(PureBasic) Create XAdES using Smart Card or USB Token

Demonstrates how to create an XAdES signed XML document using a certificate located on a smartcard or USB token.

Chilkat PureBasic Module Download Chilkat PureBasic Module

IncludeFile "CkCert.pb"
IncludeFile "CkXml.pb"
IncludeFile "CkXmlDSigGen.pb"
IncludeFile "CkXmlDSig.pb"
IncludeFile "CkStringBuilder.pb"

Procedure ChilkatExample()

    success.i = 0

    ; Load the XML to be signed.
    xmlToSign.i = CkXml::ckCreate()
    If xmlToSign.i = 0
        Debug "Failed to create object."
        ProcedureReturn
    EndIf

    success = CkXml::ckLoadXmlFile(xmlToSign,"qa_data/fattura_electronica/docToSign.xml")
    If success = 0
        Debug CkXml::ckLastErrorText(xmlToSign)
        CkXml::ckDispose(xmlToSign)
        ProcedureReturn
    EndIf

    gen.i = CkXmlDSigGen::ckCreate()
    If gen.i = 0
        Debug "Failed to create object."
        ProcedureReturn
    EndIf

    CkXmlDSigGen::setCkSigLocation(gen, "p:FatturaElettronica")
    CkXmlDSigGen::setCkSigId(gen, "xmldsig-6f4b994a-7191-4bb1-ab3c-17549515b504")
    CkXmlDSigGen::setCkSigNamespacePrefix(gen, "ds")
    CkXmlDSigGen::setCkSigNamespaceUri(gen, "http://www.w3.org/2000/09/xmldsig#")
    CkXmlDSigGen::setCkSigValueId(gen, "xmldsig-6f4b994a-7191-4bb1-ab3c-17549515b504-sigvalue")
    CkXmlDSigGen::setCkSignedInfoCanonAlg(gen, "C14N")
    CkXmlDSigGen::setCkSignedInfoDigestMethod(gen, "sha256")

    ; Create an Object to be added to the Signature.
    ; Note: Chilkat will automatically populate the strings indicated by "TO BE GENERATED BY CHILKAT" with actual/correct values
    ; when the XML is signed.
    object1.i = CkXml::ckCreate()
    If object1.i = 0
        Debug "Failed to create object."
        ProcedureReturn
    EndIf

    CkXml::setCkTag(object1, "xades:QualifyingProperties")
    CkXml::ckAddAttribute(object1,"xmlns:xades","http://uri.etsi.org/01903/v1.3.2#")
    CkXml::ckAddAttribute(object1,"xmlns:xades141","http://uri.etsi.org/01903/v1.4.1#")
    CkXml::ckAddAttribute(object1,"Target","#xmldsig-6f4b994a-7191-4bb1-ab3c-17549515b504")
    CkXml::ckUpdateAttrAt(object1,"xades:SignedProperties",1,"Id","xmldsig-6f4b994a-7191-4bb1-ab3c-17549515b504-signedprops")
    CkXml::ckUpdateChildContent(object1,"xades:SignedProperties|xades:SignedSignatureProperties|xades:SigningTime","TO BE GENERATED BY CHILKAT")
    CkXml::ckUpdateAttrAt(object1,"xades:SignedProperties|xades:SignedSignatureProperties|xades:SigningCertificateV2|xades:Cert|xades:CertDigest|ds:DigestMethod",1,"Algorithm","http://www.w3.org/2001/04/xmlenc#sha256")
    CkXml::ckUpdateChildContent(object1,"xades:SignedProperties|xades:SignedSignatureProperties|xades:SigningCertificateV2|xades:Cert|xades:CertDigest|ds:DigestValue","TO BE GENERATED BY CHILKAT")
    CkXml::ckUpdateChildContent(object1,"xades:SignedProperties|xades:SignedSignatureProperties|xades:SigningCertificateV2|xades:Cert|xades:IssuerSerialV2","TO BE GENERATED BY CHILKAT")

    CkXmlDSigGen::ckAddObject(gen,"",CkXml::ckGetXml(object1),"","")

    ; -------- Reference 1 --------
    CkXmlDSigGen::setCkKeyInfoId(gen, "xmldsig-6f4b994a-7191-4bb1-ab3c-17549515b504-keyinfo")
    CkXmlDSigGen::ckAddSameDocRef(gen,"xmldsig-6f4b994a-7191-4bb1-ab3c-17549515b504-keyinfo","sha256","","","")

    ; -------- Reference 2 --------
    CkXmlDSigGen::ckAddSameDocRef(gen,"","sha256","","","")
    CkXmlDSigGen::ckSetRefIdAttr(gen,"","xmldsig-6f4b994a-7191-4bb1-ab3c-17549515b504-ref0")

    ; -------- Reference 3 --------
    CkXmlDSigGen::ckAddObjectRef(gen,"xmldsig-6f4b994a-7191-4bb1-ab3c-17549515b504-signedprops","sha256","","","http://uri.etsi.org/01903#SignedProperties")

    ; ----------------------------------------------------------------
    ;  Load a certificate that has been pre-installed on the Windows system
    ;  This includes certificates on smartcards and USB tokens
    cert.i = CkCert::ckCreate()
    If cert.i = 0
        Debug "Failed to create object."
        ProcedureReturn
    EndIf

    ;  You may provide the PIN here..
    CkCert::setCkSmartCardPin(cert, "000000")

    ; Load the certificate on the smartcard currently in the reader (or on the USB token).
    ; Pass an empty string to allow Chilkat to automatically choose the CSP (Cryptographi Service Provider).
    ; See Load Certificate on Smartcard for information about explicitly selecting a particular CSP.
    success = CkCert::ckLoadFromSmartcard(cert,"")
    If success = 0
        Debug CkCert::ckLastErrorText(cert)
        CkXml::ckDispose(xmlToSign)
        CkXmlDSigGen::ckDispose(gen)
        CkXml::ckDispose(object1)
        CkCert::ckDispose(cert)
        ProcedureReturn
    EndIf

    CkXmlDSigGen::ckSetX509Cert(gen,cert,1)
    CkXmlDSigGen::setCkKeyInfoType(gen, "X509Data")
    CkXmlDSigGen::setCkX509Type(gen, "Certificate")

    ; Load XML to be signed...
    sbXml.i = CkStringBuilder::ckCreate()
    If sbXml.i = 0
        Debug "Failed to create object."
        ProcedureReturn
    EndIf

    CkXml::ckGetXmlSb(xmlToSign,sbXml)

    CkXmlDSigGen::setCkBehaviors(gen, "IndentedSignature,ForceAddEnvelopedSignatureTransform")

    ; Sign the XML...
    success = CkXmlDSigGen::ckCreateXmlDSigSb(gen,sbXml)
    If success = 0
        Debug CkXmlDSigGen::ckLastErrorText(gen)
        CkXml::ckDispose(xmlToSign)
        CkXmlDSigGen::ckDispose(gen)
        CkXml::ckDispose(object1)
        CkCert::ckDispose(cert)
        CkStringBuilder::ckDispose(sbXml)
        ProcedureReturn
    EndIf

    ; Save the signed XMl to a file.
    success = CkStringBuilder::ckWriteFile(sbXml,"qa_output/signedXml.xml","utf-8",0)

    Debug CkStringBuilder::ckGetAsString(sbXml)

    ; ----------------------------------------
    ; Verify the signature we just produced...
    verifier.i = CkXmlDSig::ckCreate()
    If verifier.i = 0
        Debug "Failed to create object."
        ProcedureReturn
    EndIf

    success = CkXmlDSig::ckLoadSignatureSb(verifier,sbXml)
    If success = 0
        Debug CkXmlDSig::ckLastErrorText(verifier)
        CkXml::ckDispose(xmlToSign)
        CkXmlDSigGen::ckDispose(gen)
        CkXml::ckDispose(object1)
        CkCert::ckDispose(cert)
        CkStringBuilder::ckDispose(sbXml)
        CkXmlDSig::ckDispose(verifier)
        ProcedureReturn
    EndIf

    verified.i = CkXmlDSig::ckVerifySignature(verifier,1)
    If verified <> 1
        Debug CkXmlDSig::ckLastErrorText(verifier)
        CkXml::ckDispose(xmlToSign)
        CkXmlDSigGen::ckDispose(gen)
        CkXml::ckDispose(object1)
        CkCert::ckDispose(cert)
        CkStringBuilder::ckDispose(sbXml)
        CkXmlDSig::ckDispose(verifier)
        ProcedureReturn
    EndIf

    Debug "This signature was successfully verified."


    CkXml::ckDispose(xmlToSign)
    CkXmlDSigGen::ckDispose(gen)
    CkXml::ckDispose(object1)
    CkCert::ckDispose(cert)
    CkStringBuilder::ckDispose(sbXml)
    CkXmlDSig::ckDispose(verifier)


    ProcedureReturn
EndProcedure