Chilkat HOME .NET Core C# Android™ AutoIt C C# C++ Chilkat2-Python CkPython Classic ASP DataFlex Delphi ActiveX Delphi DLL Go Java Lianja Mono C# Node.js Objective-C PHP ActiveX PHP Extension Perl PowerBuilder PowerShell PureBasic Ruby SQL Server Swift 2 Swift 3,4,5... Tcl Unicode C Unicode C++ VB.NET VBScript Visual Basic 6.0 Visual FoxPro Xojo Plugin
(CkPython) CADES-BES Signature using ePass2003 TokenSee more Egypt ITIDA ExamplesDemonstrates using a certificate and private key located on an ePass2003 USB token to create a CADES-BES signature. (Demonstrates how to create a .p7s signature that fits Egypt's ITIDA requirements where Chilkat automatically does the ITIDA JSON canonicalization.)
import sys import chilkat # This example requires the Chilkat API to have been previously unlocked. # See Global Unlock Sample for sample code. scmd = chilkat.CkScMinidriver() # Reader names (smart card readers or USB tokens) can be discovered # via List Readers or Find Smart Cards readerName = "FS USB Token 0" success = scmd.AcquireContext(readerName) if (success == False): print(scmd.lastErrorText()) sys.exit() # If successful, the name of the currently inserted smart card is available: print("Card name: " + scmd.cardName()) # If desired, perform regular PIN authentication with the smartcard. # For more details about smart card PIN authentication, see the Smart Card PIN Authentication Example retval = scmd.PinAuthenticate("user","12345678") if (retval != 0): print("PIN Authentication failed.") # You can find a cerficate using any of the following certificate parts: # "subjectDN" -- The full distinguished name of the cert. # "subjectDN_withTags" -- Same as above, but in a format that includes the subject part tags, such as the "CN=" in "CN=something" # "subjectCN" -- The common name part (CN) of the certificate's subject. # "serial" -- The certificate serial number. # "serial:issuerCN" -- The certificate serial number + the issuer's common name, delimited with a colon char. # These are the same certificate parts that can be retrieved by listing certificates on the smart card (or USB token). # See List Certificates on Smart Card Example certPart = "subjectCN" partValue = "Matt" # If the certificate is found, it is loaded into the cert object. # Note: We imported this certificate from a .p12/.pfx using code such as this Example to Import a .pfx/.p12 onto a Smart Card cert = chilkat.CkCert() success = scmd.FindCert(certPart,partValue,cert) if (success == False): print("Failed to find the certificate.") scmd.DeleteContext() sys.exit() print("Successfully loaded the cert object from the smart card / USB token.") # Note: When successful, the cert object is internally linked to the ScMinidriver object's authenticated session. # The cert object can now be used to sign or do other cryptographic operations that occur on the smart card / USB token. # If your application calls PinDeauthenticate or DeleteContext, the cert will no longer be able to sign on the smart card # because the smart card ScMinidriver session will no longer be authenticated or deleted. # ------------------------------------------------------------------------------------------------------------ # Here we have to code to create the CADES-BES signature using Chilkat Crypt2.. crypt = chilkat.CkCrypt2() # Tell the crypt class to use the cert on the ePass2003 token. success = crypt.SetSigningCert(cert) if (success != True): print(crypt.lastErrorText()) sys.exit() cmsOptions = chilkat.CkJsonObject() # Setting "DigestData" causes OID 1.2.840.113549.1.7.5 (digestData) to be used. cmsOptions.UpdateBool("DigestData",True) cmsOptions.UpdateBool("OmitAlgorithmIdNull",True) # Indicate that we are passing normal JSON and we want Chilkat do automatically # do the ITIDA JSON canonicalization: cmsOptions.UpdateBool("CanonicalizeITIDA",True) crypt.put_CmsOptions(cmsOptions.emit()) # The CadesEnabled property applies to all methods that create CMS/PKCS7 signatures. # To create a CAdES-BES signature, set this property equal to true. crypt.put_CadesEnabled(True) crypt.put_HashAlgorithm("sha256") jsonSigningAttrs = chilkat.CkJsonObject() jsonSigningAttrs.UpdateInt("contentType",1) jsonSigningAttrs.UpdateInt("signingTime",1) jsonSigningAttrs.UpdateInt("messageDigest",1) jsonSigningAttrs.UpdateInt("signingCertificateV2",1) crypt.put_SigningAttributes(jsonSigningAttrs.emit()) # By default, all the certs in the chain of authentication are included in the signature. # If desired, we can choose to only include the signing certificate: crypt.put_IncludeCertChain(False) # Pass a JSON document such as the following. Chilkat will do the ITIDA canonicalization. # (It is the canonicalized JSON that gets signed.) # { # "issuer":{ # "address":{ # "branchID":"0", # "country":"EG", # "regionCity":"Cairo", # "postalCode":"", # "buildingNumber":"0", # "street":"123rd Street", # "governate":"GOVERNATE" # }, # "type":"B", # "id":"209999899", # "name":"Xyz SAE" # }, # "receiver":{ # "address":{ # "country":"EG", # "regionCity":"CAIRO", # "postalCode":"11435", # "buildingNumber":"0", # "street":"Autostrad Road Abc", # "governate":"GOVERNATE" # }, # "type":"B", # "id":"999999999", # "name":"XYZ EGYPT FOR TRADE" # }, # "documentType":"I", # "documentTypeVersion":"1.0", # "dateTimeIssued":"2020-11-15T11:04:53Z", # "taxpayerActivityCode":"1073", # "internalID":"ZZZZ999", # "purchaseOrderReference":"2009199918", # "salesOrderReference":"", # "payment":{ # "bankName":"", # "bankAddress":"", # "bankAccountNo":"", # "bankAccountIBAN":"", # "swiftCode":"", # "terms":"" # }, # "delivery":{ # "approach":"", # "packaging":"", # "dateValidity":"", # "exportPort":"", # "countryOfOrigin":"EG", # "grossWeight":0, # "netWeight":0, # "terms":"" # }, # "invoiceLines":[ # { # "description":"CDM Widget 48GX99X12BA", # "itemType":"GS1", # "itemCode":"7622213335056", # "unitType":"CS", # "quantity":1.00, # "unitValue":{ # "currencySold":"EGP", # "amountEGP":588.67, # "amountSold":0, # "currencyExchangeRate":0 # }, # "salesTotal":588.67, # "total":603.97, # "valueDifference":0, # "totalTaxableFees":0, # "netTotal":529.8, # "itemsDiscount":0, # "discount":{ # "rate":10.00, # "amount":58.87 # }, # "taxableItems":[ # { # "taxType":"T1", # "amount":74.17, # "subType":"No sub", # "rate":14.00 # } # ], # "internalCode":"9099994" # } # ], # "totalSales":588.67, # "totalSalesAmount":588.67, # "totalDiscountAmount":58.87, # "netAmount":529.80, # "taxTotals":[ # { # "taxType":"T1", # "amount":74.17 # } # ], # "extraDiscountAmount":0, # "totalItemsDiscountAmount":0, # "totalAmount":603.97, # } # json = chilkat.CkJsonObject() success = json.LoadFile("qa_data/itida/sdk.invoicing.eta.gov.eg/files/one-doc.json") if (success == False): print(json.lastErrorText()) sys.exit() json.put_EmitCompact(False) # Create the CAdES-BES signature. crypt.put_EncodingMode("base64") # Make sure we sign the utf-8 byte representation of the JSON string crypt.put_Charset("utf-8") sigBase64 = crypt.signStringENC(json.emit()) if (crypt.get_LastMethodSuccess() == False): print(crypt.lastErrorText()) sys.exit() print("Base64 signature:") print(sigBase64) # Add the signature to the JSON. json.UpdateString("signatures[0].signatureType","I") json.UpdateString("signatures[0].value",sigBase64) print("JSON with signature added:") print(json.emit()) # ------------------------------------------------------------------------------------------------------------ # Cleanup our ScMinidriver session... # When finished with operations that required authentication, you may if you wish, deauthenticate the session. success = scmd.PinDeauthenticate("user") if (success == False): print(scmd.lastErrorText()) # Delete the context when finished with the card. success = scmd.DeleteContext() if (success == False): print(scmd.lastErrorText()) |
© 2000-2024 Chilkat Software, Inc. All Rights Reserved.