(CkPython) Sign Mexico Pedimento

Add a signature to a Mexico pedimento file.

Chilkat Python Downloads install with pip pip3 install chilkat or download... Python Module for Windows, MacOS, Linux, Alpine Linux, Solaris

import sys
import chilkat

# This example requires the Chilkat API to have been previously unlocked.
# See Global Unlock Sample for sample code.

# This is the contents before signing:

# 500|1|3621|4199800|400||
# 601|3621|4199800|400|IN|1||EKU9003173C9|EKU9003173C9FRNN09|1||
# 507|4199800|IM|2006-7888">
# 507|4199800|MS|2">
# 800|4199800|1">
# 801|M3621037.222|1|5|011|

# This is the contents after signing

# 500|1|3621|4199800|400||
# 601|3621|4199800|400|IN|1||EKU9003173C9|EKU9003173C9FRNN09|1||
# 507|4199800|IM|2006-7888">
# 507|4199800|MS|2">
# 800|4199800|1|fhP2Ker54D2+3+UZch23F0E72 .... 9qNSPIuAqpj524qLZbbA==|30001000000500003416|
# 801|M3621037.222|1|5|011|

# First create the text to be signed.
bCRLF = True
sb = chilkat.CkStringBuilder()
# Use CRLF line endings.
sb.AppendLine("500|1|3621|4199800|400||",bCRLF)
sb.AppendLine("601|3621|4199800|400|IN|1||EKU9003173C9|EKU9003173C9FRNN09|1||",bCRLF)
sb.AppendLine("507|4199800|IM|2006-7888">",bCRLF)
sb.AppendLine("507|4199800|MS|2">",bCRLF)

# Generate the MD5 hash of what we have so far..
md5_base64 = sb.getHash("md5","base64","utf-8")
print("MD5 hash = " + md5_base64)

# Complete the original file.
# After signing, we'll update the BASE64_SIGNATURE and CERT_SERIAL
sb.AppendLine("800|4199800|1|BASE64_SIGNATURE|CERT_SERIAL|",bCRLF)
sb.AppendLine("801|M3621037.222|1|5|011|",bCRLF)

# We're going to sign the MD5 hash using the private key.
privKey = chilkat.CkPrivateKey()
success = privKey.LoadAnyFormatFile("qa_data/certs/mexico_test/Certificados_de_Prueba/Certificados_Pruebas/Personas Morales/EKU9003173C9_20230517223532/CSD_EKU9003173C9_20230517223903/CSD_Sucursal_1_EKU9003173C9_20230517_223850.key","12345678a")
if (success == False):
    print(privKey.lastErrorText())
    sys.exit()

# Generate the ASN.1 to be signed.

# <sequence>
#     <sequence>
#         <oid>1.2.840.113549.2.5</oid>
#         <null/>
#     </sequence>
#     <octets>SwxHfaJhG+N3pPqay6UzVA==</octets>
# </sequence>

xml = chilkat.CkXml()
xml.put_Tag("sequence")
xml.UpdateChildContent("sequence|oid","1.2.840.113549.2.5")
xml.UpdateChildContent("sequence|null","")
xml.UpdateChildContent("octets",md5_base64)

asn = chilkat.CkAsn()
asn.LoadAsnXml(xml.getXml())
print("ASN.1 = " + asn.getEncodedDer("base64"))

# Sign with the private key.
rsa = chilkat.CkRsa()
success = rsa.ImportPrivateKeyObj(privKey)
if (success == False):
    print(rsa.lastErrorText())
    sys.exit()

# Create the opaque signature.
bdSig = chilkat.CkBinData()
bdSig.AppendEncoded(asn.getEncodedDer("base64"),"base64")
success = rsa.OpenSslSignBd(bdSig)
if (success == False):
    print(rsa.lastErrorText())
    sys.exit()

# bd now contains the opaque signature, which embeds the ASN.1, which contains the MD5 hash.
# We're going to add this line:
# 800|4199800|1|BASE64_SIGNATURE|CERT_SERIAL_NUM|

cert = chilkat.CkCert()
success = cert.LoadFromFile("qa_data/certs/mexico_test/Certificados_de_Prueba/Certificados_Pruebas/Personas Morales/EKU9003173C9_20230517223532/CSD_EKU9003173C9_20230517223903/CSD_Sucursal_1_EKU9003173C9_20230517_223850.cer")
if (success == False):
    print(cert.lastErrorText())
    sys.exit()

serialHex = cert.serialNumber()
# The serial in hex form looks like this:   3330303031303030303030353030303033343136
# Decode to us-ascii.
sbSerial = chilkat.CkStringBuilder()
sbSerial.DecodeAndAppend(serialHex,"hex","us-ascii")
print("serial number in us-ascii: " + sbSerial.getAsString())

numReplaced = sb.Replace("CERT_SERIAL",sbSerial.getAsString())
numReplaced = sb.Replace("BASE64_SIGNATURE",bdSig.getEncoded("base64"))

print("------------------------------------")
print("Result:")
print(sb.getAsString())