Chilkat HOME .NET Core C# Android™ AutoIt C C# C++ Chilkat2-Python CkPython Classic ASP DataFlex Delphi ActiveX Delphi DLL Go Java Lianja Mono C# Node.js Objective-C PHP ActiveX PHP Extension Perl PowerBuilder PowerShell PureBasic Ruby SQL Server Swift 2 Swift 3,4,5... Tcl Unicode C Unicode C++ VB.NET VBScript Visual Basic 6.0 Visual FoxPro Xojo Plugin
(PHP ActiveX) Create XAdES-T Signed XMLSee more XAdES ExamplesThis example signs XML using the XAdES-T profile. XAdES-T is a profile within the XAdES standard that adds support for secure timestamping of signatures. Secure timestamping involves adding a timestamp to the signature, indicating the exact time when the signature was applied. Timestamping enhances the long-term validity of signatures by providing evidence that the signature existed at a specific point in time, even if the signer's certificate has expired or been revoked. XAdES-T signatures include elements for embedding timestamp data within the XML signature, along with information about the timestamp authority and the timestamp verification process. XAdES-T signatures are suitable for scenarios where long-term validity and integrity of signatures are essential, such as in legal and regulatory contexts where archived documents may need to be validated years or decades later.
<?php // This example requires the Chilkat API to have been previously unlocked. // See Global Unlock Sample for sample code. $success = 1; // Create the XML to be signed... // Use this online tool to generate code from sample XML: // Generate Code to Create XML // <?xml version="1.0" encoding="UTF-8"?> // <es:Dossier xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns="http://uri.etsi.org/01903/v1.3.2#" xmlns:es="https://www.microsec.hu/ds/e-szigno30#" xsi:schemaLocation="https://www.microsec.hu/ds/e-szigno30# https://www.microsec.hu/ds/e-szigno30.xsd"> // <es:DossierProfile Id="PObject0" OBJREF="Object0"> // <es:Title>e-akta.es3</es:Title> // <es:E-category>electronic dossier</es:E-category> // <es:CreationDate>2022-12-02T07:55:16Z</es:CreationDate> // </es:DossierProfile> // <es:Documents Id="Object0"/> // </es:Dossier> // For versions of Chilkat < 10.0.0, use new COM('Chilkat_9_5_0.Chilkat.Xml') $xmlToSign = new COM("Chilkat.Xml"); $xmlToSign->Tag = 'es:Dossier'; $xmlToSign->AddAttribute('xmlns:xsi','http://www.w3.org/2001/XMLSchema-instance'); $xmlToSign->AddAttribute('xmlns:ds','http://www.w3.org/2000/09/xmldsig#'); $xmlToSign->AddAttribute('xmlns','http://uri.etsi.org/01903/v1.3.2#'); $xmlToSign->AddAttribute('xmlns:es','https://www.microsec.hu/ds/e-szigno30#'); $xmlToSign->AddAttribute('xsi:schemaLocation','https://www.microsec.hu/ds/e-szigno30# https://www.microsec.hu/ds/e-szigno30.xsd'); $xmlToSign->UpdateAttrAt('es:DossierProfile',1,'Id','PObject0'); $xmlToSign->UpdateAttrAt('es:DossierProfile',1,'OBJREF','Object0'); $xmlToSign->UpdateChildContent('es:DossierProfile|es:Title','e-akta.es3'); $xmlToSign->UpdateChildContent('es:DossierProfile|es:E-category','electronic dossier'); $xmlToSign->UpdateChildContent('es:DossierProfile|es:CreationDate','2022-12-02T07:55:16Z'); $xmlToSign->UpdateAttrAt('es:Documents',1,'Id','Object0'); // For versions of Chilkat < 10.0.0, use new COM('Chilkat_9_5_0.Chilkat.XmlDSigGen') $gen = new COM("Chilkat.XmlDSigGen"); $gen->SigLocation = 'es:Dossier'; $gen->SigLocationMod = 0; $gen->SigId = 'S9fe8096e-2cac-415d-9222-f6cf2ecb314b'; $gen->SigValueId = 'VS9fe8096e-2cac-415d-9222-f6cf2ecb314b'; $gen->SignedInfoId = 'SIS9fe8096e-2cac-415d-9222-f6cf2ecb314b'; $gen->SignedInfoCanonAlg = 'EXCL_C14N'; $gen->SignedInfoDigestMethod = 'sha256'; // Set the KeyInfoId before adding references.. $gen->KeyInfoId = 'KS9fe8096e-2cac-415d-9222-f6cf2ecb314b'; // Create an Object to be added to the Signature. // For versions of Chilkat < 10.0.0, use new COM('Chilkat_9_5_0.Chilkat.Xml') $object1 = new COM("Chilkat.Xml"); $object1->Tag = 'es:SignatureProfile'; $object1->AddAttribute('Id','PS9fe8096e-2cac-415d-9222-f6cf2ecb314b'); $object1->AddAttribute('OBJREF','Object0'); $object1->AddAttribute('SIGREF','S9fe8096e-2cac-415d-9222-f6cf2ecb314b'); $object1->AddAttribute('SIGREFLIST','#Object0 #PS9fe8096e-2cac-415d-9222-f6cf2ecb314b #PObject0 #XS9fe8096e-2cac-415d-9222-f6cf2ecb314b'); $object1->UpdateChildContent('es:SignerName','EC Minősített-Tesztelő Péterke'); $object1->UpdateChildContent('es:SDPresented','false'); $object1->UpdateChildContent('es:Type','signature'); $object1->UpdateAttrAt('es:Generator|es:Program',1,'name','e-Szigno'); $object1->UpdateAttrAt('es:Generator|es:Program',1,'version','3.3.6.8'); $object1->UpdateAttrAt('es:Generator|es:Device',1,'name','OpenSSL 1.1.1n 15 Mar 2022'); $object1->UpdateAttrAt('es:Generator|es:Device',1,'type',''); $gen->AddObject('O1S9fe8096e-2cac-415d-9222-f6cf2ecb314b',$object1->getXml(),'',''); // Create an Object to be added to the Signature. // For versions of Chilkat < 10.0.0, use new COM('Chilkat_9_5_0.Chilkat.Xml') $object2 = new COM("Chilkat.Xml"); $object2->Tag = 'QualifyingProperties'; $object2->AddAttribute('Target','#S9fe8096e-2cac-415d-9222-f6cf2ecb314b'); $object2->AddAttribute('Id','QPS9fe8096e-2cac-415d-9222-f6cf2ecb314b'); $object2->UpdateAttrAt('SignedProperties',1,'Id','XS9fe8096e-2cac-415d-9222-f6cf2ecb314b'); $object2->UpdateChildContent('SignedProperties|SignedSignatureProperties|SigningTime','TO BE GENERATED BY CHILKAT'); $object2->UpdateAttrAt('SignedProperties|SignedSignatureProperties|SigningCertificateV2|Cert|CertDigest|ds:DigestMethod',1,'Algorithm','http://www.w3.org/2001/04/xmlenc#sha256'); $object2->UpdateChildContent('SignedProperties|SignedSignatureProperties|SigningCertificateV2|Cert|CertDigest|ds:DigestValue','TO BE GENERATED BY CHILKAT'); $object2->UpdateChildContent('SignedProperties|SignedSignatureProperties|SigningCertificateV2|Cert|IssuerSerialV2','TO BE GENERATED BY CHILKAT'); $object2->UpdateChildContent('SignedProperties|SignedSignatureProperties|SignaturePolicyIdentifier|SignaturePolicyImplied',''); $object2->UpdateChildContent('SignedProperties|SignedSignatureProperties|SignerRoleV2|ClaimedRoles|ClaimedRole','tesztelő'); // Here we have the EncapsulatedTimestamp found in the unsigned signature properties. $object2->UpdateAttrAt('UnsignedProperties|UnsignedSignatureProperties|SignatureTimeStamp',1,'Id','T72cb4961-4326-4319-857a-7cf55e7ef899'); $object2->UpdateAttrAt('UnsignedProperties|UnsignedSignatureProperties|SignatureTimeStamp|ds:CanonicalizationMethod',1,'Algorithm','http://www.w3.org/2001/10/xml-exc-c14n#'); $object2->UpdateAttrAt('UnsignedProperties|UnsignedSignatureProperties|SignatureTimeStamp|EncapsulatedTimeStamp',1,'Id','ET72cb4961-4326-4319-857a-7cf55e7ef899'); $object2->UpdateChildContent('UnsignedProperties|UnsignedSignatureProperties|SignatureTimeStamp|EncapsulatedTimeStamp','TO BE GENERATED BY CHILKAT'); $object2->UpdateAttrAt('UnsignedProperties|UnsignedSignatureProperties|TimeStampValidationData',1,'xmlns','http://uri.etsi.org/01903/v1.4.1#'); $object2->UpdateAttrAt('UnsignedProperties|UnsignedSignatureProperties|CertificateValues',1,'Id','CV18c7702d-d45b-44bc-853a-a720f41053cd'); $object2->UpdateAttrAt('UnsignedProperties|UnsignedSignatureProperties|CertificateValues|EncapsulatedX509Certificate',1,'Id','EC42db04c8-1422-407b-8c42-189353a55268'); $object2->UpdateChildContent('UnsignedProperties|UnsignedSignatureProperties|CertificateValues|EncapsulatedX509Certificate','BASE64_CONTENT'); $object2->UpdateAttrAt('UnsignedProperties|UnsignedSignatureProperties|CertificateValues|EncapsulatedX509Certificate[1]',1,'Id','EC04728b44-a32c-46c1-b9bb-85b1f6b3c7d3'); $object2->UpdateChildContent('UnsignedProperties|UnsignedSignatureProperties|CertificateValues|EncapsulatedX509Certificate[1]','BASE64_CONTENT'); $gen->AddObject('O2S9fe8096e-2cac-415d-9222-f6cf2ecb314b',$object2->getXml(),'',''); // -------- Reference 1 -------- $gen->AddSameDocRef('Object0','sha256','EXCL_C14N','',''); $gen->SetRefIdAttr('Object0','Re1f816c4-7898-4544-9b41-f4156dc0c528'); // -------- Reference 2 -------- $gen->AddObjectRef('PS9fe8096e-2cac-415d-9222-f6cf2ecb314b','sha256','EXCL_C14N','',''); $gen->SetRefIdAttr('PS9fe8096e-2cac-415d-9222-f6cf2ecb314b','Ra873b616-e568-4c38-ae94-27fbff67cc43'); // -------- Reference 3 -------- $gen->AddSameDocRef('PObject0','sha256','EXCL_C14N','',''); $gen->SetRefIdAttr('PObject0','Ra5d85948-5d6a-4914-8c32-242f5d6d9e81'); // -------- Reference 4 -------- $gen->AddObjectRef('XS9fe8096e-2cac-415d-9222-f6cf2ecb314b','sha256','EXCL_C14N','','http://uri.etsi.org/01903#SignedProperties'); $gen->SetRefIdAttr('XS9fe8096e-2cac-415d-9222-f6cf2ecb314b','Ra7412a43-dc05-4e0a-ac84-e9a070214757'); // Provide a certificate + private key. (PFX password is test123) // For versions of Chilkat < 10.0.0, use new COM('Chilkat_9_5_0.Chilkat.Cert') $cert = new COM("Chilkat.Cert"); $success = $cert->LoadPfxFile('qa_data/pfx/cert_test123.pfx','test123'); if ($success != 1) { print $cert->LastErrorText . "\n"; exit; } $gen->SetX509Cert($cert,1); $gen->KeyInfoType = 'X509Data'; $gen->X509Type = 'Certificate'; // ------------------------------------------------------------------------------------------- // To have the EncapsulatedTimeStamp automatically added, we only need to do 2 things. // 1) Add the <xades:EncapsulatedTimeStamp Encoding="http://uri.etsi.org/01903/v1.2.2#DER">TO BE GENERATED BY CHILKAT</xades:EncapsulatedTimeStamp> // to the unsigned properties. // 2) Specify the TSA URL (Timestamping Authority URL). // Here we specify the TSA URL: // ------------------------------------------------------------------------------------------- // For versions of Chilkat < 10.0.0, use new COM('Chilkat_9_5_0.Chilkat.JsonObject') $jsonTsa = new COM("Chilkat.JsonObject"); $jsonTsa->UpdateString('timestampToken.tsaUrl','http://timestamp.digicert.com'); $jsonTsa->UpdateBool('timestampToken.requestTsaCert',1); $gen->SetTsa($jsonTsa); // Load XML to be signed... // For versions of Chilkat < 10.0.0, use new COM('Chilkat_9_5_0.Chilkat.StringBuilder') $sbXml = new COM("Chilkat.StringBuilder"); $xmlToSign->GetXmlSb($sbXml); $gen->Behaviors = 'IndentedSignature,OmitAlreadyDefinedSigNamespace'; // Sign the XML... $success = $gen->CreateXmlDSigSb($sbXml); if ($success != 1) { print $gen->LastErrorText . "\n"; exit; } // ----------------------------------------------- // Save the signed XML to a file. $success = $sbXml->WriteFile('c:/temp/qa_output/signedXml.xml','utf-8',0); print $sbXml->getAsString() . "\n"; // ---------------------------------------- // Verify the signatures we just produced... // For versions of Chilkat < 10.0.0, use new COM('Chilkat_9_5_0.Chilkat.XmlDSig') $verifier = new COM("Chilkat.XmlDSig"); $success = $verifier->LoadSignatureSb($sbXml); if ($success != 1) { print $verifier->LastErrorText . "\n"; exit; } $numSigs = $verifier->NumSignatures; $verifyIdx = 0; while ($verifyIdx < $numSigs) { $verifier->Selector = $verifyIdx; $verified = $verifier->VerifySignature(1); if ($verified != 1) { print $verifier->LastErrorText . "\n"; exit; } $verifyIdx = $verifyIdx + 1; } print 'All signatures were successfully verified.' . "\n"; ?> |
© 2000-2024 Chilkat Software, Inc. All Rights Reserved.