Sample code for 30+ languages & platforms
PureBasic

Signed Zip as Base64 with XAdES-BES

See more XAdES Examples

This example is to help companies implement a solution for sending XAdES-BES to the Polish government for reporting purposes. Specifically:

Przed podpisaniem deklaracja zbiorcza (PIT-11Z, PIT-8CZ, PIT-40Z, PIT-RZ) musi zostać
umieszczona w archiwum ZIP. W tym przypadku, podpisywany jest plik archiwum ZIP,
przyjmujący w podpisie XAdES-BES formę zakodowaną base64.

The example demonstrates the following:

  1. Zip an XML file (PIT-11Z.xml is zipped to PIT-11Z.zip)
  2. Create XML to be signed, where the XML contains the base64 encoded content of the PIT-11Z.zip archive.
  3. XAdES-BES sign the XML containing the base64 zip.

This example will also show the reverse:

  1. Verify the signed XML.
  2. Extract the PIT-11z.zip from the signed XML.
  3. Unzip the PIT-11Z.zip to get the original PIT-11Z.xml

Chilkat PureBasic Downloads

PureBasic
IncludeFile "CkXml.pb"
IncludeFile "CkXmlDSig.pb"
IncludeFile "CkZipEntry.pb"
IncludeFile "CkXmlDSigGen.pb"
IncludeFile "CkZip.pb"
IncludeFile "CkStringBuilder.pb"
IncludeFile "CkCert.pb"
IncludeFile "CkBinData.pb"

Procedure ChilkatExample()

    success.i = 0

    ; This example assumes the Chilkat API to have been previously unlocked.
    ; See Global Unlock Sample for sample code.

    ; Zip the PIT-11Z.xml to create PIT-11Z.zip (not as a .zip file, but in-memory).
    sbXmlToZip.i = CkStringBuilder::ckCreate()
    If sbXmlToZip.i = 0
        Debug "Failed to create object."
        ProcedureReturn
    EndIf

    success = CkStringBuilder::ckLoadFile(sbXmlToZip,"qa_data/xml/PIT-11Z.xml","utf-8")
    If success <> 1
        Debug "Failed to load the XML to be zipped."
        CkStringBuilder::ckDispose(sbXmlToZip)
        ProcedureReturn
    EndIf

    zip.i = CkZip::ckCreate()
    If zip.i = 0
        Debug "Failed to create object."
        ProcedureReturn
    EndIf

    ; Initialize the zip object. No file is created in this call.
    ; It should always return 1.
    success = CkZip::ckNewZip(zip,"PIT-11Z.zip")

    ; Add the XML to be zipped.
    CkZip::ckAddSb(zip,"PIT-11Z.xml",sbXmlToZip,"utf-8")

    ; Write the zip to a BinData object.
    bdZip.i = CkBinData::ckCreate()
    If bdZip.i = 0
        Debug "Failed to create object."
        ProcedureReturn
    EndIf

    CkZip::ckWriteBd(zip,bdZip)
    ; The contents of the bdZip will be retrieved in base64 format when needed below..

    gen.i = CkXmlDSigGen::ckCreate()
    If gen.i = 0
        Debug "Failed to create object."
        ProcedureReturn
    EndIf

    CkXmlDSigGen::setCkSigLocation(gen, "")
    CkXmlDSigGen::setCkSigLocationMod(gen, 0)

    CkXmlDSigGen::setCkSigId(gen, "Signature_2a8df7f8-b958-40cc-83f6-edb53b837347_19")
    CkXmlDSigGen::setCkSigNamespacePrefix(gen, "ds")
    CkXmlDSigGen::setCkSigNamespaceUri(gen, "http://www.w3.org/2000/09/xmldsig#")
    CkXmlDSigGen::setCkSigValueId(gen, "SignatureValue_2a8df7f8-b958-40cc-83f6-edb53b837347_52")
    CkXmlDSigGen::setCkSignedInfoId(gen, "SignedInfo_2a8df7f8-b958-40cc-83f6-edb53b837347_41")
    CkXmlDSigGen::setCkSignedInfoCanonAlg(gen, "C14N")
    CkXmlDSigGen::setCkSignedInfoDigestMethod(gen, "sha1")

    ; Set the KeyInfoId before adding references..
    CkXmlDSigGen::setCkKeyInfoId(gen, "KeyInfo_2a8df7f8-b958-40cc-83f6-edb53b837347_24")

    ; Create an Object to be added to the Signature.
    object1.i = CkXml::ckCreate()
    If object1.i = 0
        Debug "Failed to create object."
        ProcedureReturn
    EndIf

    CkXml::setCkTag(object1, "xades:QualifyingProperties")
    CkXml::ckAddAttribute(object1,"xmlns:xades","http://uri.etsi.org/01903/v1.3.2#")
    CkXml::ckAddAttribute(object1,"Id","QualifyingProperties_2a8df7f8-b958-40cc-83f6-edb53b837347_43")
    CkXml::ckAddAttribute(object1,"Target","#Signature_2a8df7f8-b958-40cc-83f6-edb53b837347_19")
    CkXml::ckUpdateAttrAt(object1,"xades:SignedProperties",1,"Id","SignedProperties_2a8df7f8-b958-40cc-83f6-edb53b837347_4e")
    CkXml::ckUpdateAttrAt(object1,"xades:SignedProperties|xades:SignedSignatureProperties",1,"Id","SignedSignatureProperties_2a8df7f8-b958-40cc-83f6-edb53b837347_0a")
    ; Chilkat will replace the strings "TO BE GENERATED BY CHILKAT" with actual values when the signature is created.
    CkXml::ckUpdateChildContent(object1,"xades:SignedProperties|xades:SignedSignatureProperties|xades:SigningTime","TO BE GENERATED BY CHILKAT")
    ; Note: It may be that http://www.w3.org/2001/04/xmlenc#sha256 is needed in the following line instead of http://www.w3.org/2000/09/xmldsig#sha1
    CkXml::ckUpdateAttrAt(object1,"xades:SignedProperties|xades:SignedSignatureProperties|xades:SigningCertificateV2|xades:Cert|xades:CertDigest|ds:DigestMethod",1,"Algorithm","http://www.w3.org/2000/09/xmldsig#sha1")
    CkXml::ckUpdateChildContent(object1,"xades:SignedProperties|xades:SignedSignatureProperties|xades:SigningCertificateV2|xades:Cert|xades:CertDigest|ds:DigestValue","TO BE GENERATED BY CHILKAT")
    CkXml::ckUpdateChildContent(object1,"xades:SignedProperties|xades:SignedSignatureProperties|xades:SigningCertificateV2|xades:Cert|xades:IssuerSerialV2","TO BE GENERATED BY CHILKAT")
    CkXml::ckUpdateAttrAt(object1,"xades:SignedProperties|xades:SignedDataObjectProperties",1,"Id","SignedDataObjectProperties_2a8df7f8-b958-40cc-83f6-edb53b837347_4b")
    CkXml::ckUpdateAttrAt(object1,"xades:SignedProperties|xades:SignedDataObjectProperties|xades:DataObjectFormat",1,"ObjectReference","#Reference1_2a8df7f8-b958-40cc-83f6-edb53b837347_27")
    CkXml::ckUpdateChildContent(object1,"xades:SignedProperties|xades:SignedDataObjectProperties|xades:DataObjectFormat|xades:Description","MIME-Version: 1.0" + Chr(13) + Chr(10) + "Content-Type: application/zip" + Chr(13) + Chr(10) + "Content-Transfer-Encoding: binary" + Chr(13) + Chr(10) + "Content-Disposition: filename=&quot;PIT-11Z.zip&quot;")
    CkXml::ckUpdateAttrAt(object1,"xades:SignedProperties|xades:SignedDataObjectProperties|xades:DataObjectFormat|xades:ObjectIdentifier|xades:Identifier",1,"Qualifier","OIDAsURI")
    CkXml::ckUpdateChildContent(object1,"xades:SignedProperties|xades:SignedDataObjectProperties|xades:DataObjectFormat|xades:ObjectIdentifier|xades:Identifier","http://www.certum.pl/OIDAsURI/signedFile/1.2.616.1.113527.3.1.1.3.1")
    CkXml::ckUpdateChildContent(object1,"xades:SignedProperties|xades:SignedDataObjectProperties|xades:DataObjectFormat|xades:ObjectIdentifier|xades:Description","Opis formatu dokumentu oraz jego pelna nazwa")
    CkXml::ckUpdateChildContent(object1,"xades:SignedProperties|xades:SignedDataObjectProperties|xades:DataObjectFormat|xades:ObjectIdentifier|xades:DocumentationReferences|xades:DocumentationReference","http://www.certum.pl/OIDAsURI/signedFile.pdf")
    CkXml::ckUpdateChildContent(object1,"xades:SignedProperties|xades:SignedDataObjectProperties|xades:DataObjectFormat|xades:MimeType","application/zip")
    CkXml::ckUpdateChildContent(object1,"xades:SignedProperties|xades:SignedDataObjectProperties|xades:CommitmentTypeIndication|xades:CommitmentTypeId|xades:Identifier","http://uri.etsi.org/01903/v1.2.2#ProofOfApproval")
    CkXml::ckUpdateChildContent(object1,"xades:SignedProperties|xades:SignedDataObjectProperties|xades:CommitmentTypeIndication|xades:AllSignedDataObjects","")
    CkXml::ckUpdateAttrAt(object1,"xades:UnsignedProperties",1,"Id","UnsignedProperties_2a8df7f8-b958-40cc-83f6-edb53b837347_55")

    ; Emit XML in compact (single-line) format to avoid whitespace problems.
    CkXml::setCkEmitCompact(object1, 1)
    CkXmlDSigGen::ckAddObject(gen,"",CkXml::ckGetXml(object1),"","")

    ; Create an Object to be added to the Signature.
    ; This is where we add the base64 representation of the PIT-11Z.zip
    CkXmlDSigGen::ckAddObject(gen,"Object1_2a8df7f8-b958-40cc-83f6-edb53b837347",CkBinData::ckGetEncoded(bdZip,"base64"),"","http://www.w3.org/2000/09/xmldsig#base64")

    ; -------- Reference 1 --------
    CkXmlDSigGen::ckAddObjectRef(gen,"Object1_2a8df7f8-b958-40cc-83f6-edb53b837347","sha1","C14N_WithComments","","")
    CkXmlDSigGen::ckSetRefIdAttr(gen,"Object1_2a8df7f8-b958-40cc-83f6-edb53b837347","Reference1_2a8df7f8-b958-40cc-83f6-edb53b837347_27")

    ; -------- Reference 2 --------
    CkXmlDSigGen::ckAddObjectRef(gen,"SignedProperties_2a8df7f8-b958-40cc-83f6-edb53b837347_4e","sha1","","","http://uri.etsi.org/01903#SignedProperties")
    CkXmlDSigGen::ckSetRefIdAttr(gen,"SignedProperties_2a8df7f8-b958-40cc-83f6-edb53b837347_4e","SignedProperties-Reference_2a8df7f8-b958-40cc-83f6-edb53b837347_28")

    ; Provide a certificate + private key. (PFX password is test123)
    cert.i = CkCert::ckCreate()
    If cert.i = 0
        Debug "Failed to create object."
        ProcedureReturn
    EndIf

    success = CkCert::ckLoadPfxFile(cert,"qa_data/pfx/cert_test123.pfx","test123")
    If success = 0
        Debug CkCert::ckLastErrorText(cert)
        CkStringBuilder::ckDispose(sbXmlToZip)
        CkZip::ckDispose(zip)
        CkBinData::ckDispose(bdZip)
        CkXmlDSigGen::ckDispose(gen)
        CkXml::ckDispose(object1)
        CkCert::ckDispose(cert)
        ProcedureReturn
    EndIf

    CkXmlDSigGen::ckSetX509Cert(gen,cert,1)

    CkXmlDSigGen::setCkKeyInfoType(gen, "X509Data")
    CkXmlDSigGen::setCkX509Type(gen, "Certificate")

    ; This will be an enveloping signature where the Signature element
    ; is the XML document root, the signed data is contained within Object
    ; tag(s) within the Signature.
    ; Therefore, pass an empty sbXml to CreateXmlDsigSb.
    sbXml.i = CkStringBuilder::ckCreate()
    If sbXml.i = 0
        Debug "Failed to create object."
        ProcedureReturn
    EndIf

    ; The Polish government's XmlDSig implementation requires that we reproduce an attribute-sorting error.
    ; (This is an error in the XML canonicalization that is not noticed when both the signature-creation code and signature-verification code use
    ; the same XML canonicalization implementation w/ the bug.)
    CkXmlDSigGen::setCkBehaviors(gen, "AttributeSortingBug,CompactSignedXml")

    ; Sign the XML...
    success = CkXmlDSigGen::ckCreateXmlDSigSb(gen,sbXml)
    If success = 0
        Debug CkXmlDSigGen::ckLastErrorText(gen)
        CkStringBuilder::ckDispose(sbXmlToZip)
        CkZip::ckDispose(zip)
        CkBinData::ckDispose(bdZip)
        CkXmlDSigGen::ckDispose(gen)
        CkXml::ckDispose(object1)
        CkCert::ckDispose(cert)
        CkStringBuilder::ckDispose(sbXml)
        ProcedureReturn
    EndIf

    ; -----------------------------------------------

    ; Save the signed XML to a file.
    success = CkStringBuilder::ckWriteFile(sbXml,"qa_output/signedXml.xml","utf-8",0)

    Debug CkStringBuilder::ckGetAsString(sbXml)

    ; ----------------------------------------
    ; Verify the signature we just produced...
    verifier.i = CkXmlDSig::ckCreate()
    If verifier.i = 0
        Debug "Failed to create object."
        ProcedureReturn
    EndIf

    success = CkXmlDSig::ckLoadSignatureSb(verifier,sbXml)
    If success = 0
        Debug CkXmlDSig::ckLastErrorText(verifier)
        CkStringBuilder::ckDispose(sbXmlToZip)
        CkZip::ckDispose(zip)
        CkBinData::ckDispose(bdZip)
        CkXmlDSigGen::ckDispose(gen)
        CkXml::ckDispose(object1)
        CkCert::ckDispose(cert)
        CkStringBuilder::ckDispose(sbXml)
        CkXmlDSig::ckDispose(verifier)
        ProcedureReturn
    EndIf

    verified.i = CkXmlDSig::ckVerifySignature(verifier,1)
    If verified <> 1
        Debug CkXmlDSig::ckLastErrorText(verifier)
        CkStringBuilder::ckDispose(sbXmlToZip)
        CkZip::ckDispose(zip)
        CkBinData::ckDispose(bdZip)
        CkXmlDSigGen::ckDispose(gen)
        CkXml::ckDispose(object1)
        CkCert::ckDispose(cert)
        CkStringBuilder::ckDispose(sbXml)
        CkXmlDSig::ckDispose(verifier)
        ProcedureReturn
    EndIf

    Debug "This signature was successfully verified."

    ; ------------------------------------
    ; Finally, let's extract the .zip from the signed XML, and then unzip the original PIT-11Z.xml from the in-memory zip.
    xml.i = CkXml::ckCreate()
    If xml.i = 0
        Debug "Failed to create object."
        ProcedureReturn
    EndIf

    CkXml::ckLoadSb(xml,sbXml,1)

    ; The base64 image of the PIT-11Z.zip is in the 2nd ds:Object child of the ds:Signature (the ds:Signature is the root element of the signed XML).
    ; (ds:Object[0] would be the 1st ds:Object child.  Index 1 is the 2nd ds:Object child.)
    strZipBase64.s = CkXml::ckGetChildContent(xml,"ds:Object[1]")

    CkBinData::ckClear(bdZip)
    CkBinData::ckAppendEncoded(bdZip,strZipBase64,"base64")
    If CkBinData::ckNumBytes(bdZip) = 0
        Debug "Something went wrong.. we dont' have any data.."
        CkStringBuilder::ckDispose(sbXmlToZip)
        CkZip::ckDispose(zip)
        CkBinData::ckDispose(bdZip)
        CkXmlDSigGen::ckDispose(gen)
        CkXml::ckDispose(object1)
        CkCert::ckDispose(cert)
        CkStringBuilder::ckDispose(sbXml)
        CkXmlDSig::ckDispose(verifier)
        CkXml::ckDispose(xml)
        ProcedureReturn
    EndIf

    success = CkZip::ckOpenBd(zip,bdZip)
    If success = 0
        Debug CkZip::ckLastErrorText(zip)
        CkStringBuilder::ckDispose(sbXmlToZip)
        CkZip::ckDispose(zip)
        CkBinData::ckDispose(bdZip)
        CkXmlDSigGen::ckDispose(gen)
        CkXml::ckDispose(object1)
        CkCert::ckDispose(cert)
        CkStringBuilder::ckDispose(sbXml)
        CkXmlDSig::ckDispose(verifier)
        CkXml::ckDispose(xml)
        ProcedureReturn
    EndIf

    ; Get the 1st file in the zip, which should be the PIT-11Z.xml
    entry.i = CkZipEntry::ckCreate()
    If entry.i = 0
        Debug "Failed to create object."
        ProcedureReturn
    EndIf

    success = CkZip::ckEntryAt(zip,0,entry)
    If success = 0
        Debug "Zip contains no files..."
        CkStringBuilder::ckDispose(sbXmlToZip)
        CkZip::ckDispose(zip)
        CkBinData::ckDispose(bdZip)
        CkXmlDSigGen::ckDispose(gen)
        CkXml::ckDispose(object1)
        CkCert::ckDispose(cert)
        CkStringBuilder::ckDispose(sbXml)
        CkXmlDSig::ckDispose(verifier)
        CkXml::ckDispose(xml)
        CkZipEntry::ckDispose(entry)
        ProcedureReturn
    EndIf

    ; Get the XML:
    origXml.s = CkZipEntry::ckUnzipToString(entry,0,"utf-8")
    Debug "Original XML extracted from base64 zip:"
    Debug origXml


    CkStringBuilder::ckDispose(sbXmlToZip)
    CkZip::ckDispose(zip)
    CkBinData::ckDispose(bdZip)
    CkXmlDSigGen::ckDispose(gen)
    CkXml::ckDispose(object1)
    CkCert::ckDispose(cert)
    CkStringBuilder::ckDispose(sbXml)
    CkXmlDSig::ckDispose(verifier)
    CkXml::ckDispose(xml)
    CkZipEntry::ckDispose(entry)


    ProcedureReturn
EndProcedure