(Lianja) XML-DSig Add Object Reference with Transforms Specified Explicitly

Demonstrates how to use the new AddObjectRef2 method to explicitly specify the XML Transforms fragment.

Chilkat Lianja Extension Download Chilkat Lianja Extension

// This example requires the Chilkat API to have been previously unlocked.
// See Global Unlock Sample for sample code.

llSuccess = .T.

// Build the following XML to be signed:

// <?xml version="1.0" encoding="utf-8"?>
// <InitUpload xmlns="http://e-dokumenty.mf.gov.pl">
//     <DocumentType>JPK</DocumentType>
//     <Version>01.02.01.20160617</Version>
//     <EncryptionKey algorithm="RSA" encoding="Base64" mode="ECB" padding="PKCS#1">xxxx</EncryptionKey>
//     <DocumentList>
//         <Document>
//             <FormCode schemaVersion="1-1" systemCode="JPK_VAT (3)">JPK_VAT</FormCode>
//             <FileName>JPK_VAT_3_v1-1_20181201.xml</FileName>
//             <ContentLength>8736</ContentLength>
//             <HashValue algorithm="SHA-256" encoding="Base64">JEDI1pItwh6dj/Xx1uts/x61qnjZ4DLHpkZMhmf1oKQ=</HashValue>
//             <FileSignatureList filesNumber="1">
//                 <Packaging>
//                     <SplitZip mode="zip" type="split"/>
//                 </Packaging>
//                 <Encryption>
//                     <AES block="16" mode="CBC" padding="PKCS#7" size="256">
//                         <IV bytes="16" encoding="Base64">z64oN9zXHt1+S3XACRSCYw==</IV>
//                     </AES>
//                 </Encryption>
//                 <FileSignature>
//                     <OrdinalNumber>1</OrdinalNumber>
//                     <FileName>JPK_VAT_3_v1-1_20181201-000.xml.zip.aes</FileName>
//                     <ContentLength>16</ContentLength>
//                     <HashValue algorithm="MD5" encoding="Base64">5MX0q1935fvMjLFV7E1yDw==</HashValue>
//                 </FileSignature>
//             </FileSignatureList>
//         </Document>
//     </DocumentList>
// </InitUpload>

// Use this online tool to generate code from sample XML: 
// Generate Code to Create XML

loXmlToSign = createobject("CkXml")
loXmlToSign.Tag = "InitUpload"
loXmlToSign.AddAttribute("xmlns","http://e-dokumenty.mf.gov.pl")
loXmlToSign.UpdateChildContent("DocumentType","JPK")
loXmlToSign.UpdateChildContent("Version","01.02.01.20160617")
loXmlToSign.UpdateAttrAt("EncryptionKey",.T.,"algorithm","RSA")
loXmlToSign.UpdateAttrAt("EncryptionKey",.T.,"encoding","Base64")
loXmlToSign.UpdateAttrAt("EncryptionKey",.T.,"mode","ECB")
loXmlToSign.UpdateAttrAt("EncryptionKey",.T.,"padding","PKCS#1")
loXmlToSign.UpdateChildContent("EncryptionKey","xxxx")
loXmlToSign.UpdateAttrAt("DocumentList|Document|FormCode",.T.,"schemaVersion","1-1")
loXmlToSign.UpdateAttrAt("DocumentList|Document|FormCode",.T.,"systemCode","JPK_VAT (3)")
loXmlToSign.UpdateChildContent("DocumentList|Document|FormCode","JPK_VAT")
loXmlToSign.UpdateChildContent("DocumentList|Document|FileName","JPK_VAT_3_v1-1_20181201.xml")
loXmlToSign.UpdateChildContent("DocumentList|Document|ContentLength","8736")
loXmlToSign.UpdateAttrAt("DocumentList|Document|HashValue",.T.,"algorithm","SHA-256")
loXmlToSign.UpdateAttrAt("DocumentList|Document|HashValue",.T.,"encoding","Base64")
loXmlToSign.UpdateChildContent("DocumentList|Document|HashValue","JEDI1pItwh6dj/Xx1uts/x61qnjZ4DLHpkZMhmf1oKQ=")
loXmlToSign.UpdateAttrAt("DocumentList|Document|FileSignatureList",.T.,"filesNumber","1")
loXmlToSign.UpdateAttrAt("DocumentList|Document|FileSignatureList|Packaging|SplitZip",.T.,"mode","zip")
loXmlToSign.UpdateAttrAt("DocumentList|Document|FileSignatureList|Packaging|SplitZip",.T.,"type","split")
loXmlToSign.UpdateAttrAt("DocumentList|Document|FileSignatureList|Encryption|AES",.T.,"block","16")
loXmlToSign.UpdateAttrAt("DocumentList|Document|FileSignatureList|Encryption|AES",.T.,"mode","CBC")
loXmlToSign.UpdateAttrAt("DocumentList|Document|FileSignatureList|Encryption|AES",.T.,"padding","PKCS#7")
loXmlToSign.UpdateAttrAt("DocumentList|Document|FileSignatureList|Encryption|AES",.T.,"size","256")
loXmlToSign.UpdateAttrAt("DocumentList|Document|FileSignatureList|Encryption|AES|IV",.T.,"bytes","16")
loXmlToSign.UpdateAttrAt("DocumentList|Document|FileSignatureList|Encryption|AES|IV",.T.,"encoding","Base64")
loXmlToSign.UpdateChildContent("DocumentList|Document|FileSignatureList|Encryption|AES|IV","z64oN9zXHt1+S3XACRSCYw==")
loXmlToSign.UpdateChildContent("DocumentList|Document|FileSignatureList|FileSignature|OrdinalNumber","1")
loXmlToSign.UpdateChildContent("DocumentList|Document|FileSignatureList|FileSignature|FileName","JPK_VAT_3_v1-1_20181201-000.xml.zip.aes")
loXmlToSign.UpdateChildContent("DocumentList|Document|FileSignatureList|FileSignature|ContentLength","16")
loXmlToSign.UpdateAttrAt("DocumentList|Document|FileSignatureList|FileSignature|HashValue",.T.,"algorithm","MD5")
loXmlToSign.UpdateAttrAt("DocumentList|Document|FileSignatureList|FileSignature|HashValue",.T.,"encoding","Base64")
loXmlToSign.UpdateChildContent("DocumentList|Document|FileSignatureList|FileSignature|HashValue","5MX0q1935fvMjLFV7E1yDw==")

loGen = createobject("CkXmlDSigGen")

loGen.SigLocation = "InitUpload"
loGen.SigLocationMod = 0
loGen.SigId = "id-1234"
loGen.SigNamespacePrefix = "ds"
loGen.SigNamespaceUri = "http://www.w3.org/2000/09/xmldsig#"
loGen.SignedInfoCanonAlg = "EXCL_C14N"
loGen.SignedInfoDigestMethod = "sha256"

// Create an Object to be added to the Signature.

// <xades:QualifyingProperties Target="#id-1234" xmlns:xades="http://uri.etsi.org/01903/v1.3.2#">
//     <xades:SignedProperties Id="xades-id-1234">
//         <xades:SignedSignatureProperties>
//             <xades:SigningTime>TO BE GENERATED BY CHILKAT</xades:SigningTime>
//             <xades:SigningCertificate>
//                 <xades:Cert>
//                     <xades:CertDigest>
//                         <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
//                         <ds:DigestValue>TO BE GENERATED BY CHILKAT</ds:DigestValue>
//                     </xades:CertDigest>
//                     <xades:IssuerSerial>
//                         <ds:X509IssuerName>TO BE GENERATED BY CHILKAT</ds:X509IssuerName>
//                         <ds:X509SerialNumber>TO BE GENERATED BY CHILKAT</ds:X509SerialNumber>
//                     </xades:IssuerSerial>
//                 </xades:Cert>
//             </xades:SigningCertificate>
//         </xades:SignedSignatureProperties>
//         <xades:SignedDataObjectProperties>
//             <xades:DataObjectFormat ObjectReference="#r-id-1">
//                 <xades:MimeType>text/xml</xades:MimeType>
//             </xades:DataObjectFormat>
//         </xades:SignedDataObjectProperties>
//     </xades:SignedProperties>
// </xades:QualifyingProperties>

loObject1 = createobject("CkXml")
loObject1.Tag = "xades:QualifyingProperties"
loObject1.AddAttribute("Target","#id-1234")
loObject1.AddAttribute("xmlns:xades","http://uri.etsi.org/01903/v1.3.2#")
loObject1.UpdateAttrAt("xades:SignedProperties",.T.,"Id","xades-id-1234")
// Note: It may be that http://www.w3.org/2001/04/xmlenc#sha256 is needed in the following line instead of http://www.w3.org/2000/09/xmldsig#sha1
loObject1.UpdateChildContent("xades:SignedProperties|xades:SignedSignatureProperties|xades:SigningTime","TO BE GENERATED BY CHILKAT")
loObject1.UpdateAttrAt("xades:SignedProperties|xades:SignedSignatureProperties|xades:SigningCertificate|xades:Cert|xades:CertDigest|ds:DigestMethod",.T.,"Algorithm","http://www.w3.org/2000/09/xmldsig#sha1")
loObject1.UpdateChildContent("xades:SignedProperties|xades:SignedSignatureProperties|xades:SigningCertificate|xades:Cert|xades:CertDigest|ds:DigestValue","TO BE GENERATED BY CHILKAT")
loObject1.UpdateChildContent("xades:SignedProperties|xades:SignedSignatureProperties|xades:SigningCertificate|xades:Cert|xades:IssuerSerial|ds:X509IssuerName","TO BE GENERATED BY CHILKAT")
loObject1.UpdateChildContent("xades:SignedProperties|xades:SignedSignatureProperties|xades:SigningCertificate|xades:Cert|xades:IssuerSerial|ds:X509SerialNumber","TO BE GENERATED BY CHILKAT")
loObject1.UpdateAttrAt("xades:SignedProperties|xades:SignedDataObjectProperties|xades:DataObjectFormat",.T.,"ObjectReference","#r-id-1")
loObject1.UpdateChildContent("xades:SignedProperties|xades:SignedDataObjectProperties|xades:DataObjectFormat|xades:MimeType","text/xml")

loGen.AddObject("",loObject1.GetXml(),"","")

// -------- Reference 1 --------
// Build the following Transforms fragment:

// <ds:Transforms>
//     <ds:Transform Algorithm="http://www.w3.org/TR/1999/REC-xpath-19991116">
//         <ds:XPath>not(ancestor-or-self::ds:Signature)</ds:XPath>
//     </ds:Transform>
//     <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
// </ds:Transforms>

loXml1 = createobject("CkXml")
loXml1.Tag = "ds:Transforms"
loXml1.UpdateAttrAt("ds:Transform",.T.,"Algorithm","http://www.w3.org/TR/1999/REC-xpath-19991116")
loXml1.UpdateChildContent("ds:Transform|ds:XPath","not(ancestor-or-self::ds:Signature)")
loXml1.UpdateAttrAt("ds:Transform[1]",.T.,"Algorithm","http://www.w3.org/2001/10/xml-exc-c14n#")

loGen.AddSameDocRef2("","sha256",loXml1,"")
loGen.SetRefIdAttr("","r-id-1")

// -------- Reference 2 --------
// Build the following Transforms fragment:

// <ds:Transforms>
//     <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
// </ds:Transforms>

loXml2 = createobject("CkXml")
loXml2.Tag = "ds:Transforms"
loXml2.UpdateAttrAt("ds:Transform",.T.,"Algorithm","http://www.w3.org/2001/10/xml-exc-c14n#")

loGen.AddObjectRef2("xades-id-1234","sha256",loXml2,"http://uri.etsi.org/01903#SignedProperties")

// Provide a certificate + private key. (PFX password is test123)
loCert = createobject("CkCert")
llSuccess = loCert.LoadPfxFile("qa_data/pfx/cert_test123.pfx","test123")
if (llSuccess <> .T.) then
    ? loCert.LastErrorText
    release loXmlToSign
    release loGen
    release loObject1
    release loXml1
    release loXml2
    release loCert
    return
endif

loGen.SetX509Cert(loCert,.T.)

loGen.KeyInfoType = "X509Data"
loGen.X509Type = "Certificate"

// Load XML to be signed...
loSbXml = createobject("CkStringBuilder")
loXmlToSign.GetXmlSb(loSbXml)

loGen.Behaviors = "IndentedSignature"

// Sign the XML...
llSuccess = loGen.CreateXmlDSigSb(loSbXml)
if (llSuccess <> .T.) then
    ? loGen.LastErrorText
    release loXmlToSign
    release loGen
    release loObject1
    release loXml1
    release loXml2
    release loCert
    release loSbXml
    return
endif

// -----------------------------------------------

// Save the signed XML to a file.
llSuccess = loSbXml.WriteFile("qa_output/signedXml.xml","utf-8",.F.)

? loSbXml.GetAsString()

// ----------------------------------------
// Verify the signatures we just produced...
loVerifier = createobject("CkXmlDSig")
llSuccess = loVerifier.LoadSignatureSb(loSbXml)
if (llSuccess <> .T.) then
    ? loVerifier.LastErrorText
    release loXmlToSign
    release loGen
    release loObject1
    release loXml1
    release loXml2
    release loCert
    release loSbXml
    release loVerifier
    return
endif

lnNumSigs = loVerifier.NumSignatures
lnVerifyIdx = 0
do while lnVerifyIdx < lnNumSigs
    loVerifier.Selector = lnVerifyIdx
    llVerified = loVerifier.VerifySignature(.T.)
    if (llVerified <> .T.) then
        ? loVerifier.LastErrorText
        release loXmlToSign
        release loGen
        release loObject1
        release loXml1
        release loXml2
        release loCert
        release loSbXml
        release loVerifier
        return
    endif

    lnVerifyIdx = lnVerifyIdx + 1
enddo
? "All signatures were successfully verified."


release loXmlToSign
release loGen
release loObject1
release loXml1
release loXml2
release loCert
release loSbXml
release loVerifier