|
Chilkat • HOME • .NET Core C# • Android™ • AutoIt • C • C# • C++ • Chilkat2-Python • CkPython • Classic ASP • DataFlex • Delphi ActiveX • Delphi DLL • Go • Java • Lianja • Mono C# • Node.js • Objective-C • PHP ActiveX • PHP Extension • Perl • PowerBuilder • PowerShell • PureBasic • Ruby • SQL Server • Swift 2 • Swift 3,4,5... • Tcl • Unicode C • Unicode C++ • VB.NET • VBScript • Visual Basic 6.0 • Visual FoxPro • Xojo Plugin
(Lianja) Create XAdES-T Signed XMLSee more XAdES ExamplesThis example signs XML using the XAdES-T profile. XAdES-T is a profile within the XAdES standard that adds support for secure timestamping of signatures. Secure timestamping involves adding a timestamp to the signature, indicating the exact time when the signature was applied. Timestamping enhances the long-term validity of signatures by providing evidence that the signature existed at a specific point in time, even if the signer's certificate has expired or been revoked. XAdES-T signatures include elements for embedding timestamp data within the XML signature, along with information about the timestamp authority and the timestamp verification process. XAdES-T signatures are suitable for scenarios where long-term validity and integrity of signatures are essential, such as in legal and regulatory contexts where archived documents may need to be validated years or decades later.
// This example requires the Chilkat API to have been previously unlocked. // See Global Unlock Sample for sample code. llSuccess = .T. // Create the XML to be signed... // Use this online tool to generate code from sample XML: // Generate Code to Create XML // <?xml version="1.0" encoding="UTF-8"?> // <es:Dossier xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns="http://uri.etsi.org/01903/v1.3.2#" xmlns:es="https://www.microsec.hu/ds/e-szigno30#" xsi:schemaLocation="https://www.microsec.hu/ds/e-szigno30# https://www.microsec.hu/ds/e-szigno30.xsd"> // <es:DossierProfile Id="PObject0" OBJREF="Object0"> // <es:Title>e-akta.es3</es:Title> // <es:E-category>electronic dossier</es:E-category> // <es:CreationDate>2022-12-02T07:55:16Z</es:CreationDate> // </es:DossierProfile> // <es:Documents Id="Object0"/> // </es:Dossier> loXmlToSign = createobject("CkXml") loXmlToSign.Tag = "es:Dossier" loXmlToSign.AddAttribute("xmlns:xsi","http://www.w3.org/2001/XMLSchema-instance") loXmlToSign.AddAttribute("xmlns:ds","http://www.w3.org/2000/09/xmldsig#") loXmlToSign.AddAttribute("xmlns","http://uri.etsi.org/01903/v1.3.2#") loXmlToSign.AddAttribute("xmlns:es","https://www.microsec.hu/ds/e-szigno30#") loXmlToSign.AddAttribute("xsi:schemaLocation","https://www.microsec.hu/ds/e-szigno30# https://www.microsec.hu/ds/e-szigno30.xsd") loXmlToSign.UpdateAttrAt("es:DossierProfile",.T.,"Id","PObject0") loXmlToSign.UpdateAttrAt("es:DossierProfile",.T.,"OBJREF","Object0") loXmlToSign.UpdateChildContent("es:DossierProfile|es:Title","e-akta.es3") loXmlToSign.UpdateChildContent("es:DossierProfile|es:E-category","electronic dossier") loXmlToSign.UpdateChildContent("es:DossierProfile|es:CreationDate","2022-12-02T07:55:16Z") loXmlToSign.UpdateAttrAt("es:Documents",.T.,"Id","Object0") loGen = createobject("CkXmlDSigGen") loGen.SigLocation = "es:Dossier" loGen.SigLocationMod = 0 loGen.SigId = "S9fe8096e-2cac-415d-9222-f6cf2ecb314b" loGen.SigValueId = "VS9fe8096e-2cac-415d-9222-f6cf2ecb314b" loGen.SignedInfoId = "SIS9fe8096e-2cac-415d-9222-f6cf2ecb314b" loGen.SignedInfoCanonAlg = "EXCL_C14N" loGen.SignedInfoDigestMethod = "sha256" // Set the KeyInfoId before adding references.. loGen.KeyInfoId = "KS9fe8096e-2cac-415d-9222-f6cf2ecb314b" // Create an Object to be added to the Signature. loObject1 = createobject("CkXml") loObject1.Tag = "es:SignatureProfile" loObject1.AddAttribute("Id","PS9fe8096e-2cac-415d-9222-f6cf2ecb314b") loObject1.AddAttribute("OBJREF","Object0") loObject1.AddAttribute("SIGREF","S9fe8096e-2cac-415d-9222-f6cf2ecb314b") loObject1.AddAttribute("SIGREFLIST","#Object0 #PS9fe8096e-2cac-415d-9222-f6cf2ecb314b #PObject0 #XS9fe8096e-2cac-415d-9222-f6cf2ecb314b") loObject1.UpdateChildContent("es:SignerName","EC Minősített-Tesztelő Péterke") loObject1.UpdateChildContent("es:SDPresented","false") loObject1.UpdateChildContent("es:Type","signature") loObject1.UpdateAttrAt("es:Generator|es:Program",.T.,"name","e-Szigno") loObject1.UpdateAttrAt("es:Generator|es:Program",.T.,"version","3.3.6.8") loObject1.UpdateAttrAt("es:Generator|es:Device",.T.,"name","OpenSSL 1.1.1n 15 Mar 2022") loObject1.UpdateAttrAt("es:Generator|es:Device",.T.,"type","") loGen.AddObject("O1S9fe8096e-2cac-415d-9222-f6cf2ecb314b",loObject1.GetXml(),"","") // Create an Object to be added to the Signature. loObject2 = createobject("CkXml") loObject2.Tag = "QualifyingProperties" loObject2.AddAttribute("Target","#S9fe8096e-2cac-415d-9222-f6cf2ecb314b") loObject2.AddAttribute("Id","QPS9fe8096e-2cac-415d-9222-f6cf2ecb314b") loObject2.UpdateAttrAt("SignedProperties",.T.,"Id","XS9fe8096e-2cac-415d-9222-f6cf2ecb314b") loObject2.UpdateChildContent("SignedProperties|SignedSignatureProperties|SigningTime","TO BE GENERATED BY CHILKAT") loObject2.UpdateAttrAt("SignedProperties|SignedSignatureProperties|SigningCertificateV2|Cert|CertDigest|ds:DigestMethod",.T.,"Algorithm","http://www.w3.org/2001/04/xmlenc#sha256") loObject2.UpdateChildContent("SignedProperties|SignedSignatureProperties|SigningCertificateV2|Cert|CertDigest|ds:DigestValue","TO BE GENERATED BY CHILKAT") loObject2.UpdateChildContent("SignedProperties|SignedSignatureProperties|SigningCertificateV2|Cert|IssuerSerialV2","TO BE GENERATED BY CHILKAT") loObject2.UpdateChildContent("SignedProperties|SignedSignatureProperties|SignaturePolicyIdentifier|SignaturePolicyImplied","") loObject2.UpdateChildContent("SignedProperties|SignedSignatureProperties|SignerRoleV2|ClaimedRoles|ClaimedRole","tesztelő") // Here we have the EncapsulatedTimestamp found in the unsigned signature properties. loObject2.UpdateAttrAt("UnsignedProperties|UnsignedSignatureProperties|SignatureTimeStamp",.T.,"Id","T72cb4961-4326-4319-857a-7cf55e7ef899") loObject2.UpdateAttrAt("UnsignedProperties|UnsignedSignatureProperties|SignatureTimeStamp|ds:CanonicalizationMethod",.T.,"Algorithm","http://www.w3.org/2001/10/xml-exc-c14n#") loObject2.UpdateAttrAt("UnsignedProperties|UnsignedSignatureProperties|SignatureTimeStamp|EncapsulatedTimeStamp",.T.,"Id","ET72cb4961-4326-4319-857a-7cf55e7ef899") loObject2.UpdateChildContent("UnsignedProperties|UnsignedSignatureProperties|SignatureTimeStamp|EncapsulatedTimeStamp","TO BE GENERATED BY CHILKAT") loObject2.UpdateAttrAt("UnsignedProperties|UnsignedSignatureProperties|TimeStampValidationData",.T.,"xmlns","http://uri.etsi.org/01903/v1.4.1#") loObject2.UpdateAttrAt("UnsignedProperties|UnsignedSignatureProperties|CertificateValues",.T.,"Id","CV18c7702d-d45b-44bc-853a-a720f41053cd") loObject2.UpdateAttrAt("UnsignedProperties|UnsignedSignatureProperties|CertificateValues|EncapsulatedX509Certificate",.T.,"Id","EC42db04c8-1422-407b-8c42-189353a55268") loObject2.UpdateChildContent("UnsignedProperties|UnsignedSignatureProperties|CertificateValues|EncapsulatedX509Certificate","BASE64_CONTENT") loObject2.UpdateAttrAt("UnsignedProperties|UnsignedSignatureProperties|CertificateValues|EncapsulatedX509Certificate[1]",.T.,"Id","EC04728b44-a32c-46c1-b9bb-85b1f6b3c7d3") loObject2.UpdateChildContent("UnsignedProperties|UnsignedSignatureProperties|CertificateValues|EncapsulatedX509Certificate[1]","BASE64_CONTENT") loGen.AddObject("O2S9fe8096e-2cac-415d-9222-f6cf2ecb314b",loObject2.GetXml(),"","") // -------- Reference 1 -------- loGen.AddSameDocRef("Object0","sha256","EXCL_C14N","","") loGen.SetRefIdAttr("Object0","Re1f816c4-7898-4544-9b41-f4156dc0c528") // -------- Reference 2 -------- loGen.AddObjectRef("PS9fe8096e-2cac-415d-9222-f6cf2ecb314b","sha256","EXCL_C14N","","") loGen.SetRefIdAttr("PS9fe8096e-2cac-415d-9222-f6cf2ecb314b","Ra873b616-e568-4c38-ae94-27fbff67cc43") // -------- Reference 3 -------- loGen.AddSameDocRef("PObject0","sha256","EXCL_C14N","","") loGen.SetRefIdAttr("PObject0","Ra5d85948-5d6a-4914-8c32-242f5d6d9e81") // -------- Reference 4 -------- loGen.AddObjectRef("XS9fe8096e-2cac-415d-9222-f6cf2ecb314b","sha256","EXCL_C14N","","http://uri.etsi.org/01903#SignedProperties") loGen.SetRefIdAttr("XS9fe8096e-2cac-415d-9222-f6cf2ecb314b","Ra7412a43-dc05-4e0a-ac84-e9a070214757") // Provide a certificate + private key. (PFX password is test123) loCert = createobject("CkCert") llSuccess = loCert.LoadPfxFile("qa_data/pfx/cert_test123.pfx","test123") if (llSuccess <> .T.) then ? loCert.LastErrorText release loXmlToSign release loGen release loObject1 release loObject2 release loCert return endif loGen.SetX509Cert(loCert,.T.) loGen.KeyInfoType = "X509Data" loGen.X509Type = "Certificate" // ------------------------------------------------------------------------------------------- // To have the EncapsulatedTimeStamp automatically added, we only need to do 2 things. // 1) Add the <xades:EncapsulatedTimeStamp Encoding="http://uri.etsi.org/01903/v1.2.2#DER">TO BE GENERATED BY CHILKAT</xades:EncapsulatedTimeStamp> // to the unsigned properties. // 2) Specify the TSA URL (Timestamping Authority URL). // Here we specify the TSA URL: // ------------------------------------------------------------------------------------------- loJsonTsa = createobject("CkJsonObject") loJsonTsa.UpdateString("timestampToken.tsaUrl","http://timestamp.digicert.com") loJsonTsa.UpdateBool("timestampToken.requestTsaCert",.T.) loGen.SetTsa(loJsonTsa) // Load XML to be signed... loSbXml = createobject("CkStringBuilder") loXmlToSign.GetXmlSb(loSbXml) loGen.Behaviors = "IndentedSignature,OmitAlreadyDefinedSigNamespace" // Sign the XML... llSuccess = loGen.CreateXmlDSigSb(loSbXml) if (llSuccess <> .T.) then ? loGen.LastErrorText release loXmlToSign release loGen release loObject1 release loObject2 release loCert release loJsonTsa release loSbXml return endif // ----------------------------------------------- // Save the signed XML to a file. llSuccess = loSbXml.WriteFile("c:/temp/qa_output/signedXml.xml","utf-8",.F.) ? loSbXml.GetAsString() // ---------------------------------------- // Verify the signatures we just produced... loVerifier = createobject("CkXmlDSig") llSuccess = loVerifier.LoadSignatureSb(loSbXml) if (llSuccess <> .T.) then ? loVerifier.LastErrorText release loXmlToSign release loGen release loObject1 release loObject2 release loCert release loJsonTsa release loSbXml release loVerifier return endif lnNumSigs = loVerifier.NumSignatures lnVerifyIdx = 0 do while lnVerifyIdx < lnNumSigs loVerifier.Selector = lnVerifyIdx llVerified = loVerifier.VerifySignature(.T.) if (llVerified <> .T.) then ? loVerifier.LastErrorText release loXmlToSign release loGen release loObject1 release loObject2 release loCert release loJsonTsa release loSbXml release loVerifier return endif lnVerifyIdx = lnVerifyIdx + 1 enddo ? "All signatures were successfully verified." release loXmlToSign release loGen release loObject1 release loObject2 release loCert release loJsonTsa release loSbXml release loVerifier |
||||
© 2000-2024 Chilkat Software, Inc. All Rights Reserved.