(PHP Extension) Sign Mexico Pedimento

Add a signature to a Mexico pedimento file.

Chilkat PHP Downloads PHP Extension for Windows, Linux, MacOS, Alpine Linux, Solaris

<?php

include("chilkat.php");
// Use "chilkat_9_5_0.php" for versions of Chilkat < 10.0.0

// This example requires the Chilkat API to have been previously unlocked.
// See Global Unlock Sample for sample code.

// This is the contents before signing:

// 500|1|3621|4199800|400||
// 601|3621|4199800|400|IN|1||EKU9003173C9|EKU9003173C9FRNN09|1||
// 507|4199800|IM|2006-7888">
// 507|4199800|MS|2">
// 800|4199800|1">
// 801|M3621037.222|1|5|011|

// This is the contents after signing

// 500|1|3621|4199800|400||
// 601|3621|4199800|400|IN|1||EKU9003173C9|EKU9003173C9FRNN09|1||
// 507|4199800|IM|2006-7888">
// 507|4199800|MS|2">
// 800|4199800|1|fhP2Ker54D2+3+UZch23F0E72 .... 9qNSPIuAqpj524qLZbbA==|30001000000500003416|
// 801|M3621037.222|1|5|011|

// First create the text to be signed.
$bCRLF = true;
$sb = new CkStringBuilder();
// Use CRLF line endings.
$sb->AppendLine('500|1|3621|4199800|400||',$bCRLF);
$sb->AppendLine('601|3621|4199800|400|IN|1||EKU9003173C9|EKU9003173C9FRNN09|1||',$bCRLF);
$sb->AppendLine('507|4199800|IM|2006-7888">',$bCRLF);
$sb->AppendLine('507|4199800|MS|2">',$bCRLF);

// Generate the MD5 hash of what we have so far..
$md5_base64 = $sb->getHash('md5','base64','utf-8');
print 'MD5 hash = ' . $md5_base64 . "\n";

// Complete the original file.
// After signing, we'll update the BASE64_SIGNATURE and CERT_SERIAL
$sb->AppendLine('800|4199800|1|BASE64_SIGNATURE|CERT_SERIAL|',$bCRLF);
$sb->AppendLine('801|M3621037.222|1|5|011|',$bCRLF);

// We're going to sign the MD5 hash using the private key.
$privKey = new CkPrivateKey();
$success = $privKey->LoadAnyFormatFile('qa_data/certs/mexico_test/Certificados_de_Prueba/Certificados_Pruebas/Personas Morales/EKU9003173C9_20230517223532/CSD_EKU9003173C9_20230517223903/CSD_Sucursal_1_EKU9003173C9_20230517_223850.key','12345678a');
if ($success == false) {
    print $privKey->lastErrorText() . "\n";
    exit;
}

// Generate the ASN.1 to be signed.

// <sequence>
//     <sequence>
//         <oid>1.2.840.113549.2.5</oid>
//         <null/>
//     </sequence>
//     <octets>SwxHfaJhG+N3pPqay6UzVA==</octets>
// </sequence>

$xml = new CkXml();
$xml->put_Tag('sequence');
$xml->UpdateChildContent('sequence|oid','1.2.840.113549.2.5');
$xml->UpdateChildContent('sequence|null','');
$xml->UpdateChildContent('octets',$md5_base64);

$asn = new CkAsn();
$asn->LoadAsnXml($xml->getXml());
print 'ASN.1 = ' . $asn->getEncodedDer('base64') . "\n";

// Sign with the private key.
$rsa = new CkRsa();
$success = $rsa->ImportPrivateKeyObj($privKey);
if ($success == false) {
    print $rsa->lastErrorText() . "\n";
    exit;
}

// Create the opaque signature.
$bdSig = new CkBinData();
$bdSig->AppendEncoded($asn->getEncodedDer('base64'),'base64');
$success = $rsa->OpenSslSignBd($bdSig);
if ($success == false) {
    print $rsa->lastErrorText() . "\n";
    exit;
}

// bd now contains the opaque signature, which embeds the ASN.1, which contains the MD5 hash.
// We're going to add this line:
// 800|4199800|1|BASE64_SIGNATURE|CERT_SERIAL_NUM|

$cert = new CkCert();
$success = $cert->LoadFromFile('qa_data/certs/mexico_test/Certificados_de_Prueba/Certificados_Pruebas/Personas Morales/EKU9003173C9_20230517223532/CSD_EKU9003173C9_20230517223903/CSD_Sucursal_1_EKU9003173C9_20230517_223850.cer');
if ($success == false) {
    print $cert->lastErrorText() . "\n";
    exit;
}

$serialHex = $cert->serialNumber();
// The serial in hex form looks like this:   3330303031303030303030353030303033343136
// Decode to us-ascii.
$sbSerial = new CkStringBuilder();
$sbSerial->DecodeAndAppend($serialHex,'hex','us-ascii');
print 'serial number in us-ascii: ' . $sbSerial->getAsString() . "\n";

$numReplaced = $sb->Replace('CERT_SERIAL',$sbSerial->getAsString());
$numReplaced = $sb->Replace('BASE64_SIGNATURE',$bdSig->getEncoded('base64'));

print '------------------------------------' . "\n";
print 'Result:' . "\n";
print $sb->getAsString() . "\n";

?>