|
Chilkat • HOME • .NET Core C# • Android™ • AutoIt • C • C# • C++ • Chilkat2-Python • CkPython • Classic ASP • DataFlex • Delphi ActiveX • Delphi DLL • Go • Java • Lianja • Mono C# • Node.js • Objective-C • PHP ActiveX • PHP Extension • Perl • PowerBuilder • PowerShell • PureBasic • Ruby • SQL Server • Swift 2 • Swift 3,4,5... • Tcl • Unicode C • Unicode C++ • VB.NET • VBScript • Visual Basic 6.0 • Visual FoxPro • Xojo Plugin
(PowerShell) CADES-BES Signature using ePass2003 TokenSee more Egypt ITIDA ExamplesDemonstrates using a certificate and private key located on an ePass2003 USB token to create a CADES-BES signature. (Demonstrates how to create a .p7s signature that fits Egypt's ITIDA requirements where Chilkat automatically does the ITIDA JSON canonicalization.)
Add-Type -Path "C:\chilkat\ChilkatDotNet47-9.5.0-x64\ChilkatDotNet47.dll" # This example requires the Chilkat API to have been previously unlocked. # See Global Unlock Sample for sample code. $scmd = New-Object Chilkat.ScMinidriver # Reader names (smart card readers or USB tokens) can be discovered # via List Readers or Find Smart Cards $readerName = "FS USB Token 0" $success = $scmd.AcquireContext($readerName) if ($success -eq $false) { $($scmd.LastErrorText) exit } # If successful, the name of the currently inserted smart card is available: $("Card name: " + $scmd.CardName) # If desired, perform regular PIN authentication with the smartcard. # For more details about smart card PIN authentication, see the Smart Card PIN Authentication Example $retval = $scmd.PinAuthenticate("user","12345678") if ($retval -ne 0) { $("PIN Authentication failed.") } # You can find a cerficate using any of the following certificate parts: # "subjectDN" -- The full distinguished name of the cert. # "subjectDN_withTags" -- Same as above, but in a format that includes the subject part tags, such as the "CN=" in "CN=something" # "subjectCN" -- The common name part (CN) of the certificate's subject. # "serial" -- The certificate serial number. # "serial:issuerCN" -- The certificate serial number + the issuer's common name, delimited with a colon char. # These are the same certificate parts that can be retrieved by listing certificates on the smart card (or USB token). # See List Certificates on Smart Card Example $certPart = "subjectCN" $partValue = "Matt" # If the certificate is found, it is loaded into the cert object. # Note: We imported this certificate from a .p12/.pfx using code such as this Example to Import a .pfx/.p12 onto a Smart Card $cert = New-Object Chilkat.Cert $success = $scmd.FindCert($certPart,$partValue,$cert) if ($success -eq $false) { $("Failed to find the certificate.") $scmd.DeleteContext() exit } $("Successfully loaded the cert object from the smart card / USB token.") # Note: When successful, the cert object is internally linked to the ScMinidriver object's authenticated session. # The cert object can now be used to sign or do other cryptographic operations that occur on the smart card / USB token. # If your application calls PinDeauthenticate or DeleteContext, the cert will no longer be able to sign on the smart card # because the smart card ScMinidriver session will no longer be authenticated or deleted. # ------------------------------------------------------------------------------------------------------------ # Here we have to code to create the CADES-BES signature using Chilkat Crypt2.. $crypt = New-Object Chilkat.Crypt2 # Tell the crypt class to use the cert on the ePass2003 token. $success = $crypt.SetSigningCert($cert) if ($success -ne $true) { $($crypt.LastErrorText) exit } $cmsOptions = New-Object Chilkat.JsonObject # Setting "DigestData" causes OID 1.2.840.113549.1.7.5 (digestData) to be used. $cmsOptions.UpdateBool("DigestData",$true) $cmsOptions.UpdateBool("OmitAlgorithmIdNull",$true) # Indicate that we are passing normal JSON and we want Chilkat do automatically # do the ITIDA JSON canonicalization: $cmsOptions.UpdateBool("CanonicalizeITIDA",$true) $crypt.CmsOptions = $cmsOptions.Emit() # The CadesEnabled property applies to all methods that create CMS/PKCS7 signatures. # To create a CAdES-BES signature, set this property equal to true. $crypt.CadesEnabled = $true $crypt.HashAlgorithm = "sha256" $jsonSigningAttrs = New-Object Chilkat.JsonObject $jsonSigningAttrs.UpdateInt("contentType",1) $jsonSigningAttrs.UpdateInt("signingTime",1) $jsonSigningAttrs.UpdateInt("messageDigest",1) $jsonSigningAttrs.UpdateInt("signingCertificateV2",1) $crypt.SigningAttributes = $jsonSigningAttrs.Emit() # By default, all the certs in the chain of authentication are included in the signature. # If desired, we can choose to only include the signing certificate: $crypt.IncludeCertChain = $false # Pass a JSON document such as the following. Chilkat will do the ITIDA canonicalization. # (It is the canonicalized JSON that gets signed.) # { # "issuer":{ # "address":{ # "branchID":"0", # "country":"EG", # "regionCity":"Cairo", # "postalCode":"", # "buildingNumber":"0", # "street":"123rd Street", # "governate":"GOVERNATE" # }, # "type":"B", # "id":"209999899", # "name":"Xyz SAE" # }, # "receiver":{ # "address":{ # "country":"EG", # "regionCity":"CAIRO", # "postalCode":"11435", # "buildingNumber":"0", # "street":"Autostrad Road Abc", # "governate":"GOVERNATE" # }, # "type":"B", # "id":"999999999", # "name":"XYZ EGYPT FOR TRADE" # }, # "documentType":"I", # "documentTypeVersion":"1.0", # "dateTimeIssued":"2020-11-15T11:04:53Z", # "taxpayerActivityCode":"1073", # "internalID":"ZZZZ999", # "purchaseOrderReference":"2009199918", # "salesOrderReference":"", # "payment":{ # "bankName":"", # "bankAddress":"", # "bankAccountNo":"", # "bankAccountIBAN":"", # "swiftCode":"", # "terms":"" # }, # "delivery":{ # "approach":"", # "packaging":"", # "dateValidity":"", # "exportPort":"", # "countryOfOrigin":"EG", # "grossWeight":0, # "netWeight":0, # "terms":"" # }, # "invoiceLines":[ # { # "description":"CDM Widget 48GX99X12BA", # "itemType":"GS1", # "itemCode":"7622213335056", # "unitType":"CS", # "quantity":1.00, # "unitValue":{ # "currencySold":"EGP", # "amountEGP":588.67, # "amountSold":0, # "currencyExchangeRate":0 # }, # "salesTotal":588.67, # "total":603.97, # "valueDifference":0, # "totalTaxableFees":0, # "netTotal":529.8, # "itemsDiscount":0, # "discount":{ # "rate":10.00, # "amount":58.87 # }, # "taxableItems":[ # { # "taxType":"T1", # "amount":74.17, # "subType":"No sub", # "rate":14.00 # } # ], # "internalCode":"9099994" # } # ], # "totalSales":588.67, # "totalSalesAmount":588.67, # "totalDiscountAmount":58.87, # "netAmount":529.80, # "taxTotals":[ # { # "taxType":"T1", # "amount":74.17 # } # ], # "extraDiscountAmount":0, # "totalItemsDiscountAmount":0, # "totalAmount":603.97, # } # $json = New-Object Chilkat.JsonObject $success = $json.LoadFile("qa_data/itida/sdk.invoicing.eta.gov.eg/files/one-doc.json") if ($success -eq $false) { $($json.LastErrorText) exit } $json.EmitCompact = $false # Create the CAdES-BES signature. $crypt.EncodingMode = "base64" # Make sure we sign the utf-8 byte representation of the JSON string $crypt.Charset = "utf-8" $sigBase64 = $crypt.SignStringENC($json.Emit()) if ($crypt.LastMethodSuccess -eq $false) { $($crypt.LastErrorText) exit } $("Base64 signature:") $($sigBase64) # Add the signature to the JSON. $json.UpdateString("signatures[0].signatureType","I") $json.UpdateString("signatures[0].value",$sigBase64) $("JSON with signature added:") $($json.Emit()) # ------------------------------------------------------------------------------------------------------------ # Cleanup our ScMinidriver session... # When finished with operations that required authentication, you may if you wish, deauthenticate the session. $success = $scmd.PinDeauthenticate("user") if ($success -eq $false) { $($scmd.LastErrorText) } # Delete the context when finished with the card. $success = $scmd.DeleteContext() if ($success -eq $false) { $($scmd.LastErrorText) } |
||||
© 2000-2024 Chilkat Software, Inc. All Rights Reserved.