Chilkat • HOME • Android™ • AutoIt • C • C# • C++ • Chilkat2-Python • CkPython • Classic ASP • DataFlex • Delphi DLL • Go • Java • Node.js • Objective-C • PHP Extension • Perl • PowerBuilder • PowerShell • PureBasic • Ruby • SQL Server • Swift • Tcl • Unicode C • Unicode C++ • VB.NET • VBScript • Visual Basic 6.0 • Visual FoxPro • Xojo Plugin
(PHP ActiveX) XAdES using TSA Requiring Client CertificateSee more XML Digital Signatures ExamplesDemonstrates how to create an XMLDSig (XAdES) signed document which includes an EncapsulatedTimestamp using a TSA (TimeStamp Authority) server requiring client certificate authentication. One such TSA is https://www3.postsignum.cz/TSS/TSS_crt/
<?php // This example requires the Chilkat API to have been previously unlocked. // See Global Unlock Sample for sample code. $success = 1; // Load the XML to be signed. For example, the XML to be signed might contain something like this: // <?xml version="1.0" encoding="utf-8"?> // <TransakcniLogSystemu xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://nsess.public.cz/erms_trans/v_01_01" Id="Signature1"> // <TransLogInfo> // <Identifikator>XYZ ABC</Identifikator> // <DatumVzniku>2022-12-20T14:39:02.3625922+01:00</DatumVzniku> // <DatumCasOd>2022-12-20T14:26:26.88</DatumCasOd> // <DatumCasDo>2022-12-20T14:39:02.287</DatumCasDo> // <Software>XYZ</Software> // <VerzeSoftware>2.0.19.32</VerzeSoftware> // </TransLogInfo> // <Udalosti> // <Udalost> // <Poradi>1</Poradi> // ... // Load the XML to be signed from a file. // (XML can be loaded from other source, such as a string variable.) // For versions of Chilkat < 10.0.0, use new COM('Chilkat_9_5_0.Chilkat.StringBuilder') $sbXml = new COM("Chilkat.StringBuilder"); $success = $sbXml->LoadFile('xmlToSign.xml','utf-8'); // For versions of Chilkat < 10.0.0, use new COM('Chilkat_9_5_0.Chilkat.XmlDSigGen') $gen = new COM("Chilkat.XmlDSigGen"); $gen->SigLocation = 'TransakcniLogSystemu'; $gen->SigLocationMod = 0; $gen->SigId = 'SignatureID-Signature1'; $gen->SigNamespacePrefix = 'ds'; $gen->SigNamespaceUri = 'http://www.w3.org/2000/09/xmldsig#'; $gen->SignedInfoCanonAlg = 'C14N'; $gen->SignedInfoDigestMethod = 'sha256'; // Set the KeyInfoId before adding references.. $gen->KeyInfoId = 'KeyInfoId-Signature-Signature1'; // Create an Object to be added to the Signature. // Note: Chilkat will automatically fill in the values marked as "TO BE GENERATED BY CHILKAT" at the time of signing. // The EncapsulatedTimestamp will be automatically generated. // For versions of Chilkat < 10.0.0, use new COM('Chilkat_9_5_0.Chilkat.Xml') $object1 = new COM("Chilkat.Xml"); $object1->Tag = 'xades:QualifyingProperties'; $object1->AddAttribute('xmlns:xades','http://uri.etsi.org/01903/v1.3.2#'); $object1->AddAttribute('Target','#Signature1'); $object1->UpdateAttrAt('xades:SignedProperties',1,'Id','SignedProperties-Signature-Signature1'); $object1->UpdateChildContent('xades:SignedProperties|xades:SignedSignatureProperties|xades:SigningTime','TO BE GENERATED BY CHILKAT'); $object1->UpdateAttrAt('xades:SignedProperties|xades:SignedSignatureProperties|xades:SigningCertificateV2|xades:Cert|xades:CertDigest|ds:DigestMethod',1,'Algorithm','http://www.w3.org/2001/04/xmlenc#sha256'); $object1->UpdateChildContent('xades:SignedProperties|xades:SignedSignatureProperties|xades:SigningCertificateV2|xades:Cert|xades:CertDigest|ds:DigestValue','TO BE GENERATED BY CHILKAT'); $object1->UpdateChildContent('xades:SignedProperties|xades:SignedSignatureProperties|xades:SigningCertificateV2|xades:Cert|xades:IssuerSerialV2','TO BE GENERATED BY CHILKAT'); // The EncapsulatedTimestamp will be included in the unsigned properties. $object1->UpdateAttrAt('xades:UnsignedProperties|xades:UnsignedSignatureProperties|xades:SignatureTimeStamp',1,'Id','signature-timestamp-5561-8212-3316-5191'); $object1->UpdateAttrAt('xades:UnsignedProperties|xades:UnsignedSignatureProperties|xades:SignatureTimeStamp|ds:CanonicalizationMethod',1,'Algorithm','http://www.w3.org/2001/10/xml-exc-c14n#'); $object1->UpdateAttrAt('xades:UnsignedProperties|xades:UnsignedSignatureProperties|xades:SignatureTimeStamp|xades:EncapsulatedTimeStamp',1,'Encoding','http://uri.etsi.org/01903/v1.2.2#DER'); $object1->UpdateChildContent('xades:UnsignedProperties|xades:UnsignedSignatureProperties|xades:SignatureTimeStamp|xades:EncapsulatedTimeStamp','TO BE GENERATED BY CHILKAT'); $gen->AddObject('XadesObjectId-Signature1',$object1->getXml(),'',''); // -------- Reference 1 -------- $gen->AddObjectRef('SignedProperties-Signature-Signature1','sha256','EXCL_C14N','','http://uri.etsi.org/01903#SignedProperties'); // -------- Reference 2 -------- $gen->AddSameDocRef('KeyInfoId-Signature-Signature1','sha256','EXCL_C14N','',''); $gen->SetRefIdAttr('KeyInfoId-Signature-Signature1','ReferenceKeyInfo'); // -------- Reference 3 -------- $gen->AddSameDocRef('','sha256','EXCL_C14N','',''); $gen->SetRefIdAttr('','Reference-Signature1'); // Provide a certificate + private key. (PFX password is test123) // For versions of Chilkat < 10.0.0, use new COM('Chilkat_9_5_0.Chilkat.Cert') $cert = new COM("Chilkat.Cert"); $success = $cert->LoadPfxFile('qa_data/pfx/cert_test123.pfx','test123'); if ($success != 1) { print $cert->LastErrorText . "\n"; exit; } $gen->SetX509Cert($cert,1); $gen->KeyInfoType = 'X509Data'; $gen->X509Type = 'Certificate'; $gen->Behaviors = 'IndentedSignature'; // ------------------------------------------------------------------------------------------- // To have the EncapsulatedTimeStamp automatically added... // 1) Add the <xades:EncapsulatedTimeStamp Encoding="http://uri.etsi.org/01903/v1.2.2#DER">TO BE GENERATED BY CHILKAT</xades:EncapsulatedTimeStamp> // to the unsigned properties. (This was accomplished in the above code.) // 2) Specify the TSA URL (Timestamping Authority URL). // Here we specify the TSA URL: // ------------------------------------------------------------------------------------------- // For versions of Chilkat < 10.0.0, use new COM('Chilkat_9_5_0.Chilkat.JsonObject') $jsonTsa = new COM("Chilkat.JsonObject"); $jsonTsa->UpdateString('timestampToken.tsaUrl','https://www3.postsignum.cz/TSS/TSS_crt/'); $jsonTsa->UpdateBool('timestampToken.requestTsaCert',1); $gen->SetTsa($jsonTsa); // ------------------------------------------------------------------------------------------- // In this case, the TSA requires client certificate authentication. // To provide your client certificate, the application will instantiate a Chilkat HTTP object, // then set it up with a SSL/TLS client certificate, and then tell the XmlDSigGen object // to use the HTTP object for connections to the TSA server. // ------------------------------------------------------------------------------------------- // For versions of Chilkat < 10.0.0, use new COM('Chilkat_9_5_0.Chilkat.Http') $http = new COM("Chilkat.Http"); $success = $http->SetSslClientCertPfx('/home/bob/pfxFiles/myClientSideCertWithPrivateKey.pfx','pfxPassword'); if ($success != 1) { print $http->LastErrorText . "\n"; exit; } // Tell the XmlDSigGen object to use the above HTTP object for TSA communications. $gen->SetHttpObj($http); // Sign the XML... $success = $gen->CreateXmlDSigSb($sbXml); if ($success != 1) { print $gen->LastErrorText . "\n"; exit; } // ----------------------------------------------- // Save the signed XML to a file. $success = $sbXml->WriteFile('c:/temp/qa_output/signedXml.xml','utf-8',0); print $sbXml->getAsString() . "\n"; ?> |
© 2000-2025 Chilkat Software, Inc. All Rights Reserved.