(PHP Extension) SII XML Digital Signature

Example for SII XML Digital Signature.

Chilkat PHP Downloads PHP Extension for Windows, Linux, MacOS, Alpine Linux, Solaris

<?php

include("chilkat_9_5_0.php");

$success = true;

// Load the XML to be signed.
$xmlToSign = new CkXml();
$success = $xmlToSign->LoadXmlFile('c:/aaworkarea/eduardo/sii_unsigned.xml');
if ($success == false) {
    print $xmlToSign->lastErrorText() . "\n";
    exit;
}

// The sample XML to be signed looks like this:

// <?xml version="1.0" encoding="ISO-8859-1"?>
// <EnvioDTE xmlns="http://www.sii.cl/SiiDte" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.sii.cl/SiiDte EnvioDTE_v10.xsd" version="1.0">
// <SetDTE ID="SetDocF0T33_20240425_170512">
//  <Caratula version="1.0">
//   <RutEmisor>99999999-4</RutEmisor>
//   <RutEnvia>12345678-6</RutEnvia>
//   <RutReceptor>888888000-K</RutReceptor>
//   <FchResol>2014-08-22</FchResol>
//   <NroResol>80</NroResol>
//   <TmstFirmaEnv>2024-04-25T17:05:13</TmstFirmaEnv>
//   <SubTotDTE>
//    <TpoDTE>33</TpoDTE>
//    <NroDTE>1</NroDTE>
//   </SubTotDTE>
//  </Caratula>
// <DTE version="1.0">
// <Documento ID="F555T55">
// ...
// </Documento>
// </EnvioDTE>

$gen = new CkXmlDSigGen();

$gen->put_SigLocation('EnvioDTE|SetDTE|DTE');
$gen->put_SigLocationMod(0);
$gen->put_SigNamespacePrefix('');
$gen->put_SigNamespaceUri('http://www.w3.org/2000/09/xmldsig#');
$gen->put_SignedInfoCanonAlg('C14N');
$gen->put_SignedInfoDigestMethod('sha1');

// -------- Reference 1 --------
$xml1 = new CkXml();
$xml1->put_Tag('Transforms');
$xml1->UpdateAttrAt('Transform',true,'Algorithm','http://www.w3.org/TR/2001/REC-xml-c14n-20010315');

$gen->AddSameDocRef2('F511T33','sha1',$xml1,'');

// Provide a certificate + private key. (PFX password is test123)
$cert = new CkCert();
$success = $cert->LoadPfxFile('qa_data/pfx/cert_test123.pfx','test123');
if ($success != true) {
    print $cert->lastErrorText() . "\n";
    exit;
}

$gen->SetX509Cert($cert,true);

$gen->put_KeyInfoType('X509Data+KeyValue');
$gen->put_X509Type('Certificate');

// Load XML to be signed...
$sbXml = new CkStringBuilder();
$xmlToSign->GetXmlSb($sbXml);

$gen->put_Behaviors('IndentedSignature');

// Sign the XML...
$success = $gen->CreateXmlDSigSb($sbXml);
if ($success != true) {
    print $gen->lastErrorText() . "\n";
    exit;
}

// -----------------------------------------------

// Save the signed XML to a file.
$success = $sbXml->WriteFile('c:/temp/qa_output/signedXml.xml','utf-8',false);

print $sbXml->getAsString() . "\n";

// ----------------------------------------
// Verify the signatures we just produced...
$verifier = new CkXmlDSig();
$success = $verifier->LoadSignatureSb($sbXml);
if ($success != true) {
    print $verifier->lastErrorText() . "\n";
    exit;
}

$numSigs = $verifier->get_NumSignatures();
$verifyIdx = 0;
while ($verifyIdx < $numSigs) {
    $verifier->put_Selector($verifyIdx);
    $verified = $verifier->VerifySignature(true);
    if ($verified != true) {
        print $verifier->lastErrorText() . "\n";
        exit;
    }

    $verifyIdx = $verifyIdx + 1;
}

print 'All signatures were successfully verified.' . "\n";

?>