(Perl) Sign Mexico Pedimento

Add a signature to a Mexico pedimento file.

Chilkat Perl Downloads Perl Module for Windows, MacOS, Linux, Alpine Linux, Solaris

use chilkat();

# This example requires the Chilkat API to have been previously unlocked.
# See Global Unlock Sample for sample code.

# This is the contents before signing:

# 500|1|3621|4199800|400||
# 601|3621|4199800|400|IN|1||EKU9003173C9|EKU9003173C9FRNN09|1||
# 507|4199800|IM|2006-7888">
# 507|4199800|MS|2">
# 800|4199800|1">
# 801|M3621037.222|1|5|011|

# This is the contents after signing

# 500|1|3621|4199800|400||
# 601|3621|4199800|400|IN|1||EKU9003173C9|EKU9003173C9FRNN09|1||
# 507|4199800|IM|2006-7888">
# 507|4199800|MS|2">
# 800|4199800|1|fhP2Ker54D2+3+UZch23F0E72 .... 9qNSPIuAqpj524qLZbbA==|30001000000500003416|
# 801|M3621037.222|1|5|011|

# First create the text to be signed.
$bCRLF = 1;
$sb = chilkat::CkStringBuilder->new();
# Use CRLF line endings.
$sb->AppendLine("500|1|3621|4199800|400||",$bCRLF);
$sb->AppendLine("601|3621|4199800|400|IN|1||EKU9003173C9|EKU9003173C9FRNN09|1||",$bCRLF);
$sb->AppendLine("507|4199800|IM|2006-7888">",$bCRLF);
$sb->AppendLine("507|4199800|MS|2">",$bCRLF);

# Generate the MD5 hash of what we have so far..
$md5_base64 = $sb->getHash("md5","base64","utf-8");
print "MD5 hash = " . $md5_base64 . "\r\n";

# Complete the original file.
# After signing, we'll update the BASE64_SIGNATURE and CERT_SERIAL
$sb->AppendLine("800|4199800|1|BASE64_SIGNATURE|CERT_SERIAL|",$bCRLF);
$sb->AppendLine("801|M3621037.222|1|5|011|",$bCRLF);

# We're going to sign the MD5 hash using the private key.
$privKey = chilkat::CkPrivateKey->new();
$success = $privKey->LoadAnyFormatFile("qa_data/certs/mexico_test/Certificados_de_Prueba/Certificados_Pruebas/Personas Morales/EKU9003173C9_20230517223532/CSD_EKU9003173C9_20230517223903/CSD_Sucursal_1_EKU9003173C9_20230517_223850.key","12345678a");
if ($success == 0) {
    print $privKey->lastErrorText() . "\r\n";
    exit;
}

# Generate the ASN.1 to be signed.

# <sequence>
#     <sequence>
#         <oid>1.2.840.113549.2.5</oid>
#         <null/>
#     </sequence>
#     <octets>SwxHfaJhG+N3pPqay6UzVA==</octets>
# </sequence>

$xml = chilkat::CkXml->new();
$xml->put_Tag("sequence");
$xml->UpdateChildContent("sequence|oid","1.2.840.113549.2.5");
$xml->UpdateChildContent("sequence|null","");
$xml->UpdateChildContent("octets",$md5_base64);

$asn = chilkat::CkAsn->new();
$asn->LoadAsnXml($xml->getXml());
print "ASN.1 = " . $asn->getEncodedDer("base64") . "\r\n";

# Sign with the private key.
$rsa = chilkat::CkRsa->new();
$success = $rsa->ImportPrivateKeyObj($privKey);
if ($success == 0) {
    print $rsa->lastErrorText() . "\r\n";
    exit;
}

# Create the opaque signature.
$bdSig = chilkat::CkBinData->new();
$bdSig->AppendEncoded($asn->getEncodedDer("base64"),"base64");
$success = $rsa->OpenSslSignBd($bdSig);
if ($success == 0) {
    print $rsa->lastErrorText() . "\r\n";
    exit;
}

# bd now contains the opaque signature, which embeds the ASN.1, which contains the MD5 hash.
# We're going to add this line:
# 800|4199800|1|BASE64_SIGNATURE|CERT_SERIAL_NUM|

$cert = chilkat::CkCert->new();
$success = $cert->LoadFromFile("qa_data/certs/mexico_test/Certificados_de_Prueba/Certificados_Pruebas/Personas Morales/EKU9003173C9_20230517223532/CSD_EKU9003173C9_20230517223903/CSD_Sucursal_1_EKU9003173C9_20230517_223850.cer");
if ($success == 0) {
    print $cert->lastErrorText() . "\r\n";
    exit;
}

$serialHex = $cert->serialNumber();
# The serial in hex form looks like this:   3330303031303030303030353030303033343136
# Decode to us-ascii.
$sbSerial = chilkat::CkStringBuilder->new();
$sbSerial->DecodeAndAppend($serialHex,"hex","us-ascii");
print "serial number in us-ascii: " . $sbSerial->getAsString() . "\r\n";

$numReplaced = $sb->Replace("CERT_SERIAL",$sbSerial->getAsString());
$numReplaced = $sb->Replace("BASE64_SIGNATURE",$bdSig->getEncoded("base64"));

print "------------------------------------" . "\r\n";
print "Result:" . "\r\n";
print $sb->getAsString() . "\r\n";