|
Chilkat • HOME • .NET Core C# • Android™ • AutoIt • C • C# • C++ • Chilkat2-Python • CkPython • Classic ASP • DataFlex • Delphi ActiveX • Delphi DLL • Go • Java • Lianja • Mono C# • Node.js • Objective-C • PHP ActiveX • PHP Extension • Perl • PowerBuilder • PowerShell • PureBasic • Ruby • SQL Server • Swift 2 • Swift 3,4,5... • Tcl • Unicode C • Unicode C++ • VB.NET • VBScript • Visual Basic 6.0 • Visual FoxPro • Xojo Plugin
(PHP Extension) Signed Zip as Base64 with XAdES-BESThis example is to help companies implement a solution for sending XAdES-BES to the Polish government for reporting purposes. Specifically: Przed podpisaniem deklaracja zbiorcza (PIT-11Z, PIT-8CZ, PIT-40Z, PIT-RZ) musi zostać The example demonstrates the following:
This example will also show the reverse:
<?php // The version number (9_5_0) should match version of the Chilkat extension used, omitting the micro-version number. // For example, if using Chilkat v9.5.0.48, then include as shown here: include("chilkat_9_5_0.php"); // This example assumes the Chilkat API to have been previously unlocked. // See Global Unlock Sample for sample code. // Zip the PIT-11Z.xml to create PIT-11Z.zip (not as a .zip file, but in-memory). $sbXmlToZip = new CkStringBuilder(); $success = $sbXmlToZip->LoadFile('qa_data/xml/PIT-11Z.xml','utf-8'); if ($success != true) { print 'Failed to load the XML to be zipped.' . "\n"; exit; } $zip = new CkZip(); // Initialize the zip object. No file is created in this call. // It should always return true. $success = $zip->NewZip('PIT-11Z.zip'); // Add the XML to be zipped. // entry is a CkZipEntry $entry = $zip->AppendString('PIT-11Z.xml',$sbXmlToZip->getAsString()); // Write the zip to a BinData object. $bdZip = new CkBinData(); $zip->WriteBd($bdZip); // The contents of the bdZip will be retrieved in base64 format when needed below.. $gen = new CkXmlDSigGen(); $gen->put_SigLocation(''); $gen->put_SigLocationMod(0); $gen->put_SigId('Signature_2a8df7f8-b958-40cc-83f6-edb53b837347_19'); $gen->put_SigNamespacePrefix('ds'); $gen->put_SigNamespaceUri('http://www.w3.org/2000/09/xmldsig#'); $gen->put_SigValueId('SignatureValue_2a8df7f8-b958-40cc-83f6-edb53b837347_52'); $gen->put_SignedInfoId('SignedInfo_2a8df7f8-b958-40cc-83f6-edb53b837347_41'); $gen->put_SignedInfoCanonAlg('C14N'); $gen->put_SignedInfoDigestMethod('sha1'); // Set the KeyInfoId before adding references.. $gen->put_KeyInfoId('KeyInfo_2a8df7f8-b958-40cc-83f6-edb53b837347_24'); // Create an Object to be added to the Signature. $object1 = new CkXml(); $object1->put_Tag('xades:QualifyingProperties'); $object1->AddAttribute('xmlns:xades','http://uri.etsi.org/01903/v1.3.2#'); $object1->AddAttribute('Id','QualifyingProperties_2a8df7f8-b958-40cc-83f6-edb53b837347_43'); $object1->AddAttribute('Target','#Signature_2a8df7f8-b958-40cc-83f6-edb53b837347_19'); $object1->UpdateAttrAt('xades:SignedProperties',true,'Id','SignedProperties_2a8df7f8-b958-40cc-83f6-edb53b837347_4e'); $object1->UpdateAttrAt('xades:SignedProperties|xades:SignedSignatureProperties',true,'Id','SignedSignatureProperties_2a8df7f8-b958-40cc-83f6-edb53b837347_0a'); // Chilkat will replace the strings "TO BE GENERATED BY CHILKAT" with actual values when the signature is created. $object1->UpdateChildContent('xades:SignedProperties|xades:SignedSignatureProperties|xades:SigningTime','TO BE GENERATED BY CHILKAT'); // Note: It may be that http://www.w3.org/2001/04/xmlenc#sha256 is needed in the following line instead of http://www.w3.org/2000/09/xmldsig#sha1 $object1->UpdateAttrAt('xades:SignedProperties|xades:SignedSignatureProperties|xades:SigningCertificate|xades:Cert|xades:CertDigest|ds:DigestMethod',true,'Algorithm','http://www.w3.org/2000/09/xmldsig#sha1'); $object1->UpdateChildContent('xades:SignedProperties|xades:SignedSignatureProperties|xades:SigningCertificate|xades:Cert|xades:CertDigest|ds:DigestValue','TO BE GENERATED BY CHILKAT'); $object1->UpdateChildContent('xades:SignedProperties|xades:SignedSignatureProperties|xades:SigningCertificate|xades:Cert|xades:IssuerSerial|ds:X509IssuerName','TO BE GENERATED BY CHILKAT'); $object1->UpdateChildContent('xades:SignedProperties|xades:SignedSignatureProperties|xades:SigningCertificate|xades:Cert|xades:IssuerSerial|ds:X509SerialNumber','TO BE GENERATED BY CHILKAT'); $object1->UpdateAttrAt('xades:SignedProperties|xades:SignedDataObjectProperties',true,'Id','SignedDataObjectProperties_2a8df7f8-b958-40cc-83f6-edb53b837347_4b'); $object1->UpdateAttrAt('xades:SignedProperties|xades:SignedDataObjectProperties|xades:DataObjectFormat',true,'ObjectReference','#Reference1_2a8df7f8-b958-40cc-83f6-edb53b837347_27'); $object1->UpdateChildContent('xades:SignedProperties|xades:SignedDataObjectProperties|xades:DataObjectFormat|xades:Description','MIME-Version: 1.0\r\nContent-Type: application/zip\r\nContent-Transfer-Encoding: binary\r\nContent-Disposition: filename="PIT-11Z.zip"'); $object1->UpdateAttrAt('xades:SignedProperties|xades:SignedDataObjectProperties|xades:DataObjectFormat|xades:ObjectIdentifier|xades:Identifier',true,'Qualifier','OIDAsURI'); $object1->UpdateChildContent('xades:SignedProperties|xades:SignedDataObjectProperties|xades:DataObjectFormat|xades:ObjectIdentifier|xades:Identifier','http://www.certum.pl/OIDAsURI/signedFile/1.2.616.1.113527.3.1.1.3.1'); $object1->UpdateChildContent('xades:SignedProperties|xades:SignedDataObjectProperties|xades:DataObjectFormat|xades:ObjectIdentifier|xades:Description','Opis formatu dokumentu oraz jego pelna nazwa'); $object1->UpdateChildContent('xades:SignedProperties|xades:SignedDataObjectProperties|xades:DataObjectFormat|xades:ObjectIdentifier|xades:DocumentationReferences|xades:DocumentationReference','http://www.certum.pl/OIDAsURI/signedFile.pdf'); $object1->UpdateChildContent('xades:SignedProperties|xades:SignedDataObjectProperties|xades:DataObjectFormat|xades:MimeType','application/zip'); $object1->UpdateChildContent('xades:SignedProperties|xades:SignedDataObjectProperties|xades:CommitmentTypeIndication|xades:CommitmentTypeId|xades:Identifier','http://uri.etsi.org/01903/v1.2.2#ProofOfApproval'); $object1->UpdateChildContent('xades:SignedProperties|xades:SignedDataObjectProperties|xades:CommitmentTypeIndication|xades:AllSignedDataObjects',''); $object1->UpdateAttrAt('xades:UnsignedProperties',true,'Id','UnsignedProperties_2a8df7f8-b958-40cc-83f6-edb53b837347_55'); // Emit XML in compact (single-line) format to avoid whitespace problems. $object1->put_EmitCompact(true); $gen->AddObject('',$object1->getXml(),'',''); // Create an Object to be added to the Signature. // This is where we add the base64 representation of the PIT-11Z.zip $gen->AddObject('Object1_2a8df7f8-b958-40cc-83f6-edb53b837347',$bdZip->getEncoded('base64'),'','http://www.w3.org/2000/09/xmldsig#base64'); // -------- Reference 1 -------- $gen->AddObjectRef('Object1_2a8df7f8-b958-40cc-83f6-edb53b837347','sha1','C14N_WithComments','',''); $gen->SetRefIdAttr('Object1_2a8df7f8-b958-40cc-83f6-edb53b837347','Reference1_2a8df7f8-b958-40cc-83f6-edb53b837347_27'); // -------- Reference 2 -------- $gen->AddObjectRef('SignedProperties_2a8df7f8-b958-40cc-83f6-edb53b837347_4e','sha1','','','http://uri.etsi.org/01903#SignedProperties'); $gen->SetRefIdAttr('SignedProperties_2a8df7f8-b958-40cc-83f6-edb53b837347_4e','SignedProperties-Reference_2a8df7f8-b958-40cc-83f6-edb53b837347_28'); // Provide a certificate + private key. (PFX password is test123) $cert = new CkCert(); $success = $cert->LoadPfxFile('qa_data/pfx/cert_test123.pfx','test123'); if ($success != true) { print $cert->lastErrorText() . "\n"; exit; } $gen->SetX509Cert($cert,true); $gen->put_KeyInfoType('X509Data'); $gen->put_X509Type('Certificate'); // This will be an enveloping signature where the Signature element // is the XML document root, the signed data is contained within Object // tag(s) within the Signature. // Therefore, pass an empty sbXml to CreateXmlDsigSb. $sbXml = new CkStringBuilder(); // The Polish government's XmlDSig implementation requires that we reproduce an attribute-sorting error. // (This is an error in the XML canonicalization that is not noticed when both the signature-creation code and signature-verification code use // the same XML canonicalization implementation w/ the bug.) $gen->put_Behaviors('AttributeSortingBug,CompactSignedXml'); // Sign the XML... $success = $gen->CreateXmlDSigSb($sbXml); if ($success != true) { print $gen->lastErrorText() . "\n"; exit; } // ----------------------------------------------- // Save the signed XML to a file. $success = $sbXml->WriteFile('qa_output/signedXml.xml','utf-8',false); print $sbXml->getAsString() . "\n"; // ---------------------------------------- // Verify the signature we just produced... $verifier = new CkXmlDSig(); $success = $verifier->LoadSignatureSb($sbXml); if ($success != true) { print $verifier->lastErrorText() . "\n"; exit; } $verified = $verifier->VerifySignature(true); if ($verified != true) { print $verifier->lastErrorText() . "\n"; exit; } print 'This signature was successfully verified.' . "\n"; // ------------------------------------ // Finally, let's extract the .zip from the signed XML, and then unzip the original PIT-11Z.xml from the in-memory zip. $xml = new CkXml(); $xml->LoadSb($sbXml,true); // The base64 image of the PIT-11Z.zip is in the 2nd ds:Object child of the ds:Signature (the ds:Signature is the root element of the signed XML). // (ds:Object[0] would be the 1st ds:Object child. Index 1 is the 2nd ds:Object child.) $strZipBase64 = $xml->getChildContent('ds:Object[1]'); $bdZip->Clear(); $bdZip->AppendEncoded($strZipBase64,'base64'); if ($bdZip->get_NumBytes() == 0) { print 'Something went wrong.. we dont' have any data..' . "\n"; exit; } $success = $zip->OpenBd($bdZip); if ($success != true) { print $zip->lastErrorText() . "\n"; exit; } // Get the 1st file in the zip, which should be the PIT-11Z.xml // entry is a CkZipEntry $entry = $zip->GetEntryByIndex(0); if ($zip->get_LastMethodSuccess() != true) { print 'Zip contains no files...' . "\n"; exit; } // Get the XML: $origXml = $entry->unzipToString(0,'utf-8'); print 'Original XML extracted from base64 zip:' . "\n"; print $origXml . "\n"; ?> |
||||
© 2000-2024 Chilkat Software, Inc. All Rights Reserved.