(PowerShell) Sign Mexico Pedimento

Add a signature to a Mexico pedimento file.

Chilkat .NET Downloads Chilkat .NET Assemblies

Add-Type -Path "C:\chilkat\ChilkatDotNet47-x64\ChilkatDotNet47.dll"

# This example requires the Chilkat API to have been previously unlocked.
# See Global Unlock Sample for sample code.

# This is the contents before signing:

# 500|1|3621|4199800|400||
# 601|3621|4199800|400|IN|1||EKU9003173C9|EKU9003173C9FRNN09|1||
# 507|4199800|IM|2006-7888">
# 507|4199800|MS|2">
# 800|4199800|1">
# 801|M3621037.222|1|5|011|

# This is the contents after signing

# 500|1|3621|4199800|400||
# 601|3621|4199800|400|IN|1||EKU9003173C9|EKU9003173C9FRNN09|1||
# 507|4199800|IM|2006-7888">
# 507|4199800|MS|2">
# 800|4199800|1|fhP2Ker54D2+3+UZch23F0E72 .... 9qNSPIuAqpj524qLZbbA==|30001000000500003416|
# 801|M3621037.222|1|5|011|

# First create the text to be signed.
$bCRLF = $true
$sb = New-Object Chilkat.StringBuilder
# Use CRLF line endings.
$sb.AppendLine("500|1|3621|4199800|400||",$bCRLF)
$sb.AppendLine("601|3621|4199800|400|IN|1||EKU9003173C9|EKU9003173C9FRNN09|1||",$bCRLF)
$sb.AppendLine("507|4199800|IM|2006-7888">",$bCRLF)
$sb.AppendLine("507|4199800|MS|2">",$bCRLF)

# Generate the MD5 hash of what we have so far..
$md5_base64 = $sb.GetHash("md5","base64","utf-8")
$("MD5 hash = " + $md5_base64)

# Complete the original file.
# After signing, we'll update the BASE64_SIGNATURE and CERT_SERIAL
$sb.AppendLine("800|4199800|1|BASE64_SIGNATURE|CERT_SERIAL|",$bCRLF)
$sb.AppendLine("801|M3621037.222|1|5|011|",$bCRLF)

# We're going to sign the MD5 hash using the private key.
$privKey = New-Object Chilkat.PrivateKey
$success = $privKey.LoadAnyFormatFile("qa_data/certs/mexico_test/Certificados_de_Prueba/Certificados_Pruebas/Personas Morales/EKU9003173C9_20230517223532/CSD_EKU9003173C9_20230517223903/CSD_Sucursal_1_EKU9003173C9_20230517_223850.key","12345678a")
if ($success -eq $false) {
    $($privKey.LastErrorText)
    exit
}

# Generate the ASN.1 to be signed.

# <sequence>
#     <sequence>
#         <oid>1.2.840.113549.2.5</oid>
#         <null/>
#     </sequence>
#     <octets>SwxHfaJhG+N3pPqay6UzVA==</octets>
# </sequence>

$xml = New-Object Chilkat.Xml
$xml.Tag = "sequence"
$xml.UpdateChildContent("sequence|oid","1.2.840.113549.2.5")
$xml.UpdateChildContent("sequence|null","")
$xml.UpdateChildContent("octets",$md5_base64)

$asn = New-Object Chilkat.Asn
$asn.LoadAsnXml($xml.GetXml())
$("ASN.1 = " + $asn.GetEncodedDer("base64"))

# Sign with the private key.
$rsa = New-Object Chilkat.Rsa
$success = $rsa.ImportPrivateKeyObj($privKey)
if ($success -eq $false) {
    $($rsa.LastErrorText)
    exit
}

# Create the opaque signature.
$bdSig = New-Object Chilkat.BinData
$bdSig.AppendEncoded($asn.GetEncodedDer("base64"),"base64")
$success = $rsa.OpenSslSignBd($bdSig)
if ($success -eq $false) {
    $($rsa.LastErrorText)
    exit
}

# bd now contains the opaque signature, which embeds the ASN.1, which contains the MD5 hash.
# We're going to add this line:
# 800|4199800|1|BASE64_SIGNATURE|CERT_SERIAL_NUM|

$cert = New-Object Chilkat.Cert
$success = $cert.LoadFromFile("qa_data/certs/mexico_test/Certificados_de_Prueba/Certificados_Pruebas/Personas Morales/EKU9003173C9_20230517223532/CSD_EKU9003173C9_20230517223903/CSD_Sucursal_1_EKU9003173C9_20230517_223850.cer")
if ($success -eq $false) {
    $($cert.LastErrorText)
    exit
}

$serialHex = $cert.SerialNumber
# The serial in hex form looks like this:   3330303031303030303030353030303033343136
# Decode to us-ascii.
$sbSerial = New-Object Chilkat.StringBuilder
$sbSerial.DecodeAndAppend($serialHex,"hex","us-ascii")
$("serial number in us-ascii: " + $sbSerial.GetAsString())

$numReplaced = $sb.Replace("CERT_SERIAL",$sbSerial.GetAsString())
$numReplaced = $sb.Replace("BASE64_SIGNATURE",$bdSig.GetEncoded("base64"))

$("------------------------------------")
$("Result:")
$($sb.GetAsString())