|
Chilkat • HOME • .NET Core C# • Android™ • AutoIt • C • C# • C++ • Chilkat2-Python • CkPython • Classic ASP • DataFlex • Delphi ActiveX • Delphi DLL • Go • Java • Lianja • Mono C# • Node.js • Objective-C • PHP ActiveX • PHP Extension • Perl • PowerBuilder • PowerShell • PureBasic • Ruby • SQL Server • Swift 2 • Swift 3,4,5... • Tcl • Unicode C • Unicode C++ • VB.NET • VBScript • Visual Basic 6.0 • Visual FoxPro • Xojo Plugin
(PureBasic) Signed Zip as Base64 with XAdES-BESThis example is to help companies implement a solution for sending XAdES-BES to the Polish government for reporting purposes. Specifically: Przed podpisaniem deklaracja zbiorcza (PIT-11Z, PIT-8CZ, PIT-40Z, PIT-RZ) musi zostać The example demonstrates the following:
This example will also show the reverse:
IncludeFile "CkBinData.pb" IncludeFile "CkCert.pb" IncludeFile "CkXmlDSig.pb" IncludeFile "CkXml.pb" IncludeFile "CkXmlDSigGen.pb" IncludeFile "CkZip.pb" IncludeFile "CkStringBuilder.pb" IncludeFile "CkZipEntry.pb" Procedure ChilkatExample() ; This example assumes the Chilkat API to have been previously unlocked. ; See Global Unlock Sample for sample code. ; Zip the PIT-11Z.xml to create PIT-11Z.zip (not as a .zip file, but in-memory). sbXmlToZip.i = CkStringBuilder::ckCreate() If sbXmlToZip.i = 0 Debug "Failed to create object." ProcedureReturn EndIf success.i = CkStringBuilder::ckLoadFile(sbXmlToZip,"qa_data/xml/PIT-11Z.xml","utf-8") If success <> 1 Debug "Failed to load the XML to be zipped." CkStringBuilder::ckDispose(sbXmlToZip) ProcedureReturn EndIf zip.i = CkZip::ckCreate() If zip.i = 0 Debug "Failed to create object." ProcedureReturn EndIf ; Initialize the zip object. No file is created in this call. ; It should always return 1. success = CkZip::ckNewZip(zip,"PIT-11Z.zip") ; Add the XML to be zipped. entry.i = CkZip::ckAppendString(zip,"PIT-11Z.xml",CkStringBuilder::ckGetAsString(sbXmlToZip)) CkZipEntry::ckDispose(entry) ; Write the zip to a BinData object. bdZip.i = CkBinData::ckCreate() If bdZip.i = 0 Debug "Failed to create object." ProcedureReturn EndIf CkZip::ckWriteBd(zip,bdZip) ; The contents of the bdZip will be retrieved in base64 format when needed below.. gen.i = CkXmlDSigGen::ckCreate() If gen.i = 0 Debug "Failed to create object." ProcedureReturn EndIf CkXmlDSigGen::setCkSigLocation(gen, "") CkXmlDSigGen::setCkSigLocationMod(gen, 0) CkXmlDSigGen::setCkSigId(gen, "Signature_2a8df7f8-b958-40cc-83f6-edb53b837347_19") CkXmlDSigGen::setCkSigNamespacePrefix(gen, "ds") CkXmlDSigGen::setCkSigNamespaceUri(gen, "http://www.w3.org/2000/09/xmldsig#") CkXmlDSigGen::setCkSigValueId(gen, "SignatureValue_2a8df7f8-b958-40cc-83f6-edb53b837347_52") CkXmlDSigGen::setCkSignedInfoId(gen, "SignedInfo_2a8df7f8-b958-40cc-83f6-edb53b837347_41") CkXmlDSigGen::setCkSignedInfoCanonAlg(gen, "C14N") CkXmlDSigGen::setCkSignedInfoDigestMethod(gen, "sha1") ; Set the KeyInfoId before adding references.. CkXmlDSigGen::setCkKeyInfoId(gen, "KeyInfo_2a8df7f8-b958-40cc-83f6-edb53b837347_24") ; Create an Object to be added to the Signature. object1.i = CkXml::ckCreate() If object1.i = 0 Debug "Failed to create object." ProcedureReturn EndIf CkXml::setCkTag(object1, "xades:QualifyingProperties") CkXml::ckAddAttribute(object1,"xmlns:xades","http://uri.etsi.org/01903/v1.3.2#") CkXml::ckAddAttribute(object1,"Id","QualifyingProperties_2a8df7f8-b958-40cc-83f6-edb53b837347_43") CkXml::ckAddAttribute(object1,"Target","#Signature_2a8df7f8-b958-40cc-83f6-edb53b837347_19") CkXml::ckUpdateAttrAt(object1,"xades:SignedProperties",1,"Id","SignedProperties_2a8df7f8-b958-40cc-83f6-edb53b837347_4e") CkXml::ckUpdateAttrAt(object1,"xades:SignedProperties|xades:SignedSignatureProperties",1,"Id","SignedSignatureProperties_2a8df7f8-b958-40cc-83f6-edb53b837347_0a") ; Chilkat will replace the strings "TO BE GENERATED BY CHILKAT" with actual values when the signature is created. CkXml::ckUpdateChildContent(object1,"xades:SignedProperties|xades:SignedSignatureProperties|xades:SigningTime","TO BE GENERATED BY CHILKAT") ; Note: It may be that http://www.w3.org/2001/04/xmlenc#sha256 is needed in the following line instead of http://www.w3.org/2000/09/xmldsig#sha1 CkXml::ckUpdateAttrAt(object1,"xades:SignedProperties|xades:SignedSignatureProperties|xades:SigningCertificate|xades:Cert|xades:CertDigest|ds:DigestMethod",1,"Algorithm","http://www.w3.org/2000/09/xmldsig#sha1") CkXml::ckUpdateChildContent(object1,"xades:SignedProperties|xades:SignedSignatureProperties|xades:SigningCertificate|xades:Cert|xades:CertDigest|ds:DigestValue","TO BE GENERATED BY CHILKAT") CkXml::ckUpdateChildContent(object1,"xades:SignedProperties|xades:SignedSignatureProperties|xades:SigningCertificate|xades:Cert|xades:IssuerSerial|ds:X509IssuerName","TO BE GENERATED BY CHILKAT") CkXml::ckUpdateChildContent(object1,"xades:SignedProperties|xades:SignedSignatureProperties|xades:SigningCertificate|xades:Cert|xades:IssuerSerial|ds:X509SerialNumber","TO BE GENERATED BY CHILKAT") CkXml::ckUpdateAttrAt(object1,"xades:SignedProperties|xades:SignedDataObjectProperties",1,"Id","SignedDataObjectProperties_2a8df7f8-b958-40cc-83f6-edb53b837347_4b") CkXml::ckUpdateAttrAt(object1,"xades:SignedProperties|xades:SignedDataObjectProperties|xades:DataObjectFormat",1,"ObjectReference","#Reference1_2a8df7f8-b958-40cc-83f6-edb53b837347_27") CkXml::ckUpdateChildContent(object1,"xades:SignedProperties|xades:SignedDataObjectProperties|xades:DataObjectFormat|xades:Description","MIME-Version: 1.0" + Chr(13) + Chr(10) + "Content-Type: application/zip" + Chr(13) + Chr(10) + "Content-Transfer-Encoding: binary" + Chr(13) + Chr(10) + "Content-Disposition: filename="PIT-11Z.zip"") CkXml::ckUpdateAttrAt(object1,"xades:SignedProperties|xades:SignedDataObjectProperties|xades:DataObjectFormat|xades:ObjectIdentifier|xades:Identifier",1,"Qualifier","OIDAsURI") CkXml::ckUpdateChildContent(object1,"xades:SignedProperties|xades:SignedDataObjectProperties|xades:DataObjectFormat|xades:ObjectIdentifier|xades:Identifier","http://www.certum.pl/OIDAsURI/signedFile/1.2.616.1.113527.3.1.1.3.1") CkXml::ckUpdateChildContent(object1,"xades:SignedProperties|xades:SignedDataObjectProperties|xades:DataObjectFormat|xades:ObjectIdentifier|xades:Description","Opis formatu dokumentu oraz jego pelna nazwa") CkXml::ckUpdateChildContent(object1,"xades:SignedProperties|xades:SignedDataObjectProperties|xades:DataObjectFormat|xades:ObjectIdentifier|xades:DocumentationReferences|xades:DocumentationReference","http://www.certum.pl/OIDAsURI/signedFile.pdf") CkXml::ckUpdateChildContent(object1,"xades:SignedProperties|xades:SignedDataObjectProperties|xades:DataObjectFormat|xades:MimeType","application/zip") CkXml::ckUpdateChildContent(object1,"xades:SignedProperties|xades:SignedDataObjectProperties|xades:CommitmentTypeIndication|xades:CommitmentTypeId|xades:Identifier","http://uri.etsi.org/01903/v1.2.2#ProofOfApproval") CkXml::ckUpdateChildContent(object1,"xades:SignedProperties|xades:SignedDataObjectProperties|xades:CommitmentTypeIndication|xades:AllSignedDataObjects","") CkXml::ckUpdateAttrAt(object1,"xades:UnsignedProperties",1,"Id","UnsignedProperties_2a8df7f8-b958-40cc-83f6-edb53b837347_55") ; Emit XML in compact (single-line) format to avoid whitespace problems. CkXml::setCkEmitCompact(object1, 1) CkXmlDSigGen::ckAddObject(gen,"",CkXml::ckGetXml(object1),"","") ; Create an Object to be added to the Signature. ; This is where we add the base64 representation of the PIT-11Z.zip CkXmlDSigGen::ckAddObject(gen,"Object1_2a8df7f8-b958-40cc-83f6-edb53b837347",CkBinData::ckGetEncoded(bdZip,"base64"),"","http://www.w3.org/2000/09/xmldsig#base64") ; -------- Reference 1 -------- CkXmlDSigGen::ckAddObjectRef(gen,"Object1_2a8df7f8-b958-40cc-83f6-edb53b837347","sha1","C14N_WithComments","","") CkXmlDSigGen::ckSetRefIdAttr(gen,"Object1_2a8df7f8-b958-40cc-83f6-edb53b837347","Reference1_2a8df7f8-b958-40cc-83f6-edb53b837347_27") ; -------- Reference 2 -------- CkXmlDSigGen::ckAddObjectRef(gen,"SignedProperties_2a8df7f8-b958-40cc-83f6-edb53b837347_4e","sha1","","","http://uri.etsi.org/01903#SignedProperties") CkXmlDSigGen::ckSetRefIdAttr(gen,"SignedProperties_2a8df7f8-b958-40cc-83f6-edb53b837347_4e","SignedProperties-Reference_2a8df7f8-b958-40cc-83f6-edb53b837347_28") ; Provide a certificate + private key. (PFX password is test123) cert.i = CkCert::ckCreate() If cert.i = 0 Debug "Failed to create object." ProcedureReturn EndIf success = CkCert::ckLoadPfxFile(cert,"qa_data/pfx/cert_test123.pfx","test123") If success <> 1 Debug CkCert::ckLastErrorText(cert) CkStringBuilder::ckDispose(sbXmlToZip) CkZip::ckDispose(zip) CkBinData::ckDispose(bdZip) CkXmlDSigGen::ckDispose(gen) CkXml::ckDispose(object1) CkCert::ckDispose(cert) ProcedureReturn EndIf CkXmlDSigGen::ckSetX509Cert(gen,cert,1) CkXmlDSigGen::setCkKeyInfoType(gen, "X509Data") CkXmlDSigGen::setCkX509Type(gen, "Certificate") ; This will be an enveloping signature where the Signature element ; is the XML document root, the signed data is contained within Object ; tag(s) within the Signature. ; Therefore, pass an empty sbXml to CreateXmlDsigSb. sbXml.i = CkStringBuilder::ckCreate() If sbXml.i = 0 Debug "Failed to create object." ProcedureReturn EndIf ; The Polish government's XmlDSig implementation requires that we reproduce an attribute-sorting error. ; (This is an error in the XML canonicalization that is not noticed when both the signature-creation code and signature-verification code use ; the same XML canonicalization implementation w/ the bug.) CkXmlDSigGen::setCkBehaviors(gen, "AttributeSortingBug,CompactSignedXml") ; Sign the XML... success = CkXmlDSigGen::ckCreateXmlDSigSb(gen,sbXml) If success <> 1 Debug CkXmlDSigGen::ckLastErrorText(gen) CkStringBuilder::ckDispose(sbXmlToZip) CkZip::ckDispose(zip) CkBinData::ckDispose(bdZip) CkXmlDSigGen::ckDispose(gen) CkXml::ckDispose(object1) CkCert::ckDispose(cert) CkStringBuilder::ckDispose(sbXml) ProcedureReturn EndIf ; ----------------------------------------------- ; Save the signed XML to a file. success = CkStringBuilder::ckWriteFile(sbXml,"qa_output/signedXml.xml","utf-8",0) Debug CkStringBuilder::ckGetAsString(sbXml) ; ---------------------------------------- ; Verify the signature we just produced... verifier.i = CkXmlDSig::ckCreate() If verifier.i = 0 Debug "Failed to create object." ProcedureReturn EndIf success = CkXmlDSig::ckLoadSignatureSb(verifier,sbXml) If success <> 1 Debug CkXmlDSig::ckLastErrorText(verifier) CkStringBuilder::ckDispose(sbXmlToZip) CkZip::ckDispose(zip) CkBinData::ckDispose(bdZip) CkXmlDSigGen::ckDispose(gen) CkXml::ckDispose(object1) CkCert::ckDispose(cert) CkStringBuilder::ckDispose(sbXml) CkXmlDSig::ckDispose(verifier) ProcedureReturn EndIf verified.i = CkXmlDSig::ckVerifySignature(verifier,1) If verified <> 1 Debug CkXmlDSig::ckLastErrorText(verifier) CkStringBuilder::ckDispose(sbXmlToZip) CkZip::ckDispose(zip) CkBinData::ckDispose(bdZip) CkXmlDSigGen::ckDispose(gen) CkXml::ckDispose(object1) CkCert::ckDispose(cert) CkStringBuilder::ckDispose(sbXml) CkXmlDSig::ckDispose(verifier) ProcedureReturn EndIf Debug "This signature was successfully verified." ; ------------------------------------ ; Finally, let's extract the .zip from the signed XML, and then unzip the original PIT-11Z.xml from the in-memory zip. xml.i = CkXml::ckCreate() If xml.i = 0 Debug "Failed to create object." ProcedureReturn EndIf CkXml::ckLoadSb(xml,sbXml,1) ; The base64 image of the PIT-11Z.zip is in the 2nd ds:Object child of the ds:Signature (the ds:Signature is the root element of the signed XML). ; (ds:Object[0] would be the 1st ds:Object child. Index 1 is the 2nd ds:Object child.) strZipBase64.s = CkXml::ckGetChildContent(xml,"ds:Object[1]") CkBinData::ckClear(bdZip) CkBinData::ckAppendEncoded(bdZip,strZipBase64,"base64") If CkBinData::ckNumBytes(bdZip) = 0 Debug "Something went wrong.. we dont' have any data.." CkStringBuilder::ckDispose(sbXmlToZip) CkZip::ckDispose(zip) CkBinData::ckDispose(bdZip) CkXmlDSigGen::ckDispose(gen) CkXml::ckDispose(object1) CkCert::ckDispose(cert) CkStringBuilder::ckDispose(sbXml) CkXmlDSig::ckDispose(verifier) CkXml::ckDispose(xml) ProcedureReturn EndIf success = CkZip::ckOpenBd(zip,bdZip) If success <> 1 Debug CkZip::ckLastErrorText(zip) CkStringBuilder::ckDispose(sbXmlToZip) CkZip::ckDispose(zip) CkBinData::ckDispose(bdZip) CkXmlDSigGen::ckDispose(gen) CkXml::ckDispose(object1) CkCert::ckDispose(cert) CkStringBuilder::ckDispose(sbXml) CkXmlDSig::ckDispose(verifier) CkXml::ckDispose(xml) ProcedureReturn EndIf ; Get the 1st file in the zip, which should be the PIT-11Z.xml entry = CkZip::ckGetEntryByIndex(zip,0) If CkZip::ckLastMethodSuccess(zip) <> 1 Debug "Zip contains no files..." CkStringBuilder::ckDispose(sbXmlToZip) CkZip::ckDispose(zip) CkBinData::ckDispose(bdZip) CkXmlDSigGen::ckDispose(gen) CkXml::ckDispose(object1) CkCert::ckDispose(cert) CkStringBuilder::ckDispose(sbXml) CkXmlDSig::ckDispose(verifier) CkXml::ckDispose(xml) ProcedureReturn EndIf ; Get the XML: origXml.s = CkZipEntry::ckUnzipToString(entry,0,"utf-8") Debug "Original XML extracted from base64 zip:" Debug origXml CkZipEntry::ckDispose(entry) CkStringBuilder::ckDispose(sbXmlToZip) CkZip::ckDispose(zip) CkBinData::ckDispose(bdZip) CkXmlDSigGen::ckDispose(gen) CkXml::ckDispose(object1) CkCert::ckDispose(cert) CkStringBuilder::ckDispose(sbXml) CkXmlDSig::ckDispose(verifier) CkXml::ckDispose(xml) ProcedureReturn EndProcedure |
||||
© 2000-2024 Chilkat Software, Inc. All Rights Reserved.