|
Chilkat • HOME • .NET Core C# • Android™ • AutoIt • C • C# • C++ • Chilkat2-Python • CkPython • Classic ASP • DataFlex • Delphi ActiveX • Delphi DLL • Go • Java • Lianja • Mono C# • Node.js • Objective-C • PHP ActiveX • PHP Extension • Perl • PowerBuilder • PowerShell • PureBasic • Ruby • SQL Server • Swift 2 • Swift 3,4,5... • Tcl • Unicode C • Unicode C++ • VB.NET • VBScript • Visual Basic 6.0 • Visual FoxPro • Xojo Plugin
(PHP Extension) XML-DSig Add Reference with Transforms Specified ExplicitlyDemonstrates how to use the new AddSameDocRef2 method to explicitly specify the XML Transforms fragment.
<?php // The version number (9_5_0) should match version of the Chilkat extension used, omitting the micro-version number. // For example, if using Chilkat v9.5.0.48, then include as shown here: include("chilkat_9_5_0.php"); // This example requires the Chilkat API to have been previously unlocked. // See Global Unlock Sample for sample code. $success = true; // Create the following XML to be signed: // <doc> // <s id="s1">Some text...</s> // <p>Some text...</p> // <p class="note">A note...</p> // </doc> // Use this online tool to generate code from sample XML: // Generate Code to Create XML $xmlToSign = new CkXml(); $xmlToSign->put_Tag('doc'); $xmlToSign->UpdateAttrAt('s',true,'id','s1'); $xmlToSign->UpdateChildContent('s','Some text...'); $xmlToSign->UpdateChildContent('p','Some text...'); $xmlToSign->UpdateAttrAt('p[1]',true,'class','note'); $xmlToSign->UpdateChildContent('p[1]','A note...'); print $xmlToSign->getXml() . "\n"; $gen = new CkXmlDSigGen(); $gen->put_SigLocation('doc'); $gen->put_SigLocationMod(0); $gen->put_SigId('Signature-78f29839-06af-448f-b479-ca46457fab1b-Signature'); $gen->put_SigNamespacePrefix('ds'); $gen->put_SigNamespaceUri('http://www.w3.org/2000/09/xmldsig#'); $gen->put_SigValueId('Signature-78f29839-06af-448f-b479-ca46457fab1b-SignatureValue'); $gen->put_SignedInfoCanonAlg('C14N'); $gen->put_SignedInfoDigestMethod('sha1'); // Set the KeyInfoId before adding references.. $gen->put_KeyInfoId('Signature-78f29839-06af-448f-b479-ca46457fab1b-KeyInfo'); // The following XML to be added as an Object to the Signature // Use this online tool to generate code from sample XML: // Generate Code to Create XML // <xades:QualifyingProperties Id="Signature-78f29839-06af-448f-b479-ca46457fab1b-QualifyingProperties" Target="#Signature-78f29839-06af-448f-b479-ca46457fab1b-Signature" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:xades="http://uri.etsi.org/01903/v1.3.2#"> // <xades:SignedProperties Id="Signature-78f29839-06af-448f-b479-ca46457fab1b-SignedProperties"> // <xades:SignedSignatureProperties> // <xades:SigningTime>TO BE GENERATED BY CHILKAT</xades:SigningTime> // <xades:SigningCertificate> // <xades:Cert> // <xades:CertDigest> // <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/> // <ds:DigestValue>TO BE GENERATED BY CHILKAT</ds:DigestValue> // </xades:CertDigest> // <xades:IssuerSerial> // <ds:X509IssuerName>TO BE GENERATED BY CHILKAT</ds:X509IssuerName> // <ds:X509SerialNumber>TO BE GENERATED BY CHILKAT</ds:X509SerialNumber> // </xades:IssuerSerial> // </xades:Cert> // </xades:SigningCertificate> // </xades:SignedSignatureProperties> // <xades:SignedDataObjectProperties> // <xades:DataObjectFormat ObjectReference="#Reference-24eb6003-d41c-442c-a731-d4c58f94790b"> // <xades:Description/> // <xades:ObjectIdentifier> // <xades:Identifier Qualifier="OIDAsURN">urn:oid:1.2.840.10003.5.109.10</xades:Identifier> // <xades:Description/> // </xades:ObjectIdentifier> // <xades:MimeType>text/xml</xades:MimeType> // <xades:Encoding/> // </xades:DataObjectFormat> // </xades:SignedDataObjectProperties> // </xades:SignedProperties> // </xades:QualifyingProperties> $object1 = new CkXml(); $object1->put_Tag('xades:QualifyingProperties'); $object1->AddAttribute('Id','Signature-78f29839-06af-448f-b479-ca46457fab1b-QualifyingProperties'); $object1->AddAttribute('Target','#Signature-78f29839-06af-448f-b479-ca46457fab1b-Signature'); $object1->AddAttribute('xmlns:ds','http://www.w3.org/2000/09/xmldsig#'); $object1->AddAttribute('xmlns:xades','http://uri.etsi.org/01903/v1.3.2#'); $object1->UpdateAttrAt('xades:SignedProperties',true,'Id','Signature-78f29839-06af-448f-b479-ca46457fab1b-SignedProperties'); $object1->UpdateChildContent('xades:SignedProperties|xades:SignedSignatureProperties|xades:SigningTime','TO BE GENERATED BY CHILKAT'); // Note: It may be that http://www.w3.org/2001/04/xmlenc#sha256 is needed in the following line instead of http://www.w3.org/2000/09/xmldsig#sha1 $object1->UpdateAttrAt('xades:SignedProperties|xades:SignedSignatureProperties|xades:SigningCertificate|xades:Cert|xades:CertDigest|ds:DigestMethod',true,'Algorithm','http://www.w3.org/2000/09/xmldsig#sha1'); $object1->UpdateChildContent('xades:SignedProperties|xades:SignedSignatureProperties|xades:SigningCertificate|xades:Cert|xades:CertDigest|ds:DigestValue','TO BE GENERATED BY CHILKAT'); $object1->UpdateChildContent('xades:SignedProperties|xades:SignedSignatureProperties|xades:SigningCertificate|xades:Cert|xades:IssuerSerial|ds:X509IssuerName','TO BE GENERATED BY CHILKAT'); $object1->UpdateChildContent('xades:SignedProperties|xades:SignedSignatureProperties|xades:SigningCertificate|xades:Cert|xades:IssuerSerial|ds:X509SerialNumber','TO BE GENERATED BY CHILKAT'); $object1->UpdateAttrAt('xades:SignedProperties|xades:SignedDataObjectProperties|xades:DataObjectFormat',true,'ObjectReference','#Reference-24eb6003-d41c-442c-a731-d4c58f94790b'); $object1->UpdateChildContent('xades:SignedProperties|xades:SignedDataObjectProperties|xades:DataObjectFormat|xades:Description',''); $object1->UpdateAttrAt('xades:SignedProperties|xades:SignedDataObjectProperties|xades:DataObjectFormat|xades:ObjectIdentifier|xades:Identifier',true,'Qualifier','OIDAsURN'); $object1->UpdateChildContent('xades:SignedProperties|xades:SignedDataObjectProperties|xades:DataObjectFormat|xades:ObjectIdentifier|xades:Identifier','urn:oid:1.2.840.10003.5.109.10'); $object1->UpdateChildContent('xades:SignedProperties|xades:SignedDataObjectProperties|xades:DataObjectFormat|xades:ObjectIdentifier|xades:Description',''); $object1->UpdateChildContent('xades:SignedProperties|xades:SignedDataObjectProperties|xades:DataObjectFormat|xades:MimeType','text/xml'); $object1->UpdateChildContent('xades:SignedProperties|xades:SignedDataObjectProperties|xades:DataObjectFormat|xades:Encoding',''); print $object1->getXml() . "\n"; $gen->AddObject('',$object1->getXml(),'',''); // -------- Reference 1 -------- // Create the following Transforms fragment: // Use this online tool to generate code from sample XML: // Generate Code to Create XML // <ds:Transforms> // <ds:Transform Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/> // <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/> // <ds:Transform Algorithm="http://www.w3.org/TR/1999/REC-xpath-19991116"> // <ds:XPath xmlns:ds="http://www.w3.org/2000/09/xmldsig#">not(ancestor-or-self::ds:Signature)</ds:XPath> // </ds:Transform> // </ds:Transforms> $xml1 = new CkXml(); $xml1->put_Tag('ds:Transforms'); $xml1->UpdateAttrAt('ds:Transform',true,'Algorithm','http://www.w3.org/TR/2001/REC-xml-c14n-20010315'); $xml1->UpdateAttrAt('ds:Transform[1]',true,'Algorithm','http://www.w3.org/2000/09/xmldsig#enveloped-signature'); $xml1->UpdateAttrAt('ds:Transform[2]',true,'Algorithm','http://www.w3.org/TR/1999/REC-xpath-19991116'); $xml1->UpdateAttrAt('ds:Transform[2]|ds:XPath',true,'xmlns:ds','http://www.w3.org/2000/09/xmldsig#'); $xml1->UpdateChildContent('ds:Transform[2]|ds:XPath','not(ancestor-or-self::ds:Signature)'); // This is the "Transforms" XML fragment passed to AddSameDocRef2. print $xml1->getXml() . "\n"; $gen->AddSameDocRef2('','sha1',$xml1,''); $gen->SetRefIdAttr('','Reference-24eb6003-d41c-442c-a731-d4c58f94790b'); // -------- Reference 2 -------- $gen->AddObjectRef('Signature-78f29839-06af-448f-b479-ca46457fab1b-SignedProperties','sha1','','','http://uri.etsi.org/01903#SignedProperties'); // -------- Reference 3 -------- $gen->AddSameDocRef('Signature-78f29839-06af-448f-b479-ca46457fab1b-KeyInfo','sha1','','',''); // Provide a certificate + private key. (PFX password is test123) $cert = new CkCert(); $success = $cert->LoadPfxFile('qa_data/pfx/cert_test123.pfx','test123'); if ($success != true) { print $cert->lastErrorText() . "\n"; exit; } $gen->SetX509Cert($cert,true); $gen->put_KeyInfoType('X509Data+KeyValue'); $gen->put_X509Type('CertChain'); // Load XML to be signed... $sbXml = new CkStringBuilder(); $xmlToSign->GetXmlSb($sbXml); $gen->put_Behaviors('IndentedSignature'); // Sign the XML... $success = $gen->CreateXmlDSigSb($sbXml); if ($success != true) { print $gen->lastErrorText() . "\n"; exit; } // ----------------------------------------------- // Save the signed XML to a file. $success = $sbXml->WriteFile('qa_output/signedXml.xml','utf-8',false); print $sbXml->getAsString() . "\n"; // ---------------------------------------- // Verify the signatures we just produced... $verifier = new CkXmlDSig(); $success = $verifier->LoadSignatureSb($sbXml); if ($success != true) { print $verifier->lastErrorText() . "\n"; exit; } $numSigs = $verifier->get_NumSignatures(); $verifyIdx = 0; while ($verifyIdx < $numSigs) { $verifier->put_Selector($verifyIdx); $verified = $verifier->VerifySignature(true); if ($verified != true) { print $verifier->lastErrorText() . "\n"; exit; } $verifyIdx = $verifyIdx + 1; } print 'All signatures were successfully verified.' . "\n"; ?> |
||||
© 2000-2024 Chilkat Software, Inc. All Rights Reserved.