Sample code for 30+ languages & platforms
PureBasic

Sign XML for Zakat, Tax and Customs Authority (ZATCA)

See more ZATCA Examples

Demonstrates how to sign XML for Zakat, Tax and Customs Authority (ZATCA).

Chilkat PureBasic Downloads

PureBasic
IncludeFile "CkPrivateKey.pb"
IncludeFile "CkXmlDSig.pb"
IncludeFile "CkXml.pb"
IncludeFile "CkXmlDSigGen.pb"
IncludeFile "CkStringBuilder.pb"
IncludeFile "CkCert.pb"

Procedure ChilkatExample()

    success.i = 0

    ; This example requires the Chilkat API to have been previously unlocked.
    ; See Global Unlock Sample for sample code.

    success = 1

    ; Load XML to be signed...
    sbXml.i = CkStringBuilder::ckCreate()
    If sbXml.i = 0
        Debug "Failed to create object."
        ProcedureReturn
    EndIf

    success = CkStringBuilder::ckLoadFile(sbXml,"qa_data/xml_dsig_valid_samples/UBL_Saudi_ZATCA_Zakat_Tax_and_Customs_Authority_toBeSigned.xml","utf-8")
    If success = 0
        Debug "Failed to load XML file to be signed."
        CkStringBuilder::ckDispose(sbXml)
        ProcedureReturn
    EndIf

    ; Loads XML containing the following (with data modified from the original sample).

    ; <?xml version="1.0" encoding="UTF-8"?>
    ; <Invoice xmlns="urn:oasis:names:specification:ubl:schema:xsd:Invoice-2" xmlns:cac="urn:oasis:names:specification:ubl:schema:xsd:CommonAggregateComponents-2" xmlns:cbc="urn:oasis:names:specification:ubl:schema:xsd:CommonBasicComponents-2" xmlns:ext="urn:oasis:names:specification:ubl:schema:xsd:CommonExtensionComponents-2"><ext:UBLExtensions>
    ;     <ext:UBLExtension>
    ;         <ext:ExtensionURI>urn:oasis:names:specification:ubl:dsig:enveloped:xades</ext:ExtensionURI>
    ;         <ext:ExtensionContent>
    ;             <sig:UBLDocumentSignatures xmlns:sig="urn:oasis:names:specification:ubl:schema:xsd:CommonSignatureComponents-2" xmlns:sac="urn:oasis:names:specification:ubl:schema:xsd:SignatureAggregateComponents-2" xmlns:sbc="urn:oasis:names:specification:ubl:schema:xsd:SignatureBasicComponents-2">
    ;                 <sac:SignatureInformation>
    ;                     <cbc:ID>urn:oasis:names:specification:ubl:signature:1</cbc:ID>
    ;                     <sbc:ReferencedSignatureID>urn:oasis:names:specification:ubl:signature:Invoice</sbc:ReferencedSignatureID>
    ;                     
    ;                 </sac:SignatureInformation>
    ;             </sig:UBLDocumentSignatures>
    ;         </ext:ExtensionContent>
    ;     </ext:UBLExtension>
    ; </ext:UBLExtensions>
    ;    
    ;    <cbc:ProfileID>reporting:1.0</cbc:ProfileID>
    ;    <cbc:ID>100</cbc:ID>
    ;    <cbc:UUID>3cf5ee18-ee25-44ea-a444-2c37ba7f28be</cbc:UUID>
    ;    <cbc:IssueDate>2021-04-25</cbc:IssueDate>
    ;    <cbc:IssueTime>15:30:00</cbc:IssueTime>
    ;    <cbc:InvoiceTypeCode name="0100000">388</cbc:InvoiceTypeCode>
    ;    <cbc:DocumentCurrencyCode>SAR</cbc:DocumentCurrencyCode>
    ;    <cbc:TaxCurrencyCode>SAR</cbc:TaxCurrencyCode>
    ;    <cbc:LineCountNumeric>2</cbc:LineCountNumeric>
    ;    <cac:AdditionalDocumentReference>
    ;       <cbc:ID>ICV</cbc:ID>
    ;       <cbc:UUID>46531</cbc:UUID>
    ;    </cac:AdditionalDocumentReference>
    ;    <cac:AdditionalDocumentReference>
    ;       <cbc:ID>PIH</cbc:ID>
    ;       <cac:Attachment>
    ;          <cbc:EmbeddedDocumentBinaryObject mimeCode="text/plain">NWZl......NTdlOQ==</cbc:EmbeddedDocumentBinaryObject>
    ;       </cac:Attachment>
    ;    </cac:AdditionalDocumentReference>
    ;    
    ;   
    ;    <cac:AdditionalDocumentReference>
    ;         <cbc:ID>QR</cbc:ID>
    ;         <cac:Attachment>
    ;             <cbc:EmbeddedDocumentBinaryObject mimeCode="text/plain">ARlBbC........FAau5g</cbc:EmbeddedDocumentBinaryObject>
    ;         </cac:Attachment>
    ; </cac:AdditionalDocumentReference><cac:Signature>
    ;       <cbc:ID>urn:oasis:names:specification:ubl:signature:Invoice</cbc:ID>
    ;       <cbc:SignatureMethod>urn:oasis:names:specification:ubl:dsig:enveloped:xades</cbc:SignatureMethod>
    ; </cac:Signature><cac:AccountingSupplierParty>
    ;       <cac:Party>
    ;          <cac:PartyIdentification>
    ;             <cbc:ID schemeID="MLS">123457890</cbc:ID>
    ;          </cac:PartyIdentification>
    ;          <cac:PostalAddress>
    ;             <cbc:StreetName>King Abdulaziz Road</cbc:StreetName>
    ;             <cbc:BuildingNumber>9999</cbc:BuildingNumber>
    ;             <cbc:PlotIdentification>9999</cbc:PlotIdentification>
    ;             <cbc:CitySubdivisionName>Al Amal</cbc:CitySubdivisionName>
    ;             <cbc:CityName>Riyadh</cbc:CityName>
    ;             <cbc:PostalZone>12643</cbc:PostalZone>
    ;             <cbc:CountrySubentity>Riyadh Region</cbc:CountrySubentity>
    ;             <cac:Country>
    ;                <cbc:IdentificationCode>SA</cbc:IdentificationCode>
    ;             </cac:Country>
    ;          </cac:PostalAddress>
    ;          <cac:PartyTaxScheme>
    ;             <cbc:CompanyID>300099999900003</cbc:CompanyID>
    ;             <cac:TaxScheme>
    ;                <cbc:ID>VAT</cbc:ID>
    ;             </cac:TaxScheme>
    ;          </cac:PartyTaxScheme>
    ;          <cac:PartyLegalEntity>
    ;             <cbc:RegistrationName>Example Co. LTD</cbc:RegistrationName>
    ;          </cac:PartyLegalEntity>
    ;       </cac:Party>
    ;    </cac:AccountingSupplierParty>
    ;    <cac:AccountingCustomerParty>
    ;       <cac:Party>
    ;          <cac:PartyIdentification>
    ;             <cbc:ID schemeID="SAG">123C12345678</cbc:ID>
    ;          </cac:PartyIdentification>
    ;          <cac:PostalAddress>
    ;             <cbc:StreetName>King Abdullah Road</cbc:StreetName>
    ;             <cbc:BuildingNumber>9999</cbc:BuildingNumber>
    ;             <cbc:PlotIdentification>9999</cbc:PlotIdentification>
    ;             <cbc:CitySubdivisionName>Al Mursalat</cbc:CitySubdivisionName>
    ;             <cbc:CityName>Riyadh</cbc:CityName>
    ;             <cbc:PostalZone>11564</cbc:PostalZone>
    ;             <cbc:CountrySubentity>Riyadh Region</cbc:CountrySubentity>
    ;             <cac:Country>
    ;                <cbc:IdentificationCode>SA</cbc:IdentificationCode>
    ;             </cac:Country>
    ;          </cac:PostalAddress>
    ;          <cac:PartyTaxScheme>
    ;             <cac:TaxScheme>
    ;                <cbc:ID>VAT</cbc:ID>
    ;             </cac:TaxScheme>
    ;          </cac:PartyTaxScheme>
    ;          <cac:PartyLegalEntity>
    ;             <cbc:RegistrationName>EXAMPLE MARKETS</cbc:RegistrationName>
    ;          </cac:PartyLegalEntity>
    ;       </cac:Party>
    ;    </cac:AccountingCustomerParty>
    ;    <cac:Delivery>
    ;       <cbc:ActualDeliveryDate>2022-04-25</cbc:ActualDeliveryDate>
    ;    </cac:Delivery>
    ;    <cac:PaymentMeans>
    ;       <cbc:PaymentMeansCode>42</cbc:PaymentMeansCode>
    ;    </cac:PaymentMeans>
    ;    <cac:TaxTotal>
    ;       <cbc:TaxAmount currencyID="SAR">135.00</cbc:TaxAmount>
    ;       <cac:TaxSubtotal>
    ;          <cbc:TaxableAmount currencyID="SAR">900.00</cbc:TaxableAmount>
    ;          <cbc:TaxAmount currencyID="SAR">135.00</cbc:TaxAmount>
    ;          <cac:TaxCategory>
    ;             <cbc:ID>S</cbc:ID>
    ;             <cbc:Percent>15</cbc:Percent>
    ;             <cac:TaxScheme>
    ;                <cbc:ID>VAT</cbc:ID>
    ;             </cac:TaxScheme>
    ;          </cac:TaxCategory>
    ;       </cac:TaxSubtotal>
    ;    </cac:TaxTotal>
    ;    <cac:TaxTotal>
    ;       <cbc:TaxAmount currencyID="SAR">135.00</cbc:TaxAmount>
    ;    </cac:TaxTotal>
    ;    <cac:LegalMonetaryTotal>
    ;       <cbc:LineExtensionAmount currencyID="SAR">900.00</cbc:LineExtensionAmount>
    ;       <cbc:TaxExclusiveAmount currencyID="SAR">900.00</cbc:TaxExclusiveAmount>
    ;       <cbc:TaxInclusiveAmount currencyID="SAR">1035.00</cbc:TaxInclusiveAmount>
    ;       <cbc:AllowanceTotalAmount currencyID="SAR">0.00</cbc:AllowanceTotalAmount>
    ;       <cbc:PayableAmount currencyID="SAR">1035.00</cbc:PayableAmount>
    ;    </cac:LegalMonetaryTotal>
    ;    <cac:InvoiceLine>
    ;       <cbc:ID>1</cbc:ID>
    ;       <cbc:InvoicedQuantity unitCode="PCE">1</cbc:InvoicedQuantity>
    ;       <cbc:LineExtensionAmount currencyID="SAR">200.00</cbc:LineExtensionAmount>
    ;       <cac:TaxTotal>
    ;          <cbc:TaxAmount currencyID="SAR">30.00</cbc:TaxAmount>
    ;          <cbc:RoundingAmount currencyID="SAR">230.00</cbc:RoundingAmount>
    ;       </cac:TaxTotal>
    ;       <cac:Item>
    ;          <cbc:Name>Item A</cbc:Name>
    ;          <cac:ClassifiedTaxCategory>
    ;             <cbc:ID>S</cbc:ID>
    ;             <cbc:Percent>15</cbc:Percent>
    ;             <cac:TaxScheme>
    ;                <cbc:ID>VAT</cbc:ID>
    ;             </cac:TaxScheme>
    ;          </cac:ClassifiedTaxCategory>
    ;       </cac:Item>
    ;       <cac:Price>
    ;          <cbc:PriceAmount currencyID="SAR">200.00</cbc:PriceAmount>
    ;       </cac:Price>
    ;    </cac:InvoiceLine>
    ;    <cac:InvoiceLine>
    ;       <cbc:ID>2</cbc:ID>
    ;       <cbc:InvoicedQuantity unitCode="PCE">2</cbc:InvoicedQuantity>
    ;       <cbc:LineExtensionAmount currencyID="SAR">700.00</cbc:LineExtensionAmount>
    ;       <cac:TaxTotal>
    ;          <cbc:TaxAmount currencyID="SAR">105.00</cbc:TaxAmount>
    ;          <cbc:RoundingAmount currencyID="SAR">805.00</cbc:RoundingAmount>
    ;       </cac:TaxTotal>
    ;       <cac:Item>
    ;          <cbc:Name>Item B</cbc:Name>
    ;          <cac:ClassifiedTaxCategory>
    ;             <cbc:ID>S</cbc:ID>
    ;             <cbc:Percent>15</cbc:Percent>
    ;             <cac:TaxScheme>
    ;                <cbc:ID>VAT</cbc:ID>
    ;             </cac:TaxScheme>
    ;          </cac:ClassifiedTaxCategory>
    ;       </cac:Item>
    ;       <cac:Price>
    ;          <cbc:PriceAmount currencyID="SAR">350.00</cbc:PriceAmount>
    ;       </cac:Price>
    ;    </cac:InvoiceLine>
    ; </Invoice>

    gen.i = CkXmlDSigGen::ckCreate()
    If gen.i = 0
        Debug "Failed to create object."
        ProcedureReturn
    EndIf

    CkXmlDSigGen::setCkSigLocation(gen, "Invoice|ext:UBLExtensions|ext:UBLExtension|ext:ExtensionContent|sig:UBLDocumentSignatures|sac:SignatureInformation")
    CkXmlDSigGen::setCkSigLocationMod(gen, 0)
    CkXmlDSigGen::setCkSigId(gen, "signature")
    CkXmlDSigGen::setCkSigNamespacePrefix(gen, "ds")
    CkXmlDSigGen::setCkSigNamespaceUri(gen, "http://www.w3.org/2000/09/xmldsig#")
    CkXmlDSigGen::setCkSignedInfoCanonAlg(gen, "C14N_11")
    CkXmlDSigGen::setCkSignedInfoDigestMethod(gen, "sha256")

    ; Create an Object to be added to the Signature.
    object1.i = CkXml::ckCreate()
    If object1.i = 0
        Debug "Failed to create object."
        ProcedureReturn
    EndIf

    CkXml::setCkTag(object1, "xades:QualifyingProperties")
    CkXml::ckAddAttribute(object1,"xmlns:xades","http://uri.etsi.org/01903/v1.3.2#")
    CkXml::ckAddAttribute(object1,"Target","signature")
    CkXml::ckUpdateAttrAt(object1,"xades:SignedProperties",1,"Id","xadesSignedProperties")
    CkXml::ckUpdateChildContent(object1,"xades:SignedProperties|xades:SignedSignatureProperties|xades:SigningTime","TO BE GENERATED BY CHILKAT")
    CkXml::ckUpdateAttrAt(object1,"xades:SignedProperties|xades:SignedSignatureProperties|xades:SigningCertificate|xades:Cert|xades:CertDigest|ds:DigestMethod",1,"Algorithm","http://www.w3.org/2001/04/xmlenc#sha256")
    CkXml::ckUpdateChildContent(object1,"xades:SignedProperties|xades:SignedSignatureProperties|xades:SigningCertificate|xades:Cert|xades:CertDigest|ds:DigestValue","TO BE GENERATED BY CHILKAT")
    CkXml::ckUpdateChildContent(object1,"xades:SignedProperties|xades:SignedSignatureProperties|xades:SigningCertificate|xades:Cert|xades:IssuerSerial|ds:X509IssuerName","TO BE GENERATED BY CHILKAT")
    CkXml::ckUpdateChildContent(object1,"xades:SignedProperties|xades:SignedSignatureProperties|xades:SigningCertificate|xades:Cert|xades:IssuerSerial|ds:X509SerialNumber","TO BE GENERATED BY CHILKAT")

    CkXmlDSigGen::ckAddObject(gen,"",CkXml::ckGetXml(object1),"","")

    ; -------- Reference 1 --------
    xml1.i = CkXml::ckCreate()
    If xml1.i = 0
        Debug "Failed to create object."
        ProcedureReturn
    EndIf

    CkXml::setCkTag(xml1, "ds:Transforms")
    CkXml::ckUpdateAttrAt(xml1,"ds:Transform",1,"Algorithm","http://www.w3.org/TR/1999/REC-xpath-19991116")
    CkXml::ckUpdateChildContent(xml1,"ds:Transform|ds:XPath","not(//ancestor-or-self::ext:UBLExtensions)")
    CkXml::ckUpdateAttrAt(xml1,"ds:Transform[1]",1,"Algorithm","http://www.w3.org/TR/1999/REC-xpath-19991116")
    CkXml::ckUpdateChildContent(xml1,"ds:Transform[1]|ds:XPath","not(//ancestor-or-self::cac:Signature)")
    CkXml::ckUpdateAttrAt(xml1,"ds:Transform[2]",1,"Algorithm","http://www.w3.org/TR/1999/REC-xpath-19991116")
    CkXml::ckUpdateChildContent(xml1,"ds:Transform[2]|ds:XPath","not(//ancestor-or-self::cac:AdditionalDocumentReference[cbc:ID='QR'])")
    CkXml::ckUpdateAttrAt(xml1,"ds:Transform[3]",1,"Algorithm","http://www.w3.org/2006/12/xml-c14n11")

    CkXmlDSigGen::ckAddSameDocRef2(gen,"","sha256",xml1,"")

    CkXmlDSigGen::ckSetRefIdAttr(gen,"","invoiceSignedData")

    ; -------- Reference 2 --------
    CkXmlDSigGen::ckAddObjectRef(gen,"xadesSignedProperties","sha256","","","http://www.w3.org/2000/09/xmldsig#SignatureProperties")

    ; Provide a certificate + private key. (PFX password is test123)
    certFromPfx.i = CkCert::ckCreate()
    If certFromPfx.i = 0
        Debug "Failed to create object."
        ProcedureReturn
    EndIf

    success = CkCert::ckLoadPfxFile(certFromPfx,"qa_data/pfx/cert_test123.pfx","test123")
    If success <> 1
        Debug CkCert::ckLastErrorText(certFromPfx)
        CkStringBuilder::ckDispose(sbXml)
        CkXmlDSigGen::ckDispose(gen)
        CkXml::ckDispose(object1)
        CkXml::ckDispose(xml1)
        CkCert::ckDispose(certFromPfx)
        ProcedureReturn
    EndIf

    ; Alternatively, if your certificate and private key are in separate PEM files, do this:
    cert.i = CkCert::ckCreate()
    If cert.i = 0
        Debug "Failed to create object."
        ProcedureReturn
    EndIf

    success = CkCert::ckLoadFromFile(cert,"qa_data/zatca/cert.pem")
    If success <> 1
        Debug CkCert::ckLastErrorText(cert)
        CkStringBuilder::ckDispose(sbXml)
        CkXmlDSigGen::ckDispose(gen)
        CkXml::ckDispose(object1)
        CkXml::ckDispose(xml1)
        CkCert::ckDispose(certFromPfx)
        CkCert::ckDispose(cert)
        ProcedureReturn
    EndIf

    Debug CkCert::ckSubjectCN(cert)

    ; Load the private key.
    privKey.i = CkPrivateKey::ckCreate()
    If privKey.i = 0
        Debug "Failed to create object."
        ProcedureReturn
    EndIf

    success = CkPrivateKey::ckLoadPemFile(privKey,"qa_data/zatca/ec-secp256k1-priv-key.pem")
    If success <> 1
        Debug CkPrivateKey::ckLastErrorText(privKey)
        CkStringBuilder::ckDispose(sbXml)
        CkXmlDSigGen::ckDispose(gen)
        CkXml::ckDispose(object1)
        CkXml::ckDispose(xml1)
        CkCert::ckDispose(certFromPfx)
        CkCert::ckDispose(cert)
        CkPrivateKey::ckDispose(privKey)
        ProcedureReturn
    EndIf

    Debug "Key Type: " + CkPrivateKey::ckKeyType(privKey)

    ; Associate the private key with the certificate.
    success = CkCert::ckSetPrivateKey(cert,privKey)
    If success <> 1
        Debug CkCert::ckLastErrorText(cert)
        CkStringBuilder::ckDispose(sbXml)
        CkXmlDSigGen::ckDispose(gen)
        CkXml::ckDispose(object1)
        CkXml::ckDispose(xml1)
        CkCert::ckDispose(certFromPfx)
        CkCert::ckDispose(cert)
        CkPrivateKey::ckDispose(privKey)
        ProcedureReturn
    EndIf

    ; The certificate passed to SetX509Cert must have an associated private key.
    ; If the cert was loaded from a PFX, then it should automatically has an associated private key.
    ; If the cert was loaded from PEM, then the private key was explicitly associated as shown above.
    success = CkXmlDSigGen::ckSetX509Cert(gen,cert,1)
    If success <> 1
        Debug CkXmlDSigGen::ckLastErrorText(gen)
        CkStringBuilder::ckDispose(sbXml)
        CkXmlDSigGen::ckDispose(gen)
        CkXml::ckDispose(object1)
        CkXml::ckDispose(xml1)
        CkCert::ckDispose(certFromPfx)
        CkCert::ckDispose(cert)
        CkPrivateKey::ckDispose(privKey)
        ProcedureReturn
    EndIf

    CkXmlDSigGen::setCkKeyInfoType(gen, "X509Data")
    CkXmlDSigGen::setCkX509Type(gen, "Certificate")

    ; ---------------- This is important -----------------------------------------
    ; Starting in Chilkat v9.5.0.92, add the "ZATCA" behavior to produce the format required by ZATCA.
    CkXmlDSigGen::setCkBehaviors(gen, "IndentedSignature,TransformSignatureXPath,ZATCA")
    ; ----------------------------------------------------------------------------

    ; Sign the XML...
    success = CkXmlDSigGen::ckCreateXmlDSigSb(gen,sbXml)
    If success <> 1
        Debug CkXmlDSigGen::ckLastErrorText(gen)
        CkStringBuilder::ckDispose(sbXml)
        CkXmlDSigGen::ckDispose(gen)
        CkXml::ckDispose(object1)
        CkXml::ckDispose(xml1)
        CkCert::ckDispose(certFromPfx)
        CkCert::ckDispose(cert)
        CkPrivateKey::ckDispose(privKey)
        ProcedureReturn
    EndIf

    ; -----------------------------------------------

    ; Save the signed XML to a file.
    success = CkStringBuilder::ckWriteFile(sbXml,"qa_output/signedXml.xml","utf-8",0)

    Debug CkStringBuilder::ckGetAsString(sbXml)

    ; ----------------------------------------
    ; Verify the signatures we just produced...
    verifier.i = CkXmlDSig::ckCreate()
    If verifier.i = 0
        Debug "Failed to create object."
        ProcedureReturn
    EndIf

    success = CkXmlDSig::ckLoadSignatureSb(verifier,sbXml)
    If success <> 1
        Debug CkXmlDSig::ckLastErrorText(verifier)
        CkStringBuilder::ckDispose(sbXml)
        CkXmlDSigGen::ckDispose(gen)
        CkXml::ckDispose(object1)
        CkXml::ckDispose(xml1)
        CkCert::ckDispose(certFromPfx)
        CkCert::ckDispose(cert)
        CkPrivateKey::ckDispose(privKey)
        CkXmlDSig::ckDispose(verifier)
        ProcedureReturn
    EndIf

    ; ---------------- This is important -----------------------------------------
    ; Starting in Chilkat v9.5.0.92, specify "ZATCA" in uncommon options 
    ; to validate signed XML according to ZATCA needs.
    ; ----------------------------------------------------------------------------
    CkXmlDSig::setCkUncommonOptions(verifier, "ZATCA")

    numSigs.i = CkXmlDSig::ckNumSignatures(verifier)
    verifyIdx.i = 0
    While verifyIdx < numSigs
        CkXmlDSig::setCkSelector(verifier, verifyIdx)
        verified.i = CkXmlDSig::ckVerifySignature(verifier,1)
        If verified <> 1
            Debug CkXmlDSig::ckLastErrorText(verifier)
            CkStringBuilder::ckDispose(sbXml)
            CkXmlDSigGen::ckDispose(gen)
            CkXml::ckDispose(object1)
            CkXml::ckDispose(xml1)
            CkCert::ckDispose(certFromPfx)
            CkCert::ckDispose(cert)
            CkPrivateKey::ckDispose(privKey)
            CkXmlDSig::ckDispose(verifier)
            ProcedureReturn
        EndIf

        verifyIdx = verifyIdx + 1
    Wend
    Debug "All signatures were successfully verified."


    CkStringBuilder::ckDispose(sbXml)
    CkXmlDSigGen::ckDispose(gen)
    CkXml::ckDispose(object1)
    CkXml::ckDispose(xml1)
    CkCert::ckDispose(certFromPfx)
    CkCert::ckDispose(cert)
    CkPrivateKey::ckDispose(privKey)
    CkXmlDSig::ckDispose(verifier)


    ProcedureReturn
EndProcedure