|
Chilkat • HOME • .NET Core C# • Android™ • AutoIt • C • C# • C++ • Chilkat2-Python • CkPython • Classic ASP • DataFlex • Delphi ActiveX • Delphi DLL • Go • Java • Lianja • Mono C# • Node.js • Objective-C • PHP ActiveX • PHP Extension • Perl • PowerBuilder • PowerShell • PureBasic • Ruby • SQL Server • Swift 2 • Swift 3,4,5... • Tcl • Unicode C • Unicode C++ • VB.NET • VBScript • Visual Basic 6.0 • Visual FoxPro • Xojo Plugin
(Perl) Create XAdES-T Signed XMLSee more XAdES ExamplesThis example signs XML using the XAdES-T profile. XAdES-T is a profile within the XAdES standard that adds support for secure timestamping of signatures. Secure timestamping involves adding a timestamp to the signature, indicating the exact time when the signature was applied. Timestamping enhances the long-term validity of signatures by providing evidence that the signature existed at a specific point in time, even if the signer's certificate has expired or been revoked. XAdES-T signatures include elements for embedding timestamp data within the XML signature, along with information about the timestamp authority and the timestamp verification process. XAdES-T signatures are suitable for scenarios where long-term validity and integrity of signatures are essential, such as in legal and regulatory contexts where archived documents may need to be validated years or decades later.
use chilkat(); # This example requires the Chilkat API to have been previously unlocked. # See Global Unlock Sample for sample code. $success = 1; # Create the XML to be signed... # Use this online tool to generate code from sample XML: # Generate Code to Create XML # <?xml version="1.0" encoding="UTF-8"?> # <es:Dossier xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns="http://uri.etsi.org/01903/v1.3.2#" xmlns:es="https://www.microsec.hu/ds/e-szigno30#" xsi:schemaLocation="https://www.microsec.hu/ds/e-szigno30# https://www.microsec.hu/ds/e-szigno30.xsd"> # <es:DossierProfile Id="PObject0" OBJREF="Object0"> # <es:Title>e-akta.es3</es:Title> # <es:E-category>electronic dossier</es:E-category> # <es:CreationDate>2022-12-02T07:55:16Z</es:CreationDate> # </es:DossierProfile> # <es:Documents Id="Object0"/> # </es:Dossier> $xmlToSign = chilkat::CkXml->new(); $xmlToSign->put_Tag("es:Dossier"); $xmlToSign->AddAttribute("xmlns:xsi","http://www.w3.org/2001/XMLSchema-instance"); $xmlToSign->AddAttribute("xmlns:ds","http://www.w3.org/2000/09/xmldsig#"); $xmlToSign->AddAttribute("xmlns","http://uri.etsi.org/01903/v1.3.2#"); $xmlToSign->AddAttribute("xmlns:es","https://www.microsec.hu/ds/e-szigno30#"); $xmlToSign->AddAttribute("xsi:schemaLocation","https://www.microsec.hu/ds/e-szigno30# https://www.microsec.hu/ds/e-szigno30.xsd"); $xmlToSign->UpdateAttrAt("es:DossierProfile",1,"Id","PObject0"); $xmlToSign->UpdateAttrAt("es:DossierProfile",1,"OBJREF","Object0"); $xmlToSign->UpdateChildContent("es:DossierProfile|es:Title","e-akta.es3"); $xmlToSign->UpdateChildContent("es:DossierProfile|es:E-category","electronic dossier"); $xmlToSign->UpdateChildContent("es:DossierProfile|es:CreationDate","2022-12-02T07:55:16Z"); $xmlToSign->UpdateAttrAt("es:Documents",1,"Id","Object0"); $gen = chilkat::CkXmlDSigGen->new(); $gen->put_SigLocation("es:Dossier"); $gen->put_SigLocationMod(0); $gen->put_SigId("S9fe8096e-2cac-415d-9222-f6cf2ecb314b"); $gen->put_SigValueId("VS9fe8096e-2cac-415d-9222-f6cf2ecb314b"); $gen->put_SignedInfoId("SIS9fe8096e-2cac-415d-9222-f6cf2ecb314b"); $gen->put_SignedInfoCanonAlg("EXCL_C14N"); $gen->put_SignedInfoDigestMethod("sha256"); # Set the KeyInfoId before adding references.. $gen->put_KeyInfoId("KS9fe8096e-2cac-415d-9222-f6cf2ecb314b"); # Create an Object to be added to the Signature. $object1 = chilkat::CkXml->new(); $object1->put_Tag("es:SignatureProfile"); $object1->AddAttribute("Id","PS9fe8096e-2cac-415d-9222-f6cf2ecb314b"); $object1->AddAttribute("OBJREF","Object0"); $object1->AddAttribute("SIGREF","S9fe8096e-2cac-415d-9222-f6cf2ecb314b"); $object1->AddAttribute("SIGREFLIST","#Object0 #PS9fe8096e-2cac-415d-9222-f6cf2ecb314b #PObject0 #XS9fe8096e-2cac-415d-9222-f6cf2ecb314b"); $object1->UpdateChildContent("es:SignerName","EC Minsített-Tesztel Péterke"); $object1->UpdateChildContent("es:SDPresented","false"); $object1->UpdateChildContent("es:Type","signature"); $object1->UpdateAttrAt("es:Generator|es:Program",1,"name","e-Szigno"); $object1->UpdateAttrAt("es:Generator|es:Program",1,"version","3.3.6.8"); $object1->UpdateAttrAt("es:Generator|es:Device",1,"name","OpenSSL 1.1.1n 15 Mar 2022"); $object1->UpdateAttrAt("es:Generator|es:Device",1,"type",""); $gen->AddObject("O1S9fe8096e-2cac-415d-9222-f6cf2ecb314b",$object1->getXml(),"",""); # Create an Object to be added to the Signature. $object2 = chilkat::CkXml->new(); $object2->put_Tag("QualifyingProperties"); $object2->AddAttribute("Target","#S9fe8096e-2cac-415d-9222-f6cf2ecb314b"); $object2->AddAttribute("Id","QPS9fe8096e-2cac-415d-9222-f6cf2ecb314b"); $object2->UpdateAttrAt("SignedProperties",1,"Id","XS9fe8096e-2cac-415d-9222-f6cf2ecb314b"); $object2->UpdateChildContent("SignedProperties|SignedSignatureProperties|SigningTime","TO BE GENERATED BY CHILKAT"); $object2->UpdateAttrAt("SignedProperties|SignedSignatureProperties|SigningCertificateV2|Cert|CertDigest|ds:DigestMethod",1,"Algorithm","http://www.w3.org/2001/04/xmlenc#sha256"); $object2->UpdateChildContent("SignedProperties|SignedSignatureProperties|SigningCertificateV2|Cert|CertDigest|ds:DigestValue","TO BE GENERATED BY CHILKAT"); $object2->UpdateChildContent("SignedProperties|SignedSignatureProperties|SigningCertificateV2|Cert|IssuerSerialV2","TO BE GENERATED BY CHILKAT"); $object2->UpdateChildContent("SignedProperties|SignedSignatureProperties|SignaturePolicyIdentifier|SignaturePolicyImplied",""); $object2->UpdateChildContent("SignedProperties|SignedSignatureProperties|SignerRoleV2|ClaimedRoles|ClaimedRole","tesztel"); # Here we have the EncapsulatedTimestamp found in the unsigned signature properties. $object2->UpdateAttrAt("UnsignedProperties|UnsignedSignatureProperties|SignatureTimeStamp",1,"Id","T72cb4961-4326-4319-857a-7cf55e7ef899"); $object2->UpdateAttrAt("UnsignedProperties|UnsignedSignatureProperties|SignatureTimeStamp|ds:CanonicalizationMethod",1,"Algorithm","http://www.w3.org/2001/10/xml-exc-c14n#"); $object2->UpdateAttrAt("UnsignedProperties|UnsignedSignatureProperties|SignatureTimeStamp|EncapsulatedTimeStamp",1,"Id","ET72cb4961-4326-4319-857a-7cf55e7ef899"); $object2->UpdateChildContent("UnsignedProperties|UnsignedSignatureProperties|SignatureTimeStamp|EncapsulatedTimeStamp","TO BE GENERATED BY CHILKAT"); $object2->UpdateAttrAt("UnsignedProperties|UnsignedSignatureProperties|TimeStampValidationData",1,"xmlns","http://uri.etsi.org/01903/v1.4.1#"); $object2->UpdateAttrAt("UnsignedProperties|UnsignedSignatureProperties|CertificateValues",1,"Id","CV18c7702d-d45b-44bc-853a-a720f41053cd"); $object2->UpdateAttrAt("UnsignedProperties|UnsignedSignatureProperties|CertificateValues|EncapsulatedX509Certificate",1,"Id","EC42db04c8-1422-407b-8c42-189353a55268"); $object2->UpdateChildContent("UnsignedProperties|UnsignedSignatureProperties|CertificateValues|EncapsulatedX509Certificate","BASE64_CONTENT"); $object2->UpdateAttrAt("UnsignedProperties|UnsignedSignatureProperties|CertificateValues|EncapsulatedX509Certificate[1]",1,"Id","EC04728b44-a32c-46c1-b9bb-85b1f6b3c7d3"); $object2->UpdateChildContent("UnsignedProperties|UnsignedSignatureProperties|CertificateValues|EncapsulatedX509Certificate[1]","BASE64_CONTENT"); $gen->AddObject("O2S9fe8096e-2cac-415d-9222-f6cf2ecb314b",$object2->getXml(),"",""); # -------- Reference 1 -------- $gen->AddSameDocRef("Object0","sha256","EXCL_C14N","",""); $gen->SetRefIdAttr("Object0","Re1f816c4-7898-4544-9b41-f4156dc0c528"); # -------- Reference 2 -------- $gen->AddObjectRef("PS9fe8096e-2cac-415d-9222-f6cf2ecb314b","sha256","EXCL_C14N","",""); $gen->SetRefIdAttr("PS9fe8096e-2cac-415d-9222-f6cf2ecb314b","Ra873b616-e568-4c38-ae94-27fbff67cc43"); # -------- Reference 3 -------- $gen->AddSameDocRef("PObject0","sha256","EXCL_C14N","",""); $gen->SetRefIdAttr("PObject0","Ra5d85948-5d6a-4914-8c32-242f5d6d9e81"); # -------- Reference 4 -------- $gen->AddObjectRef("XS9fe8096e-2cac-415d-9222-f6cf2ecb314b","sha256","EXCL_C14N","","http://uri.etsi.org/01903#SignedProperties"); $gen->SetRefIdAttr("XS9fe8096e-2cac-415d-9222-f6cf2ecb314b","Ra7412a43-dc05-4e0a-ac84-e9a070214757"); # Provide a certificate + private key. (PFX password is test123) $cert = chilkat::CkCert->new(); $success = $cert->LoadPfxFile("qa_data/pfx/cert_test123.pfx","test123"); if ($success != 1) { print $cert->lastErrorText() . "\r\n"; exit; } $gen->SetX509Cert($cert,1); $gen->put_KeyInfoType("X509Data"); $gen->put_X509Type("Certificate"); # ------------------------------------------------------------------------------------------- # To have the EncapsulatedTimeStamp automatically added, we only need to do 2 things. # 1) Add the <xades:EncapsulatedTimeStamp Encoding="http://uri.etsi.org/01903/v1.2.2#DER">TO BE GENERATED BY CHILKAT</xades:EncapsulatedTimeStamp> # to the unsigned properties. # 2) Specify the TSA URL (Timestamping Authority URL). # Here we specify the TSA URL: # ------------------------------------------------------------------------------------------- $jsonTsa = chilkat::CkJsonObject->new(); $jsonTsa->UpdateString("timestampToken.tsaUrl","http://timestamp.digicert.com"); $jsonTsa->UpdateBool("timestampToken.requestTsaCert",1); $gen->SetTsa($jsonTsa); # Load XML to be signed... $sbXml = chilkat::CkStringBuilder->new(); $xmlToSign->GetXmlSb($sbXml); $gen->put_Behaviors("IndentedSignature,OmitAlreadyDefinedSigNamespace"); # Sign the XML... $success = $gen->CreateXmlDSigSb($sbXml); if ($success != 1) { print $gen->lastErrorText() . "\r\n"; exit; } # ----------------------------------------------- # Save the signed XML to a file. $success = $sbXml->WriteFile("c:/temp/qa_output/signedXml.xml","utf-8",0); print $sbXml->getAsString() . "\r\n"; # ---------------------------------------- # Verify the signatures we just produced... $verifier = chilkat::CkXmlDSig->new(); $success = $verifier->LoadSignatureSb($sbXml); if ($success != 1) { print $verifier->lastErrorText() . "\r\n"; exit; } $numSigs = $verifier->get_NumSignatures(); $verifyIdx = 0; while ($verifyIdx < $numSigs) { $verifier->put_Selector($verifyIdx); $verified = $verifier->VerifySignature(1); if ($verified != 1) { print $verifier->lastErrorText() . "\r\n"; exit; } $verifyIdx = $verifyIdx + 1; } print "All signatures were successfully verified." . "\r\n"; |
||||
© 2000-2024 Chilkat Software, Inc. All Rights Reserved.