Chilkat HOME .NET Core C# Android™ AutoIt C C# C++ Chilkat2-Python CkPython Classic ASP DataFlex Delphi ActiveX Delphi DLL Go Java Lianja Mono C# Node.js Objective-C PHP ActiveX PHP Extension Perl PowerBuilder PowerShell PureBasic Ruby SQL Server Swift 2 Swift 3,4,5... Tcl Unicode C Unicode C++ VB.NET VBScript Visual Basic 6.0 Visual FoxPro Xojo Plugin
(Objective-C) XAdES using TSA Requiring Client CertificateSee more XML Digital Signatures ExamplesDemonstrates how to create an XMLDSig (XAdES) signed document which includes an EncapsulatedTimestamp using a TSA (TimeStamp Authority) server requiring client certificate authentication. One such TSA is https://www3.postsignum.cz/TSS/TSS_crt/
#import <CkoStringBuilder.h> #import <CkoXmlDSigGen.h> #import <CkoXml.h> #import <CkoCert.h> #import <CkoJsonObject.h> #import <CkoHttp.h> // This example requires the Chilkat API to have been previously unlocked. // See Global Unlock Sample for sample code. BOOL success = YES; // Load the XML to be signed. For example, the XML to be signed might contain something like this: // <?xml version="1.0" encoding="utf-8"?> // <TransakcniLogSystemu xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://nsess.public.cz/erms_trans/v_01_01" Id="Signature1"> // <TransLogInfo> // <Identifikator>XYZ ABC</Identifikator> // <DatumVzniku>2022-12-20T14:39:02.3625922+01:00</DatumVzniku> // <DatumCasOd>2022-12-20T14:26:26.88</DatumCasOd> // <DatumCasDo>2022-12-20T14:39:02.287</DatumCasDo> // <Software>XYZ</Software> // <VerzeSoftware>2.0.19.32</VerzeSoftware> // </TransLogInfo> // <Udalosti> // <Udalost> // <Poradi>1</Poradi> // ... // Load the XML to be signed from a file. // (XML can be loaded from other source, such as a string variable.) CkoStringBuilder *sbXml = [[CkoStringBuilder alloc] init]; success = [sbXml LoadFile: @"xmlToSign.xml" charset: @"utf-8"]; CkoXmlDSigGen *gen = [[CkoXmlDSigGen alloc] init]; gen.SigLocation = @"TransakcniLogSystemu"; gen.SigLocationMod = [NSNumber numberWithInt:0]; gen.SigId = @"SignatureID-Signature1"; gen.SigNamespacePrefix = @"ds"; gen.SigNamespaceUri = @"http://www.w3.org/2000/09/xmldsig#"; gen.SignedInfoCanonAlg = @"C14N"; gen.SignedInfoDigestMethod = @"sha256"; // Set the KeyInfoId before adding references.. gen.KeyInfoId = @"KeyInfoId-Signature-Signature1"; // Create an Object to be added to the Signature. // Note: Chilkat will automatically fill in the values marked as "TO BE GENERATED BY CHILKAT" at the time of signing. // The EncapsulatedTimestamp will be automatically generated. CkoXml *object1 = [[CkoXml alloc] init]; object1.Tag = @"xades:QualifyingProperties"; [object1 AddAttribute: @"xmlns:xades" value: @"http://uri.etsi.org/01903/v1.3.2#"]; [object1 AddAttribute: @"Target" value: @"#Signature1"]; [object1 UpdateAttrAt: @"xades:SignedProperties" autoCreate: YES attrName: @"Id" attrValue: @"SignedProperties-Signature-Signature1"]; [object1 UpdateChildContent: @"xades:SignedProperties|xades:SignedSignatureProperties|xades:SigningTime" value: @"TO BE GENERATED BY CHILKAT"]; [object1 UpdateAttrAt: @"xades:SignedProperties|xades:SignedSignatureProperties|xades:SigningCertificateV2|xades:Cert|xades:CertDigest|ds:DigestMethod" autoCreate: YES attrName: @"Algorithm" attrValue: @"http://www.w3.org/2001/04/xmlenc#sha256"]; [object1 UpdateChildContent: @"xades:SignedProperties|xades:SignedSignatureProperties|xades:SigningCertificateV2|xades:Cert|xades:CertDigest|ds:DigestValue" value: @"TO BE GENERATED BY CHILKAT"]; [object1 UpdateChildContent: @"xades:SignedProperties|xades:SignedSignatureProperties|xades:SigningCertificateV2|xades:Cert|xades:IssuerSerialV2" value: @"TO BE GENERATED BY CHILKAT"]; // The EncapsulatedTimestamp will be included in the unsigned properties. [object1 UpdateAttrAt: @"xades:UnsignedProperties|xades:UnsignedSignatureProperties|xades:SignatureTimeStamp" autoCreate: YES attrName: @"Id" attrValue: @"signature-timestamp-5561-8212-3316-5191"]; [object1 UpdateAttrAt: @"xades:UnsignedProperties|xades:UnsignedSignatureProperties|xades:SignatureTimeStamp|ds:CanonicalizationMethod" autoCreate: YES attrName: @"Algorithm" attrValue: @"http://www.w3.org/2001/10/xml-exc-c14n#"]; [object1 UpdateAttrAt: @"xades:UnsignedProperties|xades:UnsignedSignatureProperties|xades:SignatureTimeStamp|xades:EncapsulatedTimeStamp" autoCreate: YES attrName: @"Encoding" attrValue: @"http://uri.etsi.org/01903/v1.2.2#DER"]; [object1 UpdateChildContent: @"xades:UnsignedProperties|xades:UnsignedSignatureProperties|xades:SignatureTimeStamp|xades:EncapsulatedTimeStamp" value: @"TO BE GENERATED BY CHILKAT"]; [gen AddObject: @"XadesObjectId-Signature1" content: [object1 GetXml] mimeType: @"" encoding: @""]; // -------- Reference 1 -------- [gen AddObjectRef: @"SignedProperties-Signature-Signature1" digestMethod: @"sha256" canonMethod: @"EXCL_C14N" prefixList: @"" refType: @"http://uri.etsi.org/01903#SignedProperties"]; // -------- Reference 2 -------- [gen AddSameDocRef: @"KeyInfoId-Signature-Signature1" digestMethod: @"sha256" canonMethod: @"EXCL_C14N" prefixList: @"" refType: @""]; [gen SetRefIdAttr: @"KeyInfoId-Signature-Signature1" value: @"ReferenceKeyInfo"]; // -------- Reference 3 -------- [gen AddSameDocRef: @"" digestMethod: @"sha256" canonMethod: @"EXCL_C14N" prefixList: @"" refType: @""]; [gen SetRefIdAttr: @"" value: @"Reference-Signature1"]; // Provide a certificate + private key. (PFX password is test123) CkoCert *cert = [[CkoCert alloc] init]; success = [cert LoadPfxFile: @"qa_data/pfx/cert_test123.pfx" password: @"test123"]; if (success != YES) { NSLog(@"%@",cert.LastErrorText); return; } [gen SetX509Cert: cert usePrivateKey: YES]; gen.KeyInfoType = @"X509Data"; gen.X509Type = @"Certificate"; gen.Behaviors = @"IndentedSignature"; // ------------------------------------------------------------------------------------------- // To have the EncapsulatedTimeStamp automatically added... // 1) Add the <xades:EncapsulatedTimeStamp Encoding="http://uri.etsi.org/01903/v1.2.2#DER">TO BE GENERATED BY CHILKAT</xades:EncapsulatedTimeStamp> // to the unsigned properties. (This was accomplished in the above code.) // 2) Specify the TSA URL (Timestamping Authority URL). // Here we specify the TSA URL: // ------------------------------------------------------------------------------------------- CkoJsonObject *jsonTsa = [[CkoJsonObject alloc] init]; [jsonTsa UpdateString: @"timestampToken.tsaUrl" value: @"https://www3.postsignum.cz/TSS/TSS_crt/"]; [jsonTsa UpdateBool: @"timestampToken.requestTsaCert" value: YES]; [gen SetTsa: jsonTsa]; // ------------------------------------------------------------------------------------------- // In this case, the TSA requires client certificate authentication. // To provide your client certificate, the application will instantiate a Chilkat HTTP object, // then set it up with a SSL/TLS client certificate, and then tell the XmlDSigGen object // to use the HTTP object for connections to the TSA server. // ------------------------------------------------------------------------------------------- CkoHttp *http = [[CkoHttp alloc] init]; success = [http SetSslClientCertPfx: @"/home/bob/pfxFiles/myClientSideCertWithPrivateKey.pfx" pfxPassword: @"pfxPassword"]; if (success != YES) { NSLog(@"%@",http.LastErrorText); return; } // Tell the XmlDSigGen object to use the above HTTP object for TSA communications. [gen SetHttpObj: http]; // Sign the XML... success = [gen CreateXmlDSigSb: sbXml]; if (success != YES) { NSLog(@"%@",gen.LastErrorText); return; } // ----------------------------------------------- // Save the signed XML to a file. success = [sbXml WriteFile: @"c:/temp/qa_output/signedXml.xml" charset: @"utf-8" emitBom: NO]; NSLog(@"%@",[sbXml GetAsString]); |
© 2000-2024 Chilkat Software, Inc. All Rights Reserved.