Sample code for 30+ languages & platforms
PHP Extension

Add EncapsulatedTimestamp to Already-Signed XML

See more XML Digital Signatures Examples

Demonstrates how to add an EncapsulatedTimestamp to an existing XML signature.

Note: This example requires Chilkat v9.5.0.90 or greater.

Chilkat PHP Extension Downloads

PHP Extension
<?php

include("chilkat.php");

$success = false;

// This example requires the Chilkat API to have been previously unlocked.
// See Global Unlock Sample for sample code.

// Note: We cannot load the already-signed XML into a Chilkat XML object because it would re-format the XML when re-emitted.
// (i.e. indentation and whitespace could change, and it would invalidate the existing signature.)
// We must use a StringBuilder.
$sbXml = new CkStringBuilder();
$success = $sbXml->LoadFile('qa_data/xml_dsig_valid_samples/encapsulatedTimestamp_not_yet_added.xml','utf-8');
if ($success == false) {
    print 'Failed to load the XML file.' . "\n";
    exit;
}

$dsig = new CkXmlDSig();
$success = $dsig->LoadSignatureSb($sbXml);
if ($success == false) {
    print $dsig->lastErrorText() . "\n";
    exit;
}

if ($dsig->HasEncapsulatedTimeStamp() == true) {
    print 'This signed XML already has an EncapsulatedTimeStamp' . "\n";
    exit;
}

// Specify the timestamping authority URL
$json = new CkJsonObject();
$json->UpdateString('timestampToken.tsaUrl','http://timestamp.digicert.com');
$json->UpdateBool('timestampToken.requestTsaCert',true);

// Call AddEncapsulatedTimeStamp to add the EncapsulatedTimeStamp to the signature.
// Note: If the signed XML contains multiple signatures, the signature modified is the one 
// indicated by the dsig.Selector property.
$sbOut = new CkStringBuilder();
$success = $dsig->AddEncapsulatedTimeStamp($json,$sbOut);
if ($success == false) {
    print $dsig->lastErrorText() . "\n";
    exit;
}

$sbOut->WriteFile('qa_output/addedEncapsulatedTimeStamp.xml','utf-8',false);

// The EncapsulatedTimeStamp can be validated when validating the signature by adding the VerifyEncapsulatedTimeStamp
// keyword to UncommonOptions.  See here:

// ----------------------------------------
// Verify the signatures we just produced...
$verifier = new CkXmlDSig();
$success = $verifier->LoadSignatureSb($sbOut);
if ($success != true) {
    print $verifier->lastErrorText() . "\n";
    exit;
}

// Add "VerifyEncapsulatedTimeStamp" to the UncommonOptions to also verify any EncapsulatedTimeStamps
$verifier->put_UncommonOptions('VerifyEncapsulatedTimeStamp');

$numSigs = $verifier->get_NumSignatures();
$verifyIdx = 0;
while ($verifyIdx < $numSigs) {
    $verifier->put_Selector($verifyIdx);
    $verified = $verifier->VerifySignature(true);
    if ($verified != true) {
        print $verifier->lastErrorText() . "\n";
        exit;
    }

    $verifyIdx = $verifyIdx + 1;
}

print 'All signatures were successfully verified.' . "\n";

?>