaxScheme>
*                <cbc:ID>VAT</cbc:ID>
*             </cac:TaxScheme>
*          </cac:PartyTaxScheme>
*          <cac:PartyLegalEntity>
*             <cbc:RegistrationName>EXAMPLE MARKETS</cbc:RegistrationName>
*          </cac:PartyLegalEntity>
*       </cac:Party>
*    </cac:AccountingCustomerParty>
*    <cac:Delivery>
*       <cbc:ActualDeliveryDate>2022-04-25</cbc:ActualDeliveryDate>
*    </cac:Delivery>
*    <cac:PaymentMeans>
*       <cbc:PaymentMeansCode>42</cbc:PaymentMeansCode>
*    </cac:PaymentMeans>
*    <cac:TaxTotal>
*       <cbc:TaxAmount currencyID="SAR">135.00</cbc:TaxAmount>
*       <cac:TaxSubtotal>
*          <cbc:TaxableAmount currencyID="SAR">900.00</cbc:TaxableAmount>
*          <cbc:TaxAmount currencyID="SAR">135.00</cbc:TaxAmount>
*          <cac:TaxCategory>
*             <cbc:ID>S</cbc:ID>
*             <cbc:Percent>15</cbc:Percent>
*             <cac:TaxScheme>
*                <cbc:ID>VAT</cbc:ID>
*             </cac:TaxScheme>
*          </cac:TaxCategory>
*       </cac:TaxSubtotal>
*    </cac:TaxTotal>
*    <cac:TaxTotal>
*       <cbc:TaxAmount currencyID="SAR">135.00</cbc:TaxAmount>
*    </cac:TaxTotal>
*    <cac:LegalMonetaryTotal>
*       <cbc:LineExtensionAmount currencyID="SAR">900.00</cbc:LineExtensionAmount>
*       <cbc:TaxExclusiveAmount currencyID="SAR">900.00</cbc:TaxExclusiveAmount>
*       <cbc:TaxInclusiveAmount currencyID="SAR">1035.00</cbc:TaxInclusiveAmount>
*       <cbc:AllowanceTotalAmount currencyID="SAR">0.00</cbc:AllowanceTotalAmount>
*       <cbc:PayableAmount currencyID="SAR">1035.00</cbc:PayableAmount>
*    </cac:LegalMonetaryTotal>
*    <cac:InvoiceLine>
*       <cbc:ID>1</cbc:ID>
*       <cbc:InvoicedQuantity unitCode="PCE">1</cbc:InvoicedQuantity>
*       <cbc:LineExtensionAmount currencyID="SAR">200.00</cbc:LineExtensionAmount>
*       <cac:TaxTotal>
*          <cbc:TaxAmount currencyID="SAR">30.00</cbc:TaxAmount>
*          <cbc:RoundingAmount currencyID="SAR">230.00</cbc:RoundingAmount>
*       </cac:TaxTotal>
*       <cac:Item>
*          <cbc:Name>Item A</cbc:Name>
*          <cac:ClassifiedTaxCategory>
*             <cbc:ID>S</cbc:ID>
*             <cbc:Percent>15</cbc:Percent>
*             <cac:TaxScheme>
*                <cbc:ID>VAT</cbc:ID>
*             </cac:TaxScheme>
*          </cac:ClassifiedTaxCategory>
*       </cac:Item>
*       <cac:Price>
*          <cbc:PriceAmount currencyID="SAR">200.00</cbc:PriceAmount>
*       </cac:Price>
*    </cac:InvoiceLine>
*    <cac:InvoiceLine>
*       <cbc:ID>2</cbc:ID>
*       <cbc:InvoicedQuantity unitCode="PCE">2</cbc:InvoicedQuantity>
*       <cbc:LineExtensionAmount currencyID="SAR">700.00</cbc:LineExtensionAmount>
*       <cac:TaxTotal>
*          <cbc:TaxAmount currencyID="SAR">105.00</cbc:TaxAmount>
*          <cbc:RoundingAmount currencyID="SAR">805.00</cbc:RoundingAmount>
*       </cac:TaxTotal>
*       <cac:Item>
*          <cbc:Name>Item B</cbc:Name>
*          <cac:ClassifiedTaxCategory>
*             <cbc:ID>S</cbc:ID>
*             <cbc:Percent>15</cbc:Percent>
*             <cac:TaxScheme>
*                <cbc:ID>VAT</cbc:ID>
*             </cac:TaxScheme>
*          </cac:ClassifiedTaxCategory>
*       </cac:Item>
*       <cac:Price>
*          <cbc:PriceAmount currencyID="SAR">350.00</cbc:PriceAmount>
*       </cac:Price>
*    </cac:InvoiceLine>
* </Invoice>

loGen = CreateObject('Chilkat.XmlDSigGen')

loGen.SigLocation = "Invoice|ext:UBLExtensions|ext:UBLExtension|ext:ExtensionContent|sig:UBLDocumentSignatures|sac:SignatureInformation"
loGen.SigLocationMod = 0
loGen.SigId = "signature"
loGen.SigNamespacePrefix = "ds"
loGen.SigNamespaceUri = "http://www.w3.org/2000/09/xmldsig#"
loGen.SignedInfoCanonAlg = "C14N_11"
loGen.SignedInfoDigestMethod = "sha256"

* Create an Object to be added to the Signature.
loObject1 = CreateObject('Chilkat.Xml')
loObject1.Tag = "xades:QualifyingProperties"
loObject1.AddAttribute("xmlns:xades","http://uri.etsi.org/01903/v1.3.2#")
loObject1.AddAttribute("Target","signature")
loObject1.UpdateAttrAt("xades:SignedProperties",1,"Id","xadesSignedProperties")
loObject1.UpdateChildContent("xades:SignedProperties|xades:SignedSignatureProperties|xades:SigningTime","TO BE GENERATED BY CHILKAT")
loObject1.UpdateAttrAt("xades:SignedProperties|xades:SignedSignatureProperties|xades:SigningCertificate|xades:Cert|xades:CertDigest|ds:DigestMethod",1,"Algorithm","http://www.w3.org/2001/04/xmlenc#sha256")
loObject1.UpdateChildContent("xades:SignedProperties|xades:SignedSignatureProperties|xades:SigningCertificate|xades:Cert|xades:CertDigest|ds:DigestValue","TO BE GENERATED BY CHILKAT")
loObject1.UpdateChildContent("xades:SignedProperties|xades:SignedSignatureProperties|xades:SigningCertificate|xades:Cert|xades:IssuerSerial|ds:X509IssuerName","TO BE GENERATED BY CHILKAT")
loObject1.UpdateChildContent("xades:SignedProperties|xades:SignedSignatureProperties|xades:SigningCertificate|xades:Cert|xades:IssuerSerial|ds:X509SerialNumber","TO BE GENERATED BY CHILKAT")

loGen.AddObject("",loObject1.GetXml(),"","")

* -------- Reference 1 --------
loXml1 = CreateObject('Chilkat.Xml')
loXml1.Tag = "ds:Transforms"
loXml1.UpdateAttrAt("ds:Transform",1,"Algorithm","http://www.w3.org/TR/1999/REC-xpath-19991116")
loXml1.UpdateChildContent("ds:Transform|ds:XPath","not(//ancestor-or-self::ext:UBLExtensions)")
loXml1.UpdateAttrAt("ds:Transform[1]",1,"Algorithm","http://www.w3.org/TR/1999/REC-xpath-19991116")
loXml1.UpdateChildContent("ds:Transform[1]|ds:XPath","not(//ancestor-or-self::cac:Signature)")
loXml1.UpdateAttrAt("ds:Transform[2]",1,"Algorithm","http://www.w3.org/TR/1999/REC-xpath-19991116")
loXml1.UpdateChildContent("ds:Transform[2]|ds:XPath","not(//ancestor-or-self::cac:AdditionalDocumentReference[cbc:ID='QR'])")
loXml1.UpdateAttrAt("ds:Transform[3]",1,"Algorithm","http://www.w3.org/2006/12/xml-c14n11")

loGen.AddSameDocRef2("","sha256",loXml1,"")

loGen.SetRefIdAttr("","invoiceSignedData")

* -------- Reference 2 --------
loGen.AddObjectRef("xadesSignedProperties","sha256","","","http://www.w3.org/2000/09/xmldsig#SignatureProperties")

* Provide a certificate + private key. (PFX password is test123)
loCertFromPfx = CreateObject('Chilkat.Cert')
lnSuccess = loCertFromPfx.LoadPfxFile("qa_data/pfx/cert_test123.pfx","test123")
IF (lnSuccess <> 1) THEN
    ? loCertFromPfx.LastErrorText
    RELEASE loSbXml
    RELEASE loGen
    RELEASE loObject1
    RELEASE loXml1
    RELEASE loCertFromPfx
    CANCEL
ENDIF

* Alternatively, if your certificate and private key are in separate PEM files, do this:
loCert = CreateObject('Chilkat.Cert')
lnSuccess = loCert.LoadFromFile("qa_data/zatca/cert.pem")
IF (lnSuccess <> 1) THEN
    ? loCert.LastErrorText
    RELEASE loSbXml
    RELEASE loGen
    RELEASE loObject1
    RELEASE loXml1
    RELEASE loCertFromPfx
    RELEASE loCert
    CANCEL
ENDIF

? loCert.SubjectCN

* Load the private key.
loPrivKey = CreateObject('Chilkat.PrivateKey')
lnSuccess = loPrivKey.LoadPemFile("qa_data/zatca/ec-secp256k1-priv-key.pem")
IF (lnSuccess <> 1) THEN
    ? loPrivKey.LastErrorText
    RELEASE loSbXml
    RELEASE loGen
    RELEASE loObject1
    RELEASE loXml1
    RELEASE loCertFromPfx
    RELEASE loCert
    RELEASE loPrivKey
    CANCEL
ENDIF

? "Key Type: " + loPrivKey.KeyType

* Associate the private key with the certificate.
lnSuccess = loCert.SetPrivateKey(loPrivKey)
IF (lnSuccess <> 1) THEN
    ? loCert.LastErrorText
    RELEASE loSbXml
    RELEASE loGen
    RELEASE loObject1
    RELEASE loXml1
    RELEASE loCertFromPfx
    RELEASE loCert
    RELEASE loPrivKey
    CANCEL
ENDIF

* The certificate passed to SetX509Cert must have an associated private key.
* If the cert was loaded from a PFX, then it should automatically has an associated private key.
* If the cert was loaded from PEM, then the private key was explicitly associated as shown above.
lnSuccess = loGen.SetX509Cert(loCert,1)
IF (lnSuccess <> 1) THEN
    ? loGen.LastErrorText
    RELEASE loSbXml
    RELEASE loGen
    RELEASE loObject1
    RELEASE loXml1
    RELEASE loCertFromPfx
    RELEASE loCert
    RELEASE loPrivKey
    CANCEL
ENDIF

loGen.KeyInfoType = "X509Data"
loGen.X509Type = "Certificate"

* ---------------- This is important -----------------------------------------
* Starting in Chilkat v9.5.0.92, add the "ZATCA" behavior to produce the format required by ZATCA.
loGen.Behaviors = "IndentedSignature,TransformSignatureXPath,ZATCA"
* ----------------------------------------------------------------------------

* Sign the XML...
lnSuccess = loGen.CreateXmlDSigSb(loSbXml)
IF (lnSuccess <> 1) THEN
    ? loGen.LastErrorText
    RELEASE loSbXml
    RELEASE loGen
    RELEASE loObject1
    RELEASE loXml1
    RELEASE loCertFromPfx
    RELEASE loCert
    RELEASE loPrivKey
    CANCEL
ENDIF

* -----------------------------------------------

* Save the signed XML to a file.
lnSuccess = loSbXml.WriteFile("qa_output/signedXml.xml","utf-8",0)

? loSbXml.GetAsString()

* ----------------------------------------
* Verify the signatures we just produced...
loVerifier = CreateObject('Chilkat.XmlDSig')
lnSuccess = loVerifier.LoadSignatureSb(loSbXml)
IF (lnSuccess <> 1) THEN
    ? loVerifier.LastErrorText
    RELEASE loSbXml
    RELEASE loGen
    RELEASE loObject1
    RELEASE loXml1
    RELEASE loCertFromPfx
    RELEASE loCert
    RELEASE loPrivKey
    RELEASE loVerifier
    CANCEL
ENDIF

* ---------------- This is important -----------------------------------------
* Starting in Chilkat v9.5.0.92, specify "ZATCA" in uncommon options 
* to validate signed XML according to ZATCA needs.
* ----------------------------------------------------------------------------
loVerifier.UncommonOptions = "ZATCA"

lnNumSigs = loVerifier.NumSignatures
lnVerifyIdx = 0
DO WHILE lnVerifyIdx < lnNumSigs
    loVerifier.Selector = lnVerifyIdx
    lnVerified = loVerifier.VerifySignature(1)
    IF (lnVerified <> 1) THEN
        ? loVerifier.LastErrorText
        RELEASE loSbXml
        RELEASE loGen
        RELEASE loObject1
        RELEASE loXml1
        RELEASE loCertFromPfx
        RELEASE loCert
        RELEASE loPrivKey
        RELEASE loVerifier
        CANCEL
    ENDIF

    lnVerifyIdx = lnVerifyIdx + 1
ENDDO
? "All signatures were successfully verified."

RELEASE loSbXml
RELEASE loGen
RELEASE loObject1
RELEASE loXml1
RELEASE loCertFromPfx
RELEASE loCert
RELEASE loPrivKey
RELEASE loVerifier