(Lianja) Create JPK_VAT XaDES-BES Signed XML

Demonstrates how to sign XML for JPK_VAT.

Chilkat Lianja Extension Download Chilkat Lianja Extension

// This example requires the Chilkat API to have been previously unlocked.
// See Global Unlock Sample for sample code.

// This example will sign the following XML document:

// <?xml version="1.0" encoding="utf-8"?>
// <InitUpload xmlns="http://e-dokumenty.mf.gov.pl">
//     <DocumentType>JPK</DocumentType>
//     <Version>01.02.01.20160617</Version>
//     <EncryptionKey algorithm="RSA" encoding="Base64" mode="ECB" padding="PKCS#1">...</EncryptionKey>
//     <DocumentList>
//         <Document>
//             <FormCode schemaVersion="1-1" systemCode="JPK_VAT (3)">JPK_VAT</FormCode>
//             <FileName>JPK_VAT_3_v1-1_20181208.xml</FileName>
//             <ContentLength>8736</ContentLength>
//             <HashValue algorithm="SHA-256" encoding="Base64">JEEI1pItwh6dj/Xe1uts/x61qnjZ4DLHpkRMhmf1oQQ=</HashValue>
//             <FileSignatureList filesNumber="1">
//                 <Packaging>
//                     <SplitZip mode="zip" type="split"/>
//                 </Packaging>
//                 <Encryption>
//                     <AES block="16" mode="CBC" padding="PKCS#7" size="256">
//                         <IV bytes="16" encoding="Base64">FFsCRAPYJD3J6cRvd44UDA==</IV>
//                     </AES>
//                 </Encryption>
//                 <FileSignature>
//                     <OrdinalNumber>1</OrdinalNumber>
//                     <FileName>JPK_VAT_3_v1-1_20181208-000.xml.zip.aes</FileName>
//                     <ContentLength>16</ContentLength>
//                     <HashValue algorithm="MD5" encoding="Base64">BX2DTD3ASC/zF6aq/012Cg==</HashValue>
//                 </FileSignature>
//             </FileSignatureList>
//         </Document>
//     </DocumentList>
// </InitUpload>

// First we build the XML to be signed.
// 
// Use this online tool to generate the code from sample XML: 
// Generate Code to Create XML

llSuccess = .T.
loXmlToSign = createobject("CkXml")
loXmlToSign.Tag = "InitUpload"
loXmlToSign.AddAttribute("xmlns","http://e-dokumenty.mf.gov.pl")
loXmlToSign.UpdateChildContent("DocumentType","JPK")
loXmlToSign.UpdateChildContent("Version","01.02.01.20160617")
loXmlToSign.UpdateAttrAt("EncryptionKey",.T.,"algorithm","RSA")
loXmlToSign.UpdateAttrAt("EncryptionKey",.T.,"encoding","Base64")
loXmlToSign.UpdateAttrAt("EncryptionKey",.T.,"mode","ECB")
loXmlToSign.UpdateAttrAt("EncryptionKey",.T.,"padding","PKCS#1")
loXmlToSign.UpdateChildContent("EncryptionKey","...")
loXmlToSign.UpdateAttrAt("DocumentList|Document|FormCode",.T.,"schemaVersion","1-1")
loXmlToSign.UpdateAttrAt("DocumentList|Document|FormCode",.T.,"systemCode","JPK_VAT (3)")
loXmlToSign.UpdateChildContent("DocumentList|Document|FormCode","JPK_VAT")
loXmlToSign.UpdateChildContent("DocumentList|Document|FileName","JPK_VAT_3_v1-1_20181208.xml")
loXmlToSign.UpdateChildContent("DocumentList|Document|ContentLength","8736")
loXmlToSign.UpdateAttrAt("DocumentList|Document|HashValue",.T.,"algorithm","SHA-256")
loXmlToSign.UpdateAttrAt("DocumentList|Document|HashValue",.T.,"encoding","Base64")
loXmlToSign.UpdateChildContent("DocumentList|Document|HashValue","JEEI1pItwh6dj/Xe1uts/x61qnjZ4DLHpkRMhmf1oQQ=")
loXmlToSign.UpdateAttrAt("DocumentList|Document|FileSignatureList",.T.,"filesNumber","1")
loXmlToSign.UpdateAttrAt("DocumentList|Document|FileSignatureList|Packaging|SplitZip",.T.,"mode","zip")
loXmlToSign.UpdateAttrAt("DocumentList|Document|FileSignatureList|Packaging|SplitZip",.T.,"type","split")
loXmlToSign.UpdateAttrAt("DocumentList|Document|FileSignatureList|Encryption|AES",.T.,"block","16")
loXmlToSign.UpdateAttrAt("DocumentList|Document|FileSignatureList|Encryption|AES",.T.,"mode","CBC")
loXmlToSign.UpdateAttrAt("DocumentList|Document|FileSignatureList|Encryption|AES",.T.,"padding","PKCS#7")
loXmlToSign.UpdateAttrAt("DocumentList|Document|FileSignatureList|Encryption|AES",.T.,"size","256")
loXmlToSign.UpdateAttrAt("DocumentList|Document|FileSignatureList|Encryption|AES|IV",.T.,"bytes","16")
loXmlToSign.UpdateAttrAt("DocumentList|Document|FileSignatureList|Encryption|AES|IV",.T.,"encoding","Base64")
loXmlToSign.UpdateChildContent("DocumentList|Document|FileSignatureList|Encryption|AES|IV","FFsCRAPYJD3J6cRvd44UDA==")
loXmlToSign.UpdateChildContent("DocumentList|Document|FileSignatureList|FileSignature|OrdinalNumber","1")
loXmlToSign.UpdateChildContent("DocumentList|Document|FileSignatureList|FileSignature|FileName","JPK_VAT_3_v1-1_20181208-000.xml.zip.aes")
loXmlToSign.UpdateChildContent("DocumentList|Document|FileSignatureList|FileSignature|ContentLength","16")
loXmlToSign.UpdateAttrAt("DocumentList|Document|FileSignatureList|FileSignature|HashValue",.T.,"algorithm","MD5")
loXmlToSign.UpdateAttrAt("DocumentList|Document|FileSignatureList|FileSignature|HashValue",.T.,"encoding","Base64")
loXmlToSign.UpdateChildContent("DocumentList|Document|FileSignatureList|FileSignature|HashValue","BX2DTD3ASC/zF6aq/012Cg==")

// Also see the online tool to generate the code from sample already-signed XML: 
// Generate XML Signature Creation Code from an Already-Signed XML Sample

loGen = createobject("CkXmlDSigGen")

loGen.SigLocation = "InitUpload"
loGen.SigId = "id-1234"
loGen.SigNamespacePrefix = "ds"
loGen.SigNamespaceUri = "http://www.w3.org/2000/09/xmldsig#"
loGen.SignedInfoCanonAlg = "EXCL_C14N"
loGen.SignedInfoDigestMethod = "sha256"

// Create an Object to be added to the Signature.
loObject1 = createobject("CkXml")
loObject1.Tag = "xades:QualifyingProperties"
loObject1.AddAttribute("Target","#id-1234")
loObject1.AddAttribute("xmlns:xades","http://uri.etsi.org/01903/v1.3.2#")
loObject1.UpdateAttrAt("xades:SignedProperties",.T.,"Id","xades-id-1234")
loObject1.UpdateChildContent("xades:SignedProperties|xades:SignedSignatureProperties|xades:SigningTime","TO BE GENERATED BY CHILKAT")
loObject1.UpdateAttrAt("xades:SignedProperties|xades:SignedSignatureProperties|xades:SigningCertificate|xades:Cert|xades:CertDigest|ds:DigestMethod",.T.,"Algorithm","http://www.w3.org/2001/04/xmlenc#sha256")
loObject1.UpdateChildContent("xades:SignedProperties|xades:SignedSignatureProperties|xades:SigningCertificate|xades:Cert|xades:CertDigest|ds:DigestValue","TO BE GENERATED BY CHILKAT")
loObject1.UpdateChildContent("xades:SignedProperties|xades:SignedSignatureProperties|xades:SigningCertificate|xades:Cert|xades:IssuerSerial|ds:X509IssuerName","TO BE GENERATED BY CHILKAT")
loObject1.UpdateChildContent("xades:SignedProperties|xades:SignedSignatureProperties|xades:SigningCertificate|xades:Cert|xades:IssuerSerial|ds:X509SerialNumber","TO BE GENERATED BY CHILKAT")
loObject1.UpdateAttrAt("xades:SignedProperties|xades:SignedDataObjectProperties|xades:DataObjectFormat",.T.,"ObjectReference","#r-id-1")
loObject1.UpdateChildContent("xades:SignedProperties|xades:SignedDataObjectProperties|xades:DataObjectFormat|xades:MimeType","text/xml")

loGen.AddObject("",loObject1.GetXml(),"","")

// -------- Reference 1 --------
loXml1 = createobject("CkXml")
loXml1.Tag = "ds:Transforms"
loXml1.UpdateAttrAt("ds:Transform",.T.,"Algorithm","http://www.w3.org/TR/1999/REC-xpath-19991116")
loXml1.UpdateChildContent("ds:Transform|ds:XPath","not(ancestor-or-self::ds:Signature)")
loXml1.UpdateAttrAt("ds:Transform[1]",.T.,"Algorithm","http://www.w3.org/2001/10/xml-exc-c14n#")

loGen.AddSameDocRef2("","sha256",loXml1,"")
loGen.SetRefIdAttr("","r-id-1")

// -------- Reference 2 --------
loXml2 = createobject("CkXml")
loXml2.Tag = "ds:Transforms"
loXml2.UpdateAttrAt("ds:Transform",.T.,"Algorithm","http://www.w3.org/2001/10/xml-exc-c14n#")

loGen.AddObjectRef2("xades-id-1234","sha256",loXml2,"http://uri.etsi.org/01903#SignedProperties")

// Provide a certificate + private key. (PFX password is test123)
// See Load Certificate on Smartcard for an example showing how to load the cert from a smartcard..
loCert = createobject("CkCert")
llSuccess = loCert.LoadPfxFile("qa_data/pfx/cert_test123.pfx","test123")
if (llSuccess <> .T.) then
    ? loCert.LastErrorText
    release loXmlToSign
    release loGen
    release loObject1
    release loXml1
    release loXml2
    release loCert
    return
endif

loGen.SetX509Cert(loCert,.T.)

loGen.KeyInfoType = "X509Data"
loGen.X509Type = "Certificate"

// Load XML to be signed...
loSbXml = createobject("CkStringBuilder")
loXmlToSign.GetXmlSb(loSbXml)

loGen.Behaviors = "IndentedSignature,TransformSignatureXPath,IssuerSerialHex"

// Sign the XML...
llSuccess = loGen.CreateXmlDSigSb(loSbXml)
if (llSuccess <> .T.) then
    ? loGen.LastErrorText
    release loXmlToSign
    release loGen
    release loObject1
    release loXml1
    release loXml2
    release loCert
    release loSbXml
    return
endif

// Save the signed XMl to a file.
llSuccess = loSbXml.WriteFile("qa_output/signedXml.xml","utf-8",.F.)

? loSbXml.GetAsString()

// ----------------------------------------
// Verify the signature we just produced...
loVerifier = createobject("CkXmlDSig")
llSuccess = loVerifier.LoadSignatureSb(loSbXml)
if (llSuccess <> .T.) then
    ? loVerifier.LastErrorText
    release loXmlToSign
    release loGen
    release loObject1
    release loXml1
    release loXml2
    release loCert
    release loSbXml
    release loVerifier
    return
endif

llVerified = loVerifier.VerifySignature(.T.)
if (llVerified <> .T.) then
    ? loVerifier.LastErrorText
    release loXmlToSign
    release loGen
    release loObject1
    release loXml1
    release loXml2
    release loCert
    release loSbXml
    release loVerifier
    return
endif

? "This signature was successfully verified."


release loXmlToSign
release loGen
release loObject1
release loXml1
release loXml2
release loCert
release loSbXml
release loVerifier