(PHP ActiveX) IPS MX Signature - Digitally Sign MX Document

See more XML Digital Signatures Examples

Demonstrates how to digitally sign ISO 20022 SWIFT MX messages.

Note: This example requires Chilkat v9.5.0.89 or later. Additional internal functionality was added to auto-recognize SWIFT MX messages and do what is appropriate to satisfy the SWIFT MX specifications.

Chilkat ActiveX Downloads ActiveX for 32-bit and 64-bit Windows Note: The php_com_dotnet.dll may need to be enabled inside of php.ini.

<?php

// This example assumes the Chilkat API to have been previously unlocked.
// See Global Unlock Sample for sample code.

$success = 1;

// First create the XML to be signed, or load it from a file, or a string,

// To load XML from a file:
// For versions of Chilkat < 10.0.0, use new COM('Chilkat_9_5_0.Chilkat.Xml')
$xmlToSign = new COM("Chilkat.Xml");
$success = $xmlToSign->LoadXmlFile('c:/someDir/mx_document.xml');

// Or to load XML from a string
$success = $xmlToSign->LoadXml('...');

// Or create the XML directly.
$xmlToSign->Clear();

// Use this online tool to generate code from sample XML: 
// Generate Code to Create XML

$xmlToSign->Tag = 'DataPDU';
$xmlToSign->AddAttribute('xmlns','urn:cma:stp:xsd:stp.1.0');
$xmlToSign->UpdateAttrAt('Body|AppHdr',1,'xmlns','urn:iso:std:iso:20022:tech:xsd:head.001.001.01');
$xmlToSign->UpdateChildContent('Body|AppHdr|Fr|FIId|FinInstnId|BICFI','ZZZZZZZZ');
$xmlToSign->UpdateChildContent('Body|AppHdr|To|FIId|FinInstnId|BICFI','YYYYYYYYYY');
$xmlToSign->UpdateChildContent('Body|AppHdr|BizMsgIdr','ZZZZZZZZAXXX999999999999999999999');
$xmlToSign->UpdateChildContent('Body|AppHdr|MsgDefIdr','pacs.008.001.08');
$xmlToSign->UpdateChildContent('Body|AppHdr|BizSvc','IPS');
$xmlToSign->UpdateChildContent('Body|AppHdr|CreDt','2017-09-13T18:18:00Z');
$xmlToSign->UpdateAttrAt('Body|Document',1,'xmlns','urn:iso:std:iso:20022:tech:xsd:pacs.008.001.08');
$xmlToSign->UpdateChildContent('Body|Document|FIToFICstmrCdtTrf|GrpHdr|MsgId','ZZZZZZZZAXXX999999999999999999999');
$xmlToSign->UpdateChildContent('Body|Document|FIToFICstmrCdtTrf|GrpHdr|CreDtTm','2017-09-13T18:18:00');
$xmlToSign->UpdateChildContent('Body|Document|FIToFICstmrCdtTrf|GrpHdr|NbOfTxs','1');
$xmlToSign->UpdateChildContent('Body|Document|FIToFICstmrCdtTrf|GrpHdr|SttlmInf|SttlmMtd','CLRG');
$xmlToSign->UpdateChildContent('Body|Document|FIToFICstmrCdtTrf|CdtTrfTxInf|PmtId|EndToEndId','NOTPROVIDED');
$xmlToSign->UpdateChildContent('Body|Document|FIToFICstmrCdtTrf|CdtTrfTxInf|PmtId|TxId','ZZZZZZZZAXXX999999999999999999999');
$xmlToSign->UpdateChildContent('Body|Document|FIToFICstmrCdtTrf|CdtTrfTxInf|PmtTpInf|ClrChanl','RTNS');
$xmlToSign->UpdateChildContent('Body|Document|FIToFICstmrCdtTrf|CdtTrfTxInf|PmtTpInf|LclInstrm|Prtry','CSCT');
$xmlToSign->UpdateChildContent('Body|Document|FIToFICstmrCdtTrf|CdtTrfTxInf|PmtTpInf|CtgyPurp|Prtry','001');
$xmlToSign->UpdateAttrAt('Body|Document|FIToFICstmrCdtTrf|CdtTrfTxInf|IntrBkSttlmAmt',1,'Ccy','JOD');
$xmlToSign->UpdateChildContent('Body|Document|FIToFICstmrCdtTrf|CdtTrfTxInf|IntrBkSttlmAmt','71.12');
$xmlToSign->UpdateChildContent('Body|Document|FIToFICstmrCdtTrf|CdtTrfTxInf|IntrBkSttlmDt','2018-01-14');
$xmlToSign->UpdateChildContent('Body|Document|FIToFICstmrCdtTrf|CdtTrfTxInf|ChrgBr','SLEV');
$xmlToSign->UpdateChildContent('Body|Document|FIToFICstmrCdtTrf|CdtTrfTxInf|InstgAgt|FinInstnId|BICFI','ZZZZZZZZ');
$xmlToSign->UpdateChildContent('Body|Document|FIToFICstmrCdtTrf|CdtTrfTxInf|InstdAgt|FinInstnId|BICFI','UBSIJOA0');
$xmlToSign->UpdateChildContent('Body|Document|FIToFICstmrCdtTrf|CdtTrfTxInf|Dbtr|Nm','John Johnson');
$xmlToSign->UpdateChildContent('Body|Document|FIToFICstmrCdtTrf|CdtTrfTxInf|DbtrAcct|Id|IBAN','JO22CITI00000000000555555555');
$xmlToSign->UpdateChildContent('Body|Document|FIToFICstmrCdtTrf|CdtTrfTxInf|DbtrAgt|FinInstnId|BICFI','ZZZZZZZZ');
$xmlToSign->UpdateChildContent('Body|Document|FIToFICstmrCdtTrf|CdtTrfTxInf|DbtrAgt|FinInstnId|Othr|Id','200004');
$xmlToSign->UpdateChildContent('Body|Document|FIToFICstmrCdtTrf|CdtTrfTxInf|DbtrAgt|FinInstnId|Othr|SchmeNm|Prtry','1700099999');
$xmlToSign->UpdateChildContent('Body|Document|FIToFICstmrCdtTrf|CdtTrfTxInf|DbtrAgtAcct|Id|IBAN','JO66CITI22222222222222222222');
$xmlToSign->UpdateChildContent('Body|Document|FIToFICstmrCdtTrf|CdtTrfTxInf|CdtrAgt|FinInstnId|BICFI','UBSIJOA0');
$xmlToSign->UpdateChildContent('Body|Document|FIToFICstmrCdtTrf|CdtTrfTxInf|CdtrAgt|FinInstnId|Othr|Id','210027');
$xmlToSign->UpdateChildContent('Body|Document|FIToFICstmrCdtTrf|CdtTrfTxInf|CdtrAgt|FinInstnId|Othr|SchmeNm|Prtry','1400199999');
$xmlToSign->UpdateChildContent('Body|Document|FIToFICstmrCdtTrf|CdtTrfTxInf|CdtrAgtAcct|Id|IBAN','JO44UBSI33333333333333333333');
$xmlToSign->UpdateChildContent('Body|Document|FIToFICstmrCdtTrf|CdtTrfTxInf|Cdtr|Nm','Omega Jones');
$xmlToSign->UpdateChildContent('Body|Document|FIToFICstmrCdtTrf|CdtTrfTxInf|CdtrAcct|Id|IBAN','JO95UBSI00000000000777777777');
$xmlToSign->UpdateChildContent('Body|Document|FIToFICstmrCdtTrf|CdtTrfTxInf|InstrForNxtAgt|InstrInf','/BNF/Details');
$xmlToSign->UpdateChildContent('Body|Document|FIToFICstmrCdtTrf|CdtTrfTxInf|Purp|Prtry','5814');
$xmlToSign->UpdateChildContent('Body|Document|FIToFICstmrCdtTrf|CdtTrfTxInf|RgltryRptg|Dtls|Inf','SOMEINFORMATIONABOUTPAYMENT-1');
$xmlToSign->UpdateChildContent('Body|Document|FIToFICstmrCdtTrf|CdtTrfTxInf|RgltryRptg|Dtls|Inf[1]','SOMEINFORMATIONABOUTPAYMENT-2');
$xmlToSign->UpdateChildContent('Body|Document|FIToFICstmrCdtTrf|CdtTrfTxInf|RgltryRptg|Dtls|Inf[2]','SOMEINFORMATIONABOUTPAYMENT-3');
$xmlToSign->UpdateChildContent('Body|Document|FIToFICstmrCdtTrf|CdtTrfTxInf|Tax|Cdtr|TaxId','9900083901');
$xmlToSign->UpdateChildContent('Body|Document|FIToFICstmrCdtTrf|CdtTrfTxInf|Tax|Dbtr|TaxId','1000387561');
$xmlToSign->UpdateChildContent('Body|Document|FIToFICstmrCdtTrf|CdtTrfTxInf|RmtInf|Ustrd','EDV UCUN ODENIR');
$xmlToSign->UpdateChildContent('Body|Document|FIToFICstmrCdtTrf|CdtTrfTxInf|RmtInf|Ustrd[1]','EXTRA INFO');

// The following XML is to be signed:

// <?xml version="1.0" encoding="UTF-8"?>
// <DataPDU xmlns="urn:cma:stp:xsd:stp.1.0">
// 	<Body>
// 		<AppHdr xmlns="urn:iso:std:iso:20022:tech:xsd:head.001.001.01">
// 			<Fr>
// 				<FIId>
// 					<FinInstnId>
// 						<BICFI>ZZZZZZZZ</BICFI>
// 					</FinInstnId>
// 				</FIId>
// 			</Fr>
// 			<To>
// 				<FIId>
// 					<FinInstnId>
// 						<BICFI>YYYYYYYYYY</BICFI>
// 					</FinInstnId>
// 				</FIId>
// 			</To>
// 			<BizMsgIdr>ZZZZZZZZAXXX999999999999999999999</BizMsgIdr>
// 			<MsgDefIdr>pacs.008.001.08</MsgDefIdr>
// 			<BizSvc>IPS</BizSvc>
// 			<CreDt>2017-09-13T18:18:00Z</CreDt>
// 		</AppHdr>
// 		<Document xmlns="urn:iso:std:iso:20022:tech:xsd:pacs.008.001.08">
// 			<FIToFICstmrCdtTrf>
// 				<GrpHdr>
// 					<MsgId>ZZZZZZZZAXXX999999999999999999999</MsgId>
// 					<CreDtTm>2017-09-13T18:18:00</CreDtTm>
// 					<NbOfTxs>1</NbOfTxs>
// 					<SttlmInf>
// 						<SttlmMtd>CLRG</SttlmMtd>
// 					</SttlmInf>
// 				</GrpHdr>
// 				<CdtTrfTxInf>
// 					<PmtId>
// 						<EndToEndId>NOTPROVIDED</EndToEndId>
// 						<TxId>ZZZZZZZZAXXX999999999999999999999</TxId>
// 					</PmtId>
// 					<PmtTpInf>
// 						<ClrChanl>RTNS</ClrChanl>
// 						<LclInstrm>
// 							<Prtry>CSCT</Prtry>
// 						</LclInstrm>
// 						<CtgyPurp>
// 							<Prtry>001</Prtry>
// 						</CtgyPurp>
// 					</PmtTpInf>
// 					<IntrBkSttlmAmt Ccy="JOD">71.12</IntrBkSttlmAmt>
// 					<IntrBkSttlmDt>2018-01-14</IntrBkSttlmDt>
// 					<ChrgBr>SLEV</ChrgBr>
// 					<InstgAgt>
// 						<FinInstnId>
// 							<BICFI>ZZZZZZZZ</BICFI>
// 						</FinInstnId>
// 					</InstgAgt>
// 					<InstdAgt>
// 						<FinInstnId>
// 							<BICFI>UBSIJOA0</BICFI>
// 						</FinInstnId>
// 					</InstdAgt>
// 					<Dbtr>
// 						<Nm>John Johnson</Nm>
// 					</Dbtr>
// 					<DbtrAcct>
// 						<Id>
// 							<IBAN>JO22CITI00000000000555555555</IBAN>
// 						</Id>
// 					</DbtrAcct>
// 					<DbtrAgt>
// 						<FinInstnId>
// 							<BICFI>ZZZZZZZZ</BICFI>
// 							<Othr>
// 								<Id>200004</Id>
// 								<SchmeNm>
// 									<Prtry>1700089999</Prtry>
// 								</SchmeNm>
// 							</Othr>
// 						</FinInstnId>
// 					</DbtrAgt>
// 					<DbtrAgtAcct>
// 						<Id>
// 							<IBAN>JO66CITI22222222222222222222</IBAN>
// 						</Id>
// 					</DbtrAgtAcct>
// 					<CdtrAgt>
// 						<FinInstnId>
// 							<BICFI>UBSIJOA0</BICFI>
// 							<Othr>
// 								<Id>210027</Id>
// 								<SchmeNm>
// 									<Prtry>1400199999</Prtry>
// 								</SchmeNm>
// 							</Othr>
// 						</FinInstnId>
// 					</CdtrAgt>
// 					<CdtrAgtAcct>
// 						<Id>
// 							<IBAN>JO44UBSI33333333333333333333</IBAN>
// 						</Id>
// 					</CdtrAgtAcct>
// 					<Cdtr>
// 						<Nm>Omega Jones</Nm>
// 					</Cdtr>
// 					<CdtrAcct>
// 						<Id>
// 							<IBAN>JO95UBSI00000000000777777777</IBAN>
// 						</Id>
// 					</CdtrAcct>
// 					<InstrForNxtAgt>
// 						<InstrInf>/BNF/Details</InstrInf>
// 					</InstrForNxtAgt>
// 					<Purp>
// 						<Prtry>5814</Prtry>
// 					</Purp>
// 					<RgltryRptg>
// 						<Dtls>
// 							<Inf>SOMEINFORMATIONABOUTPAYMENT-1</Inf>
// 							<Inf>SOMEINFORMATIONABOUTPAYMENT-2</Inf>
// 							<Inf>SOMEINFORMATIONABOUTPAYMENT-3</Inf>
// 						</Dtls>
// 					</RgltryRptg>
// 					<Tax>
// 						<Cdtr>
// 							<TaxId>9900083901</TaxId>
// 						</Cdtr>
// 						<Dbtr>
// 							<TaxId>1000387561</TaxId>
// 						</Dbtr>
// 					</Tax>
// 					<RmtInf>
// 						<Ustrd>EDV UCUN ODENIR</Ustrd>
// 						<Ustrd>EXTRA INFO</Ustrd>
// 					</RmtInf>
// 				</CdtTrfTxInf>
// 			</FIToFICstmrCdtTrf>
// 		</Document>
// 	</Body>
// </DataPDU>

// For versions of Chilkat < 10.0.0, use new COM('Chilkat_9_5_0.Chilkat.XmlDSigGen')
$gen = new COM("Chilkat.XmlDSigGen");

$gen->SigLocation = 'DataPDU|Body|AppHdr|Sgntr';
$gen->SigLocationMod = 0;
$gen->SigNamespacePrefix = 'ds';
$gen->SigNamespaceUri = 'http://www.w3.org/2000/09/xmldsig#';
$gen->SignedInfoCanonAlg = 'EXCL_C14N';
$gen->SignedInfoDigestMethod = 'sha256';

// Set the KeyInfoId before adding references..
$gen->KeyInfoId = '_f9f2c543-e50a-4a50-bd91-50155d27f7e2';

// Create an Object to be added to the Signature.
// For versions of Chilkat < 10.0.0, use new COM('Chilkat_9_5_0.Chilkat.Xml')
$object1 = new COM("Chilkat.Xml");
$object1->Tag = 'xades:QualifyingProperties';
$object1->AddAttribute('xmlns:xades','http://uri.etsi.org/01903/v1.3.2#');
$object1->UpdateAttrAt('xades:SignedProperties',1,'Id','_4ed8e0ed-f47c-4262-909b-0458532ce7aa-signedprops');
$object1->UpdateChildContent('xades:SignedProperties|xades:SignedSignatureProperties|xades:SigningTime','TO BE GENERATED BY CHILKAT');

$gen->AddObject('',$object1->getXml(),'','');

// -------- Reference 1 --------
$gen->AddSameDocRef('_f9f2c543-e50a-4a50-bd91-50155d27f7e2','sha256','EXCL_C14N','','');

// -------- Reference 2 --------
$gen->AddObjectRef('_4ed8e0ed-f47c-4262-909b-0458532ce7aa-signedprops','sha256','EXCL_C14N','','http://uri.etsi.org/01903/v1.3.2#SignedProperties');

// -------- Reference 3 --------
$gen->AddSameDocRef('','sha256','EXCL_C14N','','');

// Provide a certificate + private key. (PFX password is test123)
// For versions of Chilkat < 10.0.0, use new COM('Chilkat_9_5_0.Chilkat.Cert')
$cert = new COM("Chilkat.Cert");
$success = $cert->LoadPfxFile('qa_data/pfx/cert_test123.pfx','test123');
if ($success != 1) {
    print $cert->LastErrorText . "\n";
    exit;
}

$gen->SetX509Cert($cert,1);

$gen->KeyInfoType = 'X509Data';
$gen->X509Type = 'IssuerSerial';

// Load XML to be signed...
// For versions of Chilkat < 10.0.0, use new COM('Chilkat_9_5_0.Chilkat.StringBuilder')
$sbXml = new COM("Chilkat.StringBuilder");
$xmlToSign->GetXmlSb($sbXml);

// Can alternatively use "CompactSignedXml"
$gen->Behaviors = 'IndentedSignature,LocalSigningTime';

// Sign the XML...
$success = $gen->CreateXmlDSigSb($sbXml);
if ($success != 1) {
    print $gen->LastErrorText . "\n";
    exit;
}

// -----------------------------------------------

// Save the signed XML to a file.
$success = $sbXml->WriteFile('qa_output/mx_signed.xml','utf-8',0);

print $sbXml->getAsString() . "\n";

// ----------------------------------------
// Verify the signatures we just produced...
// For versions of Chilkat < 10.0.0, use new COM('Chilkat_9_5_0.Chilkat.XmlDSig')
$verifier = new COM("Chilkat.XmlDSig");
$success = $verifier->LoadSignatureSb($sbXml);
if ($success != 1) {
    print $verifier->LastErrorText . "\n";
    exit;
}

// Important: The above signature did not include the full X.509 certificate.
// You must call verifier.SetPublicKey to provide the public key of the certificate required for validation.

// For versions of Chilkat < 10.0.0, use new COM('Chilkat_9_5_0.Chilkat.Cert')
$verifyCert = new COM("Chilkat.Cert");
$success = $verifyCert->LoadFromFile('qa_data/certs/cert_test123.cer');
if ($success != 1) {
    print $verifyCert->LastErrorText . "\n";
    exit;
}

// pubKey is a Chilkat.PublicKey
$pubKey = $verifyCert->ExportPublicKey();
$verifier->SetPublicKey($pubKey);

$numSigs = $verifier->NumSignatures;
$verifyIdx = 0;
while ($verifyIdx < $numSigs) {
    $verifier->Selector = $verifyIdx;
    $verified = $verifier->VerifySignature(1);
    if ($verified != 1) {
        print $verifier->LastErrorText . "\n";
        exit;
    }

    $verifyIdx = $verifyIdx + 1;
}

print 'All signatures were successfully verified.' . "\n";

?>