Chilkat HOME .NET Core C# Android™ AutoIt C C# C++ Chilkat2-Python CkPython Classic ASP DataFlex Delphi ActiveX Delphi DLL Go Java Lianja Mono C# Node.js Objective-C PHP ActiveX PHP Extension Perl PowerBuilder PowerShell PureBasic Ruby SQL Server Swift 2 Swift 3,4,5... Tcl Unicode C Unicode C++ VB.NET VBScript Visual Basic 6.0 Visual FoxPro Xojo Plugin
(PowerShell) Signed Zip as Base64 with XAdES-BESThis example is to help companies implement a solution for sending XAdES-BES to the Polish government for reporting purposes. Specifically: Przed podpisaniem deklaracja zbiorcza (PIT-11Z, PIT-8CZ, PIT-40Z, PIT-RZ) musi zostać The example demonstrates the following:
This example will also show the reverse:
Add-Type -Path "C:\chilkat\ChilkatDotNet47-x64\ChilkatDotNet47.dll" # This example assumes the Chilkat API to have been previously unlocked. # See Global Unlock Sample for sample code. # Zip the PIT-11Z.xml to create PIT-11Z.zip (not as a .zip file, but in-memory). $sbXmlToZip = New-Object Chilkat.StringBuilder $success = $sbXmlToZip.LoadFile("qa_data/xml/PIT-11Z.xml","utf-8") if ($success -ne $true) { $("Failed to load the XML to be zipped.") exit } $zip = New-Object Chilkat.Zip # Initialize the zip object. No file is created in this call. # It should always return $true. $success = $zip.NewZip("PIT-11Z.zip") # Add the XML to be zipped. $entry = $zip.AppendString("PIT-11Z.xml",$sbXmlToZip.GetAsString()) # Write the zip to a BinData object. $bdZip = New-Object Chilkat.BinData $zip.WriteBd($bdZip) # The contents of the bdZip will be retrieved in base64 format when needed below.. $gen = New-Object Chilkat.XmlDSigGen $gen.SigLocation = "" $gen.SigLocationMod = 0 $gen.SigId = "Signature_2a8df7f8-b958-40cc-83f6-edb53b837347_19" $gen.SigNamespacePrefix = "ds" $gen.SigNamespaceUri = "http://www.w3.org/2000/09/xmldsig#" $gen.SigValueId = "SignatureValue_2a8df7f8-b958-40cc-83f6-edb53b837347_52" $gen.SignedInfoId = "SignedInfo_2a8df7f8-b958-40cc-83f6-edb53b837347_41" $gen.SignedInfoCanonAlg = "C14N" $gen.SignedInfoDigestMethod = "sha1" # Set the KeyInfoId before adding references.. $gen.KeyInfoId = "KeyInfo_2a8df7f8-b958-40cc-83f6-edb53b837347_24" # Create an Object to be added to the Signature. $object1 = New-Object Chilkat.Xml $object1.Tag = "xades:QualifyingProperties" $object1.AddAttribute("xmlns:xades","http://uri.etsi.org/01903/v1.3.2#") $object1.AddAttribute("Id","QualifyingProperties_2a8df7f8-b958-40cc-83f6-edb53b837347_43") $object1.AddAttribute("Target","#Signature_2a8df7f8-b958-40cc-83f6-edb53b837347_19") $object1.UpdateAttrAt("xades:SignedProperties",$true,"Id","SignedProperties_2a8df7f8-b958-40cc-83f6-edb53b837347_4e") $object1.UpdateAttrAt("xades:SignedProperties|xades:SignedSignatureProperties",$true,"Id","SignedSignatureProperties_2a8df7f8-b958-40cc-83f6-edb53b837347_0a") # Chilkat will replace the strings "TO BE GENERATED BY CHILKAT" with actual values when the signature is created. $object1.UpdateChildContent("xades:SignedProperties|xades:SignedSignatureProperties|xades:SigningTime","TO BE GENERATED BY CHILKAT") # Note: It may be that http://www.w3.org/2001/04/xmlenc#sha256 is needed in the following line instead of http://www.w3.org/2000/09/xmldsig#sha1 $object1.UpdateAttrAt("xades:SignedProperties|xades:SignedSignatureProperties|xades:SigningCertificateV2|xades:Cert|xades:CertDigest|ds:DigestMethod",$true,"Algorithm","http://www.w3.org/2000/09/xmldsig#sha1") $object1.UpdateChildContent("xades:SignedProperties|xades:SignedSignatureProperties|xades:SigningCertificateV2|xades:Cert|xades:CertDigest|ds:DigestValue","TO BE GENERATED BY CHILKAT") $object1.UpdateChildContent("xades:SignedProperties|xades:SignedSignatureProperties|xades:SigningCertificateV2|xades:Cert|xades:IssuerSerialV2","TO BE GENERATED BY CHILKAT") $object1.UpdateAttrAt("xades:SignedProperties|xades:SignedDataObjectProperties",$true,"Id","SignedDataObjectProperties_2a8df7f8-b958-40cc-83f6-edb53b837347_4b") $object1.UpdateAttrAt("xades:SignedProperties|xades:SignedDataObjectProperties|xades:DataObjectFormat",$true,"ObjectReference","#Reference1_2a8df7f8-b958-40cc-83f6-edb53b837347_27") $object1.UpdateChildContent("xades:SignedProperties|xades:SignedDataObjectProperties|xades:DataObjectFormat|xades:Description","MIME-Version: 1.0`r`nContent-Type: application/zip`r`nContent-Transfer-Encoding: binary`r`nContent-Disposition: filename="PIT-11Z.zip"") $object1.UpdateAttrAt("xades:SignedProperties|xades:SignedDataObjectProperties|xades:DataObjectFormat|xades:ObjectIdentifier|xades:Identifier",$true,"Qualifier","OIDAsURI") $object1.UpdateChildContent("xades:SignedProperties|xades:SignedDataObjectProperties|xades:DataObjectFormat|xades:ObjectIdentifier|xades:Identifier","http://www.certum.pl/OIDAsURI/signedFile/1.2.616.1.113527.3.1.1.3.1") $object1.UpdateChildContent("xades:SignedProperties|xades:SignedDataObjectProperties|xades:DataObjectFormat|xades:ObjectIdentifier|xades:Description","Opis formatu dokumentu oraz jego pelna nazwa") $object1.UpdateChildContent("xades:SignedProperties|xades:SignedDataObjectProperties|xades:DataObjectFormat|xades:ObjectIdentifier|xades:DocumentationReferences|xades:DocumentationReference","http://www.certum.pl/OIDAsURI/signedFile.pdf") $object1.UpdateChildContent("xades:SignedProperties|xades:SignedDataObjectProperties|xades:DataObjectFormat|xades:MimeType","application/zip") $object1.UpdateChildContent("xades:SignedProperties|xades:SignedDataObjectProperties|xades:CommitmentTypeIndication|xades:CommitmentTypeId|xades:Identifier","http://uri.etsi.org/01903/v1.2.2#ProofOfApproval") $object1.UpdateChildContent("xades:SignedProperties|xades:SignedDataObjectProperties|xades:CommitmentTypeIndication|xades:AllSignedDataObjects","") $object1.UpdateAttrAt("xades:UnsignedProperties",$true,"Id","UnsignedProperties_2a8df7f8-b958-40cc-83f6-edb53b837347_55") # Emit XML in compact (single-line) format to avoid whitespace problems. $object1.EmitCompact = $true $gen.AddObject("",$object1.GetXml(),"","") # Create an Object to be added to the Signature. # This is where we add the base64 representation of the PIT-11Z.zip $gen.AddObject("Object1_2a8df7f8-b958-40cc-83f6-edb53b837347",$bdZip.GetEncoded("base64"),"","http://www.w3.org/2000/09/xmldsig#base64") # -------- Reference 1 -------- $gen.AddObjectRef("Object1_2a8df7f8-b958-40cc-83f6-edb53b837347","sha1","C14N_WithComments","","") $gen.SetRefIdAttr("Object1_2a8df7f8-b958-40cc-83f6-edb53b837347","Reference1_2a8df7f8-b958-40cc-83f6-edb53b837347_27") # -------- Reference 2 -------- $gen.AddObjectRef("SignedProperties_2a8df7f8-b958-40cc-83f6-edb53b837347_4e","sha1","","","http://uri.etsi.org/01903#SignedProperties") $gen.SetRefIdAttr("SignedProperties_2a8df7f8-b958-40cc-83f6-edb53b837347_4e","SignedProperties-Reference_2a8df7f8-b958-40cc-83f6-edb53b837347_28") # Provide a certificate + private key. (PFX password is test123) $cert = New-Object Chilkat.Cert $success = $cert.LoadPfxFile("qa_data/pfx/cert_test123.pfx","test123") if ($success -ne $true) { $($cert.LastErrorText) exit } $gen.SetX509Cert($cert,$true) $gen.KeyInfoType = "X509Data" $gen.X509Type = "Certificate" # This will be an enveloping signature where the Signature element # is the XML document root, the signed data is contained within Object # tag(s) within the Signature. # Therefore, pass an empty sbXml to CreateXmlDsigSb. $sbXml = New-Object Chilkat.StringBuilder # The Polish government's XmlDSig implementation requires that we reproduce an attribute-sorting error. # (This is an error in the XML canonicalization that is not noticed when both the signature-creation code and signature-verification code use # the same XML canonicalization implementation w/ the bug.) $gen.Behaviors = "AttributeSortingBug,CompactSignedXml" # Sign the XML... $success = $gen.CreateXmlDSigSb($sbXml) if ($success -ne $true) { $($gen.LastErrorText) exit } # ----------------------------------------------- # Save the signed XML to a file. $success = $sbXml.WriteFile("qa_output/signedXml.xml","utf-8",$false) $($sbXml.GetAsString()) # ---------------------------------------- # Verify the signature we just produced... $verifier = New-Object Chilkat.XmlDSig $success = $verifier.LoadSignatureSb($sbXml) if ($success -ne $true) { $($verifier.LastErrorText) exit } $verified = $verifier.VerifySignature($true) if ($verified -ne $true) { $($verifier.LastErrorText) exit } $("This signature was successfully verified.") # ------------------------------------ # Finally, let's extract the .zip from the signed XML, and then unzip the original PIT-11Z.xml from the in-memory zip. $xml = New-Object Chilkat.Xml $xml.LoadSb($sbXml,$true) # The base64 image of the PIT-11Z.zip is in the 2nd ds:Object child of the ds:Signature (the ds:Signature is the root element of the signed XML). # (ds:Object[0] would be the 1st ds:Object child. Index 1 is the 2nd ds:Object child.) $strZipBase64 = $xml.GetChildContent("ds:Object[1]") $bdZip.Clear() $bdZip.AppendEncoded($strZipBase64,"base64") if ($bdZip.NumBytes -eq 0) { $("Something went wrong.. we dont' have any data..") exit } $success = $zip.OpenBd($bdZip) if ($success -ne $true) { $($zip.LastErrorText) exit } # Get the 1st file in the zip, which should be the PIT-11Z.xml $entry = $zip.GetEntryByIndex(0) if ($zip.LastMethodSuccess -ne $true) { $("Zip contains no files...") exit } # Get the XML: $origXml = $entry.UnzipToString(0,"utf-8") $("Original XML extracted from base64 zip:") $($origXml) |
© 2000-2024 Chilkat Software, Inc. All Rights Reserved.