PowerBuilder
PowerBuilder
Sign XML for Zakat, Tax and Customs Authority (ZATCA)
See more ZATCA Examples
Demonstrates how to sign XML for Zakat, Tax and Customs Authority (ZATCA).Chilkat PowerBuilder Downloads
integer li_rc
integer li_Success
oleobject loo_SbXml
oleobject loo_Gen
oleobject loo_Object1
oleobject loo_Xml1
oleobject loo_CertFromPfx
oleobject loo_Cert
oleobject loo_PrivKey
oleobject loo_Verifier
integer li_NumSigs
integer li_VerifyIdx
integer li_Verified
li_Success = 0
// This example requires the Chilkat API to have been previously unlocked.
// See Global Unlock Sample for sample code.
li_Success = 1
// Load XML to be signed...
loo_SbXml = create oleobject
li_rc = loo_SbXml.ConnectToNewObject("Chilkat.StringBuilder")
if li_rc < 0 then
destroy loo_SbXml
MessageBox("Error","Connecting to COM object failed")
return
end if
li_Success = loo_SbXml.LoadFile("qa_data/xml_dsig_valid_samples/UBL_Saudi_ZATCA_Zakat_Tax_and_Customs_Authority_toBeSigned.xml","utf-8")
if li_Success = 0 then
Write-Debug "Failed to load XML file to be signed."
destroy loo_SbXml
return
end if
// Loads XML containing the following (with data modified from the original sample).
// <?xml version="1.0" encoding="UTF-8"?>
// <Invoice xmlns="urn:oasis:names:specification:ubl:schema:xsd:Invoice-2" xmlns:cac="urn:oasis:names:specification:ubl:schema:xsd:CommonAggregateComponents-2" xmlns:cbc="urn:oasis:names:specification:ubl:schema:xsd:CommonBasicComponents-2" xmlns:ext="urn:oasis:names:specification:ubl:schema:xsd:CommonExtensionComponents-2"><ext:UBLExtensions>
// <ext:UBLExtension>
// <ext:ExtensionURI>urn:oasis:names:specification:ubl:dsig:enveloped:xades</ext:ExtensionURI>
// <ext:ExtensionContent>
// <sig:UBLDocumentSignatures xmlns:sig="urn:oasis:names:specification:ubl:schema:xsd:CommonSignatureComponents-2" xmlns:sac="urn:oasis:names:specification:ubl:schema:xsd:SignatureAggregateComponents-2" xmlns:sbc="urn:oasis:names:specification:ubl:schema:xsd:SignatureBasicComponents-2">
// <sac:SignatureInformation>
// <cbc:ID>urn:oasis:names:specification:ubl:signature:1</cbc:ID>
// <sbc:ReferencedSignatureID>urn:oasis:names:specification:ubl:signature:Invoice</sbc:ReferencedSignatureID>
//
// </sac:SignatureInformation>
// </sig:UBLDocumentSignatures>
// </ext:ExtensionContent>
// </ext:UBLExtension>
// </ext:UBLExtensions>
//
// <cbc:ProfileID>reporting:1.0</cbc:ProfileID>
// <cbc:ID>100</cbc:ID>
// <cbc:UUID>3cf5ee18-ee25-44ea-a444-2c37ba7f28be</cbc:UUID>
// <cbc:IssueDate>2021-04-25</cbc:IssueDate>
// <cbc:IssueTime>15:30:00</cbc:IssueTime>
// <cbc:InvoiceTypeCode name="0100000">388</cbc:InvoiceTypeCode>
// <cbc:DocumentCurrencyCode>SAR</cbc:DocumentCurrencyCode>
// <cbc:TaxCurrencyCode>SAR</cbc:TaxCurrencyCode>
// <cbc:LineCountNumeric>2</cbc:LineCountNumeric>
// <cac:AdditionalDocumentReference>
// <cbc:ID>ICV</cbc:ID>
// <cbc:UUID>46531</cbc:UUID>
// </cac:AdditionalDocumentReference>
// <cac:AdditionalDocumentReference>
// <cbc:ID>PIH</cbc:ID>
// <cac:Attachment>
// <cbc:EmbeddedDocumentBinaryObject mimeCode="text/plain">NWZl......NTdlOQ==</cbc:EmbeddedDocumentBinaryObject>
// </cac:Attachment>
// </cac:AdditionalDocumentReference>
//
//
// <cac:AdditionalDocumentReference>
// <cbc:ID>QR</cbc:ID>
// <cac:Attachment>
// <cbc:EmbeddedDocumentBinaryObject mimeCode="text/plain">ARlBbC........FAau5g</cbc:EmbeddedDocumentBinaryObject>
// </cac:Attachment>
// </cac:AdditionalDocumentReference><cac:Signature>
// <cbc:ID>urn:oasis:names:specification:ubl:signature:Invoice</cbc:ID>
// <cbc:SignatureMethod>urn:oasis:names:specification:ubl:dsig:enveloped:xades</cbc:SignatureMethod>
// </cac:Signature><cac:AccountingSupplierParty>
// <cac:Party>
// <cac:PartyIdentification>
// <cbc:ID schemeID="MLS">123457890</cbc:ID>
// </cac:PartyIdentification>
// <cac:PostalAddress>
// <cbc:StreetName>King Abdulaziz Road</cbc:StreetName>
// <cbc:BuildingNumber>9999</cbc:BuildingNumber>
// <cbc:PlotIdentification>9999</cbc:PlotIdentification>
// <cbc:CitySubdivisionName>Al Amal</cbc:CitySubdivisionName>
// <cbc:CityName>Riyadh</cbc:CityName>
// <cbc:PostalZone>12643</cbc:PostalZone>
// <cbc:CountrySubentity>Riyadh Region</cbc:CountrySubentity>
// <cac:Country>
// <cbc:IdentificationCode>SA</cbc:IdentificationCode>
// </cac:Country>
// </cac:PostalAddress>
// <cac:PartyTaxScheme>
// <cbc:CompanyID>300099999900003</cbc:CompanyID>
// <cac:TaxScheme>
// <cbc:ID>VAT</cbc:ID>
// </cac:TaxScheme>
// </cac:PartyTaxScheme>
// <cac:PartyLegalEntity>
// <cbc:RegistrationName>Example Co. LTD</cbc:RegistrationName>
// </cac:PartyLegalEntity>
// </cac:Party>
// </cac:AccountingSupplierParty>
// <cac:AccountingCustomerParty>
// <cac:Party>
// <cac:PartyIdentification>
// <cbc:ID schemeID="SAG">123C12345678</cbc:ID>
// </cac:PartyIdentification>
// <cac:PostalAddress>
// <cbc:StreetName>King Abdullah Road</cbc:StreetName>
// <cbc:BuildingNumber>9999</cbc:BuildingNumber>
// <cbc:PlotIdentification>9999</cbc:PlotIdentification>
// <cbc:CitySubdivisionName>Al Mursalat</cbc:CitySubdivisionName>
// <cbc:CityName>Riyadh</cbc:CityName>
// <cbc:PostalZone>11564</cbc:PostalZone>
// <cbc:CountrySubentity>Riyadh Region</cbc:CountrySubentity>
// <cac:Country>
// <cbc:IdentificationCode>SA</cbc:IdentificationCode>
// </cac:Country>
// </cac:PostalAddress>
// <cac:PartyTaxScheme>
// <cac:TaxScheme>
// <cbc:ID>VAT</cbc:ID>
// </cac:TaxScheme>
// </cac:PartyTaxScheme>
// <cac:PartyLegalEntity>
// <cbc:RegistrationName>EXAMPLE MARKETS</cbc:RegistrationName>
// </cac:PartyLegalEntity>
// </cac:Party>
// </cac:AccountingCustomerParty>
// <cac:Delivery>
// <cbc:ActualDeliveryDate>2022-04-25</cbc:ActualDeliveryDate>
// </cac:Delivery>
// <cac:PaymentMeans>
// <cbc:PaymentMeansCode>42</cbc:PaymentMeansCode>
// </cac:PaymentMeans>
// <cac:TaxTotal>
// <cbc:TaxAmount currencyID="SAR">135.00</cbc:TaxAmount>
// <cac:TaxSubtotal>
// <cbc:TaxableAmount currencyID="SAR">900.00</cbc:TaxableAmount>
// <cbc:TaxAmount currencyID="SAR">135.00</cbc:TaxAmount>
// <cac:TaxCategory>
// <cbc:ID>S</cbc:ID>
// <cbc:Percent>15</cbc:Percent>
// <cac:TaxScheme>
// <cbc:ID>VAT</cbc:ID>
// </cac:TaxScheme>
// </cac:TaxCategory>
// </cac:TaxSubtotal>
// </cac:TaxTotal>
// <cac:TaxTotal>
// <cbc:TaxAmount currencyID="SAR">135.00</cbc:TaxAmount>
// </cac:TaxTotal>
// <cac:LegalMonetaryTotal>
// <cbc:LineExtensionAmount currencyID="SAR">900.00</cbc:LineExtensionAmount>
// <cbc:TaxExclusiveAmount currencyID="SAR">900.00</cbc:TaxExclusiveAmount>
// <cbc:TaxInclusiveAmount currencyID="SAR">1035.00</cbc:TaxInclusiveAmount>
// <cbc:AllowanceTotalAmount currencyID="SAR">0.00</cbc:AllowanceTotalAmount>
// <cbc:PayableAmount currencyID="SAR">1035.00</cbc:PayableAmount>
// </cac:LegalMonetaryTotal>
// <cac:InvoiceLine>
// <cbc:ID>1</cbc:ID>
// <cbc:InvoicedQuantity unitCode="PCE">1</cbc:InvoicedQuantity>
// <cbc:LineExtensionAmount currencyID="SAR">200.00</cbc:LineExtensionAmount>
// <cac:TaxTotal>
// <cbc:TaxAmount currencyID="SAR">30.00</cbc:TaxAmount>
// <cbc:RoundingAmount currencyID="SAR">230.00</cbc:RoundingAmount>
// </cac:TaxTotal>
// <cac:Item>
// <cbc:Name>Item A</cbc:Name>
// <cac:ClassifiedTaxCategory>
// <cbc:ID>S</cbc:ID>
// <cbc:Percent>15</cbc:Percent>
// <cac:TaxScheme>
// <cbc:ID>VAT</cbc:ID>
// </cac:TaxScheme>
// </cac:ClassifiedTaxCategory>
// </cac:Item>
// <cac:Price>
// <cbc:PriceAmount currencyID="SAR">200.00</cbc:PriceAmount>
// </cac:Price>
// </cac:InvoiceLine>
// <cac:InvoiceLine>
// <cbc:ID>2</cbc:ID>
// <cbc:InvoicedQuantity unitCode="PCE">2</cbc:InvoicedQuantity>
// <cbc:LineExtensionAmount currencyID="SAR">700.00</cbc:LineExtensionAmount>
// <cac:TaxTotal>
// <cbc:TaxAmount currencyID="SAR">105.00</cbc:TaxAmount>
// <cbc:RoundingAmount currencyID="SAR">805.00</cbc:RoundingAmount>
// </cac:TaxTotal>
// <cac:Item>
// <cbc:Name>Item B</cbc:Name>
// <cac:ClassifiedTaxCategory>
// <cbc:ID>S</cbc:ID>
// <cbc:Percent>15</cbc:Percent>
// <cac:TaxScheme>
// <cbc:ID>VAT</cbc:ID>
// </cac:TaxScheme>
// </cac:ClassifiedTaxCategory>
// </cac:Item>
// <cac:Price>
// <cbc:PriceAmount currencyID="SAR">350.00</cbc:PriceAmount>
// </cac:Price>
// </cac:InvoiceLine>
// </Invoice>
loo_Gen = create oleobject
li_rc = loo_Gen.ConnectToNewObject("Chilkat.XmlDSigGen")
loo_Gen.SigLocation = "Invoice|ext:UBLExtensions|ext:UBLExtension|ext:ExtensionContent|sig:UBLDocumentSignatures|sac:SignatureInformation"
loo_Gen.SigLocationMod = 0
loo_Gen.SigId = "signature"
loo_Gen.SigNamespacePrefix = "ds"
loo_Gen.SigNamespaceUri = "http://www.w3.org/2000/09/xmldsig#"
loo_Gen.SignedInfoCanonAlg = "C14N_11"
loo_Gen.SignedInfoDigestMethod = "sha256"
// Create an Object to be added to the Signature.
loo_Object1 = create oleobject
li_rc = loo_Object1.ConnectToNewObject("Chilkat.Xml")
loo_Object1.Tag = "xades:QualifyingProperties"
loo_Object1.AddAttribute("xmlns:xades","http://uri.etsi.org/01903/v1.3.2#")
loo_Object1.AddAttribute("Target","signature")
loo_Object1.UpdateAttrAt("xades:SignedProperties",1,"Id","xadesSignedProperties")
loo_Object1.UpdateChildContent("xades:SignedProperties|xades:SignedSignatureProperties|xades:SigningTime","TO BE GENERATED BY CHILKAT")
loo_Object1.UpdateAttrAt("xades:SignedProperties|xades:SignedSignatureProperties|xades:SigningCertificate|xades:Cert|xades:CertDigest|ds:DigestMethod",1,"Algorithm","http://www.w3.org/2001/04/xmlenc#sha256")
loo_Object1.UpdateChildContent("xades:SignedProperties|xades:SignedSignatureProperties|xades:SigningCertificate|xades:Cert|xades:CertDigest|ds:DigestValue","TO BE GENERATED BY CHILKAT")
loo_Object1.UpdateChildContent("xades:SignedProperties|xades:SignedSignatureProperties|xades:SigningCertificate|xades:Cert|xades:IssuerSerial|ds:X509IssuerName","TO BE GENERATED BY CHILKAT")
loo_Object1.UpdateChildContent("xades:SignedProperties|xades:SignedSignatureProperties|xades:SigningCertificate|xades:Cert|xades:IssuerSerial|ds:X509SerialNumber","TO BE GENERATED BY CHILKAT")
loo_Gen.AddObject("",loo_Object1.GetXml(),"","")
// -------- Reference 1 --------
loo_Xml1 = create oleobject
li_rc = loo_Xml1.ConnectToNewObject("Chilkat.Xml")
loo_Xml1.Tag = "ds:Transforms"
loo_Xml1.UpdateAttrAt("ds:Transform",1,"Algorithm","http://www.w3.org/TR/1999/REC-xpath-19991116")
loo_Xml1.UpdateChildContent("ds:Transform|ds:XPath","not(//ancestor-or-self::ext:UBLExtensions)")
loo_Xml1.UpdateAttrAt("ds:Transform[1]",1,"Algorithm","http://www.w3.org/TR/1999/REC-xpath-19991116")
loo_Xml1.UpdateChildContent("ds:Transform[1]|ds:XPath","not(//ancestor-or-self::cac:Signature)")
loo_Xml1.UpdateAttrAt("ds:Transform[2]",1,"Algorithm","http://www.w3.org/TR/1999/REC-xpath-19991116")
loo_Xml1.UpdateChildContent("ds:Transform[2]|ds:XPath","not(//ancestor-or-self::cac:AdditionalDocumentReference[cbc:ID='QR'])")
loo_Xml1.UpdateAttrAt("ds:Transform[3]",1,"Algorithm","http://www.w3.org/2006/12/xml-c14n11")
loo_Gen.AddSameDocRef2("","sha256",loo_Xml1,"")
loo_Gen.SetRefIdAttr("","invoiceSignedData")
// -------- Reference 2 --------
loo_Gen.AddObjectRef("xadesSignedProperties","sha256","","","http://www.w3.org/2000/09/xmldsig#SignatureProperties")
// Provide a certificate + private key. (PFX password is test123)
loo_CertFromPfx = create oleobject
li_rc = loo_CertFromPfx.ConnectToNewObject("Chilkat.Cert")
li_Success = loo_CertFromPfx.LoadPfxFile("qa_data/pfx/cert_test123.pfx","test123")
if li_Success <> 1 then
Write-Debug loo_CertFromPfx.LastErrorText
destroy loo_SbXml
destroy loo_Gen
destroy loo_Object1
destroy loo_Xml1
destroy loo_CertFromPfx
return
end if
// Alternatively, if your certificate and private key are in separate PEM files, do this:
loo_Cert = create oleobject
li_rc = loo_Cert.ConnectToNewObject("Chilkat.Cert")
li_Success = loo_Cert.LoadFromFile("qa_data/zatca/cert.pem")
if li_Success <> 1 then
Write-Debug loo_Cert.LastErrorText
destroy loo_SbXml
destroy loo_Gen
destroy loo_Object1
destroy loo_Xml1
destroy loo_CertFromPfx
destroy loo_Cert
return
end if
Write-Debug loo_Cert.SubjectCN
// Load the private key.
loo_PrivKey = create oleobject
li_rc = loo_PrivKey.ConnectToNewObject("Chilkat.PrivateKey")
li_Success = loo_PrivKey.LoadPemFile("qa_data/zatca/ec-secp256k1-priv-key.pem")
if li_Success <> 1 then
Write-Debug loo_PrivKey.LastErrorText
destroy loo_SbXml
destroy loo_Gen
destroy loo_Object1
destroy loo_Xml1
destroy loo_CertFromPfx
destroy loo_Cert
destroy loo_PrivKey
return
end if
Write-Debug "Key Type: " + loo_PrivKey.KeyType
// Associate the private key with the certificate.
li_Success = loo_Cert.SetPrivateKey(loo_PrivKey)
if li_Success <> 1 then
Write-Debug loo_Cert.LastErrorText
destroy loo_SbXml
destroy loo_Gen
destroy loo_Object1
destroy loo_Xml1
destroy loo_CertFromPfx
destroy loo_Cert
destroy loo_PrivKey
return
end if
// The certificate passed to SetX509Cert must have an associated private key.
// If the cert was loaded from a PFX, then it should automatically has an associated private key.
// If the cert was loaded from PEM, then the private key was explicitly associated as shown above.
li_Success = loo_Gen.SetX509Cert(loo_Cert,1)
if li_Success <> 1 then
Write-Debug loo_Gen.LastErrorText
destroy loo_SbXml
destroy loo_Gen
destroy loo_Object1
destroy loo_Xml1
destroy loo_CertFromPfx
destroy loo_Cert
destroy loo_PrivKey
return
end if
loo_Gen.KeyInfoType = "X509Data"
loo_Gen.X509Type = "Certificate"
// ---------------- This is important -----------------------------------------
// Starting in Chilkat v9.5.0.92, add the "ZATCA" behavior to produce the format required by ZATCA.
loo_Gen.Behaviors = "IndentedSignature,TransformSignatureXPath,ZATCA"
// ----------------------------------------------------------------------------
// Sign the XML...
li_Success = loo_Gen.CreateXmlDSigSb(loo_SbXml)
if li_Success <> 1 then
Write-Debug loo_Gen.LastErrorText
destroy loo_SbXml
destroy loo_Gen
destroy loo_Object1
destroy loo_Xml1
destroy loo_CertFromPfx
destroy loo_Cert
destroy loo_PrivKey
return
end if
// -----------------------------------------------
// Save the signed XML to a file.
li_Success = loo_SbXml.WriteFile("qa_output/signedXml.xml","utf-8",0)
Write-Debug loo_SbXml.GetAsString()
// ----------------------------------------
// Verify the signatures we just produced...
loo_Verifier = create oleobject
li_rc = loo_Verifier.ConnectToNewObject("Chilkat.XmlDSig")
li_Success = loo_Verifier.LoadSignatureSb(loo_SbXml)
if li_Success <> 1 then
Write-Debug loo_Verifier.LastErrorText
destroy loo_SbXml
destroy loo_Gen
destroy loo_Object1
destroy loo_Xml1
destroy loo_CertFromPfx
destroy loo_Cert
destroy loo_PrivKey
destroy loo_Verifier
return
end if
// ---------------- This is important -----------------------------------------
// Starting in Chilkat v9.5.0.92, specify "ZATCA" in uncommon options
// to validate signed XML according to ZATCA needs.
// ----------------------------------------------------------------------------
loo_Verifier.UncommonOptions = "ZATCA"
li_NumSigs = loo_Verifier.NumSignatures
li_VerifyIdx = 0
do while li_VerifyIdx < li_NumSigs
loo_Verifier.Selector = li_VerifyIdx
li_Verified = loo_Verifier.VerifySignature(1)
if li_Verified <> 1 then
Write-Debug loo_Verifier.LastErrorText
destroy loo_SbXml
destroy loo_Gen
destroy loo_Object1
destroy loo_Xml1
destroy loo_CertFromPfx
destroy loo_Cert
destroy loo_PrivKey
destroy loo_Verifier
return
end if
li_VerifyIdx = li_VerifyIdx + 1
loop
Write-Debug "All signatures were successfully verified."
destroy loo_SbXml
destroy loo_Gen
destroy loo_Object1
destroy loo_Xml1
destroy loo_CertFromPfx
destroy loo_Cert
destroy loo_PrivKey
destroy loo_Verifier