Chilkat HOME .NET Core C# Android™ AutoIt C C# C++ Chilkat2-Python CkPython Classic ASP DataFlex Delphi ActiveX Delphi DLL Go Java Lianja Mono C# Node.js Objective-C PHP ActiveX PHP Extension Perl PowerBuilder PowerShell PureBasic Ruby SQL Server Swift 2 Swift 3,4,5... Tcl Unicode C Unicode C++ VB.NET VBScript Visual Basic 6.0 Visual FoxPro Xojo Plugin
(Perl) CADES-BES Signature using ePass2003 TokenSee more Egypt ITIDA ExamplesDemonstrates using a certificate and private key located on an ePass2003 USB token to create a CADES-BES signature. (Demonstrates how to create a .p7s signature that fits Egypt's ITIDA requirements where Chilkat automatically does the ITIDA JSON canonicalization.)
use chilkat(); # This example requires the Chilkat API to have been previously unlocked. # See Global Unlock Sample for sample code. $scmd = chilkat::CkScMinidriver->new(); # Reader names (smart card readers or USB tokens) can be discovered # via List Readers or Find Smart Cards $readerName = "FS USB Token 0"; $success = $scmd->AcquireContext($readerName); if ($success == 0) { print $scmd->lastErrorText() . "\r\n"; exit; } # If successful, the name of the currently inserted smart card is available: print "Card name: " . $scmd->cardName() . "\r\n"; # If desired, perform regular PIN authentication with the smartcard. # For more details about smart card PIN authentication, see the Smart Card PIN Authentication Example $retval = $scmd->PinAuthenticate("user","12345678"); if ($retval != 0) { print "PIN Authentication failed." . "\r\n"; } # You can find a cerficate using any of the following certificate parts: # "subjectDN" -- The full distinguished name of the cert. # "subjectDN_withTags" -- Same as above, but in a format that includes the subject part tags, such as the "CN=" in "CN=something" # "subjectCN" -- The common name part (CN) of the certificate's subject. # "serial" -- The certificate serial number. # "serial:issuerCN" -- The certificate serial number + the issuer's common name, delimited with a colon char. # These are the same certificate parts that can be retrieved by listing certificates on the smart card (or USB token). # See List Certificates on Smart Card Example $certPart = "subjectCN"; $partValue = "Matt"; # If the certificate is found, it is loaded into the cert object. # Note: We imported this certificate from a .p12/.pfx using code such as this Example to Import a .pfx/.p12 onto a Smart Card $cert = chilkat::CkCert->new(); $success = $scmd->FindCert($certPart,$partValue,$cert); if ($success == 0) { print "Failed to find the certificate." . "\r\n"; $scmd->DeleteContext(); exit; } print "Successfully loaded the cert object from the smart card / USB token." . "\r\n"; # Note: When successful, the cert object is internally linked to the ScMinidriver object's authenticated session. # The cert object can now be used to sign or do other cryptographic operations that occur on the smart card / USB token. # If your application calls PinDeauthenticate or DeleteContext, the cert will no longer be able to sign on the smart card # because the smart card ScMinidriver session will no longer be authenticated or deleted. # ------------------------------------------------------------------------------------------------------------ # Here we have to code to create the CADES-BES signature using Chilkat Crypt2.. $crypt = chilkat::CkCrypt2->new(); # Tell the crypt class to use the cert on the ePass2003 token. $success = $crypt->SetSigningCert($cert); if ($success != 1) { print $crypt->lastErrorText() . "\r\n"; exit; } $cmsOptions = chilkat::CkJsonObject->new(); # Setting "DigestData" causes OID 1.2.840.113549.1.7.5 (digestData) to be used. $cmsOptions->UpdateBool("DigestData",1); $cmsOptions->UpdateBool("OmitAlgorithmIdNull",1); # Indicate that we are passing normal JSON and we want Chilkat do automatically # do the ITIDA JSON canonicalization: $cmsOptions->UpdateBool("CanonicalizeITIDA",1); $crypt->put_CmsOptions($cmsOptions->emit()); # The CadesEnabled property applies to all methods that create CMS/PKCS7 signatures. # To create a CAdES-BES signature, set this property equal to true. $crypt->put_CadesEnabled(1); $crypt->put_HashAlgorithm("sha256"); $jsonSigningAttrs = chilkat::CkJsonObject->new(); $jsonSigningAttrs->UpdateInt("contentType",1); $jsonSigningAttrs->UpdateInt("signingTime",1); $jsonSigningAttrs->UpdateInt("messageDigest",1); $jsonSigningAttrs->UpdateInt("signingCertificateV2",1); $crypt->put_SigningAttributes($jsonSigningAttrs->emit()); # By default, all the certs in the chain of authentication are included in the signature. # If desired, we can choose to only include the signing certificate: $crypt->put_IncludeCertChain(0); # Pass a JSON document such as the following. Chilkat will do the ITIDA canonicalization. # (It is the canonicalized JSON that gets signed.) # { # "issuer":{ # "address":{ # "branchID":"0", # "country":"EG", # "regionCity":"Cairo", # "postalCode":"", # "buildingNumber":"0", # "street":"123rd Street", # "governate":"GOVERNATE" # }, # "type":"B", # "id":"209999899", # "name":"Xyz SAE" # }, # "receiver":{ # "address":{ # "country":"EG", # "regionCity":"CAIRO", # "postalCode":"11435", # "buildingNumber":"0", # "street":"Autostrad Road Abc", # "governate":"GOVERNATE" # }, # "type":"B", # "id":"999999999", # "name":"XYZ EGYPT FOR TRADE" # }, # "documentType":"I", # "documentTypeVersion":"1.0", # "dateTimeIssued":"2020-11-15T11:04:53Z", # "taxpayerActivityCode":"1073", # "internalID":"ZZZZ999", # "purchaseOrderReference":"2009199918", # "salesOrderReference":"", # "payment":{ # "bankName":"", # "bankAddress":"", # "bankAccountNo":"", # "bankAccountIBAN":"", # "swiftCode":"", # "terms":"" # }, # "delivery":{ # "approach":"", # "packaging":"", # "dateValidity":"", # "exportPort":"", # "countryOfOrigin":"EG", # "grossWeight":0, # "netWeight":0, # "terms":"" # }, # "invoiceLines":[ # { # "description":"CDM Widget 48GX99X12BA", # "itemType":"GS1", # "itemCode":"7622213335056", # "unitType":"CS", # "quantity":1.00, # "unitValue":{ # "currencySold":"EGP", # "amountEGP":588.67, # "amountSold":0, # "currencyExchangeRate":0 # }, # "salesTotal":588.67, # "total":603.97, # "valueDifference":0, # "totalTaxableFees":0, # "netTotal":529.8, # "itemsDiscount":0, # "discount":{ # "rate":10.00, # "amount":58.87 # }, # "taxableItems":[ # { # "taxType":"T1", # "amount":74.17, # "subType":"No sub", # "rate":14.00 # } # ], # "internalCode":"9099994" # } # ], # "totalSales":588.67, # "totalSalesAmount":588.67, # "totalDiscountAmount":58.87, # "netAmount":529.80, # "taxTotals":[ # { # "taxType":"T1", # "amount":74.17 # } # ], # "extraDiscountAmount":0, # "totalItemsDiscountAmount":0, # "totalAmount":603.97, # } # $json = chilkat::CkJsonObject->new(); $success = $json->LoadFile("qa_data/itida/sdk.invoicing.eta.gov.eg/files/one-doc.json"); if ($success == 0) { print $json->lastErrorText() . "\r\n"; exit; } $json->put_EmitCompact(0); # Create the CAdES-BES signature. $crypt->put_EncodingMode("base64"); # Make sure we sign the utf-8 byte representation of the JSON string $crypt->put_Charset("utf-8"); $sigBase64 = $crypt->signStringENC($json->emit()); if ($crypt->get_LastMethodSuccess() == 0) { print $crypt->lastErrorText() . "\r\n"; exit; } print "Base64 signature:" . "\r\n"; print $sigBase64 . "\r\n"; # Add the signature to the JSON. $json->UpdateString("signatures[0].signatureType","I"); $json->UpdateString("signatures[0].value",$sigBase64); print "JSON with signature added:" . "\r\n"; print $json->emit() . "\r\n"; # ------------------------------------------------------------------------------------------------------------ # Cleanup our ScMinidriver session... # When finished with operations that required authentication, you may if you wish, deauthenticate the session. $success = $scmd->PinDeauthenticate("user"); if ($success == 0) { print $scmd->lastErrorText() . "\r\n"; } # Delete the context when finished with the card. $success = $scmd->DeleteContext(); if ($success == 0) { print $scmd->lastErrorText() . "\r\n"; } |
© 2000-2024 Chilkat Software, Inc. All Rights Reserved.