Perl
Perl
Signed Zip as Base64 with XAdES-BES
See more XAdES Examples
This example is to help companies implement a solution for sending XAdES-BES to the Polish government for reporting purposes. Specifically:Przed podpisaniem deklaracja zbiorcza (PIT-11Z, PIT-8CZ, PIT-40Z, PIT-RZ) musi zostać
umieszczona w archiwum ZIP. W tym przypadku, podpisywany jest plik archiwum ZIP,
przyjmujący w podpisie XAdES-BES formę zakodowaną base64.
The example demonstrates the following:
- Zip an XML file (PIT-11Z.xml is zipped to PIT-11Z.zip)
- Create XML to be signed, where the XML contains the base64 encoded content of the PIT-11Z.zip archive.
- XAdES-BES sign the XML containing the base64 zip.
This example will also show the reverse:
- Verify the signed XML.
- Extract the PIT-11z.zip from the signed XML.
- Unzip the PIT-11Z.zip to get the original PIT-11Z.xml
Chilkat Perl Downloads
use chilkat();
$success = 0;
# This example assumes the Chilkat API to have been previously unlocked.
# See Global Unlock Sample for sample code.
# Zip the PIT-11Z.xml to create PIT-11Z.zip (not as a .zip file, but in-memory).
$sbXmlToZip = chilkat::CkStringBuilder->new();
$success = $sbXmlToZip->LoadFile("qa_data/xml/PIT-11Z.xml","utf-8");
if ($success != 1) {
print "Failed to load the XML to be zipped." . "\r\n";
exit;
}
$zip = chilkat::CkZip->new();
# Initialize the zip object. No file is created in this call.
# It should always return 1.
$success = $zip->NewZip("PIT-11Z.zip");
# Add the XML to be zipped.
$zip->AddSb("PIT-11Z.xml",$sbXmlToZip,"utf-8");
# Write the zip to a BinData object.
$bdZip = chilkat::CkBinData->new();
$zip->WriteBd($bdZip);
# The contents of the bdZip will be retrieved in base64 format when needed below..
$gen = chilkat::CkXmlDSigGen->new();
$gen->put_SigLocation("");
$gen->put_SigLocationMod(0);
$gen->put_SigId("Signature_2a8df7f8-b958-40cc-83f6-edb53b837347_19");
$gen->put_SigNamespacePrefix("ds");
$gen->put_SigNamespaceUri("http://www.w3.org/2000/09/xmldsig#");
$gen->put_SigValueId("SignatureValue_2a8df7f8-b958-40cc-83f6-edb53b837347_52");
$gen->put_SignedInfoId("SignedInfo_2a8df7f8-b958-40cc-83f6-edb53b837347_41");
$gen->put_SignedInfoCanonAlg("C14N");
$gen->put_SignedInfoDigestMethod("sha1");
# Set the KeyInfoId before adding references..
$gen->put_KeyInfoId("KeyInfo_2a8df7f8-b958-40cc-83f6-edb53b837347_24");
# Create an Object to be added to the Signature.
$object1 = chilkat::CkXml->new();
$object1->put_Tag("xades:QualifyingProperties");
$object1->AddAttribute("xmlns:xades","http://uri.etsi.org/01903/v1.3.2#");
$object1->AddAttribute("Id","QualifyingProperties_2a8df7f8-b958-40cc-83f6-edb53b837347_43");
$object1->AddAttribute("Target","#Signature_2a8df7f8-b958-40cc-83f6-edb53b837347_19");
$object1->UpdateAttrAt("xades:SignedProperties",1,"Id","SignedProperties_2a8df7f8-b958-40cc-83f6-edb53b837347_4e");
$object1->UpdateAttrAt("xades:SignedProperties|xades:SignedSignatureProperties",1,"Id","SignedSignatureProperties_2a8df7f8-b958-40cc-83f6-edb53b837347_0a");
# Chilkat will replace the strings "TO BE GENERATED BY CHILKAT" with actual values when the signature is created.
$object1->UpdateChildContent("xades:SignedProperties|xades:SignedSignatureProperties|xades:SigningTime","TO BE GENERATED BY CHILKAT");
# Note: It may be that http://www.w3.org/2001/04/xmlenc#sha256 is needed in the following line instead of http://www.w3.org/2000/09/xmldsig#sha1
$object1->UpdateAttrAt("xades:SignedProperties|xades:SignedSignatureProperties|xades:SigningCertificateV2|xades:Cert|xades:CertDigest|ds:DigestMethod",1,"Algorithm","http://www.w3.org/2000/09/xmldsig#sha1");
$object1->UpdateChildContent("xades:SignedProperties|xades:SignedSignatureProperties|xades:SigningCertificateV2|xades:Cert|xades:CertDigest|ds:DigestValue","TO BE GENERATED BY CHILKAT");
$object1->UpdateChildContent("xades:SignedProperties|xades:SignedSignatureProperties|xades:SigningCertificateV2|xades:Cert|xades:IssuerSerialV2","TO BE GENERATED BY CHILKAT");
$object1->UpdateAttrAt("xades:SignedProperties|xades:SignedDataObjectProperties",1,"Id","SignedDataObjectProperties_2a8df7f8-b958-40cc-83f6-edb53b837347_4b");
$object1->UpdateAttrAt("xades:SignedProperties|xades:SignedDataObjectProperties|xades:DataObjectFormat",1,"ObjectReference","#Reference1_2a8df7f8-b958-40cc-83f6-edb53b837347_27");
$object1->UpdateChildContent("xades:SignedProperties|xades:SignedDataObjectProperties|xades:DataObjectFormat|xades:Description","MIME-Version: 1.0\r\nContent-Type: application/zip\r\nContent-Transfer-Encoding: binary\r\nContent-Disposition: filename="PIT-11Z.zip"");
$object1->UpdateAttrAt("xades:SignedProperties|xades:SignedDataObjectProperties|xades:DataObjectFormat|xades:ObjectIdentifier|xades:Identifier",1,"Qualifier","OIDAsURI");
$object1->UpdateChildContent("xades:SignedProperties|xades:SignedDataObjectProperties|xades:DataObjectFormat|xades:ObjectIdentifier|xades:Identifier","http://www.certum.pl/OIDAsURI/signedFile/1.2.616.1.113527.3.1.1.3.1");
$object1->UpdateChildContent("xades:SignedProperties|xades:SignedDataObjectProperties|xades:DataObjectFormat|xades:ObjectIdentifier|xades:Description","Opis formatu dokumentu oraz jego pelna nazwa");
$object1->UpdateChildContent("xades:SignedProperties|xades:SignedDataObjectProperties|xades:DataObjectFormat|xades:ObjectIdentifier|xades:DocumentationReferences|xades:DocumentationReference","http://www.certum.pl/OIDAsURI/signedFile.pdf");
$object1->UpdateChildContent("xades:SignedProperties|xades:SignedDataObjectProperties|xades:DataObjectFormat|xades:MimeType","application/zip");
$object1->UpdateChildContent("xades:SignedProperties|xades:SignedDataObjectProperties|xades:CommitmentTypeIndication|xades:CommitmentTypeId|xades:Identifier","http://uri.etsi.org/01903/v1.2.2#ProofOfApproval");
$object1->UpdateChildContent("xades:SignedProperties|xades:SignedDataObjectProperties|xades:CommitmentTypeIndication|xades:AllSignedDataObjects","");
$object1->UpdateAttrAt("xades:UnsignedProperties",1,"Id","UnsignedProperties_2a8df7f8-b958-40cc-83f6-edb53b837347_55");
# Emit XML in compact (single-line) format to avoid whitespace problems.
$object1->put_EmitCompact(1);
$gen->AddObject("",$object1->getXml(),"","");
# Create an Object to be added to the Signature.
# This is where we add the base64 representation of the PIT-11Z.zip
$gen->AddObject("Object1_2a8df7f8-b958-40cc-83f6-edb53b837347",$bdZip->getEncoded("base64"),"","http://www.w3.org/2000/09/xmldsig#base64");
# -------- Reference 1 --------
$gen->AddObjectRef("Object1_2a8df7f8-b958-40cc-83f6-edb53b837347","sha1","C14N_WithComments","","");
$gen->SetRefIdAttr("Object1_2a8df7f8-b958-40cc-83f6-edb53b837347","Reference1_2a8df7f8-b958-40cc-83f6-edb53b837347_27");
# -------- Reference 2 --------
$gen->AddObjectRef("SignedProperties_2a8df7f8-b958-40cc-83f6-edb53b837347_4e","sha1","","","http://uri.etsi.org/01903#SignedProperties");
$gen->SetRefIdAttr("SignedProperties_2a8df7f8-b958-40cc-83f6-edb53b837347_4e","SignedProperties-Reference_2a8df7f8-b958-40cc-83f6-edb53b837347_28");
# Provide a certificate + private key. (PFX password is test123)
$cert = chilkat::CkCert->new();
$success = $cert->LoadPfxFile("qa_data/pfx/cert_test123.pfx","test123");
if ($success == 0) {
print $cert->lastErrorText() . "\r\n";
exit;
}
$gen->SetX509Cert($cert,1);
$gen->put_KeyInfoType("X509Data");
$gen->put_X509Type("Certificate");
# This will be an enveloping signature where the Signature element
# is the XML document root, the signed data is contained within Object
# tag(s) within the Signature.
# Therefore, pass an empty sbXml to CreateXmlDsigSb.
$sbXml = chilkat::CkStringBuilder->new();
# The Polish government's XmlDSig implementation requires that we reproduce an attribute-sorting error.
# (This is an error in the XML canonicalization that is not noticed when both the signature-creation code and signature-verification code use
# the same XML canonicalization implementation w/ the bug.)
$gen->put_Behaviors("AttributeSortingBug,CompactSignedXml");
# Sign the XML...
$success = $gen->CreateXmlDSigSb($sbXml);
if ($success == 0) {
print $gen->lastErrorText() . "\r\n";
exit;
}
# -----------------------------------------------
# Save the signed XML to a file.
$success = $sbXml->WriteFile("qa_output/signedXml.xml","utf-8",0);
print $sbXml->getAsString() . "\r\n";
# ----------------------------------------
# Verify the signature we just produced...
$verifier = chilkat::CkXmlDSig->new();
$success = $verifier->LoadSignatureSb($sbXml);
if ($success == 0) {
print $verifier->lastErrorText() . "\r\n";
exit;
}
$verified = $verifier->VerifySignature(1);
if ($verified != 1) {
print $verifier->lastErrorText() . "\r\n";
exit;
}
print "This signature was successfully verified." . "\r\n";
# ------------------------------------
# Finally, let's extract the .zip from the signed XML, and then unzip the original PIT-11Z.xml from the in-memory zip.
$xml = chilkat::CkXml->new();
$xml->LoadSb($sbXml,1);
# The base64 image of the PIT-11Z.zip is in the 2nd ds:Object child of the ds:Signature (the ds:Signature is the root element of the signed XML).
# (ds:Object[0] would be the 1st ds:Object child. Index 1 is the 2nd ds:Object child.)
$strZipBase64 = $xml->getChildContent("ds:Object[1]");
$bdZip->Clear();
$bdZip->AppendEncoded($strZipBase64,"base64");
if ($bdZip->get_NumBytes() == 0) {
print "Something went wrong.. we dont' have any data.." . "\r\n";
exit;
}
$success = $zip->OpenBd($bdZip);
if ($success == 0) {
print $zip->lastErrorText() . "\r\n";
exit;
}
# Get the 1st file in the zip, which should be the PIT-11Z.xml
$entry = chilkat::CkZipEntry->new();
$success = $zip->EntryAt(0,$entry);
if ($success == 0) {
print "Zip contains no files..." . "\r\n";
exit;
}
# Get the XML:
$origXml = $entry->unzipToString(0,"utf-8");
print "Original XML extracted from base64 zip:" . "\r\n";
print $origXml . "\r\n";