Sample code for 30+ languages & platforms
Tcl

Sign Manifest File to Generate a Passbook .pkpass in Memory

Demonstrates how to create a Passbook .pkpass archive by creating a signature of a manifest file and then zipping to a .pkpass archive in memory

Chilkat Tcl Downloads

Tcl

load ./chilkat.dll

set success 0

# This requires the Chilkat API to have been previously unlocked.
# See Global Unlock Sample for sample code.

# ---------------------------------------------------------------------------------------------
# This example is the same as Sign Manifest File to Generate a Passbook .pkpass file
# except everything happens in memory (no input files, no output files)
# ---------------------------------------------------------------------------------------------

# First create the manifest.json

set manifest [new_CkJsonObject]

set crypt [new_CkCrypt2]

set zip [new_CkZip]

CkZip_NewZip $zip "notUsedAndNeverCreated.zip"

CkCrypt2_put_HashAlgorithm $crypt "sha1"
# Return hashes as lowercase hex.
CkCrypt2_put_EncodingMode $crypt "hexlower"

set pngData [new_CkBinData]

# Assume we load the pngData with bytes for "icon.png" from somewhere, such as a byte array in memory.
CkZip_AddBd $zip "icon.png" $pngData
set digestStr [CkCrypt2_hashBdENC $crypt $pngData]
CkJsonObject_UpdateString $manifest "\"icon.png\"" $digestStr

CkBinData_Clear $pngData
# Assume we load the pngData with bytes for "icon@2x.png" from somewhere...
CkZip_AddBd $zip "icon@2x.png" $pngData
set digestStr [CkCrypt2_hashBdENC $crypt $pngData]
CkJsonObject_UpdateString $manifest "\"icon@2x.png\"" $digestStr

CkBinData_Clear $pngData
# Assume we load the pngData with bytes for "logo.png" from somewhere...
CkZip_AddBd $zip "logo.png" $pngData
set digestStr [CkCrypt2_hashBdENC $crypt $pngData]
CkJsonObject_UpdateString $manifest "\"logo.png\"" $digestStr

CkBinData_Clear $pngData
# Assume we load the pngData with bytes for "logo@2x.png" from somewhere...
CkZip_AddBd $zip "logo@2x.png" $pngData
set digestStr [CkCrypt2_hashBdENC $crypt $pngData]
CkJsonObject_UpdateString $manifest "\"logo@2x.png\"" $digestStr

set passJson "{ .... }"#  Contains the contents of pass.json
CkZip_AddString $zip "pass.json" $passJson "utf-8"
set digestStr [CkCrypt2_hashStringENC $crypt $passJson]
CkJsonObject_UpdateString $manifest "\"pass.json\"" $digestStr

CkZip_AddString $zip "manifest.json" [CkJsonObject_emit $manifest] "utf-8"

# Make sure we have the Apple WWDR intermediate certificate available for 
# the cert chain in the signature.
set certVault [new_CkXmlCertVault]

set appleWwdrCert [new_CkCert]

set success [CkCert_LoadByCommonName $appleWwdrCert "Apple Worldwide Developer Relations Certification Authority"]
if {$success != 1} then {
    puts "The Apple WWDR intermediate certificate is not installed."
    puts "It is available at https://developer.apple.com/certificationauthority/AppleWWDRCA.cer"
    puts "You may alternatively load the .cer like this..."
    set success [CkCert_LoadFromFile $appleWwdrCert "qa_data/certs/AppleWWDRCA.cer"]
    if {$success == 0} then {
        puts [CkCert_lastErrorText $appleWwdrCert]
        delete_CkJsonObject $manifest
        delete_CkCrypt2 $crypt
        delete_CkZip $zip
        delete_CkBinData $pngData
        delete_CkXmlCertVault $certVault
        delete_CkCert $appleWwdrCert
        exit
    }

}

CkXmlCertVault_AddCert $certVault $appleWwdrCert
CkCrypt2_UseCertVault $crypt $certVault

# Use a digital certificate and private key from a PFX
set bdPfx [new_CkBinData]

# Assume we loaded a PFX into bdPfx....
set pfxPassword "test123"

set cert [new_CkCert]

set success [CkCert_LoadPfxBd $cert $bdPfx $pfxPassword]
if {$success == 0} then {
    puts [CkCert_lastErrorText $cert]
    delete_CkJsonObject $manifest
    delete_CkCrypt2 $crypt
    delete_CkZip $zip
    delete_CkBinData $pngData
    delete_CkXmlCertVault $certVault
    delete_CkCert $appleWwdrCert
    delete_CkBinData $bdPfx
    delete_CkCert $cert
    exit
}

# Provide the signing cert (with associated private key).
set success [CkCrypt2_SetSigningCert $crypt $cert]
if {$success == 0} then {
    puts [CkCrypt2_lastErrorText $crypt]
    delete_CkJsonObject $manifest
    delete_CkCrypt2 $crypt
    delete_CkZip $zip
    delete_CkBinData $pngData
    delete_CkXmlCertVault $certVault
    delete_CkCert $appleWwdrCert
    delete_CkBinData $bdPfx
    delete_CkCert $cert
    exit
}

# Specify the signed attributes to be included.
# (These attributes appear to not be necessary, but we're including
# them just in case they become necessary in the future.)
set jsonSignedAttrs [new_CkJsonObject]

CkJsonObject_UpdateInt $jsonSignedAttrs "contentType" 1
CkJsonObject_UpdateInt $jsonSignedAttrs "signingTime" 1
CkCrypt2_put_SigningAttributes $crypt [CkJsonObject_emit $jsonSignedAttrs]

# Sign the manifest JSON to produce a signature
CkCrypt2_put_EncodingMode $crypt "base64"
set sig [CkCrypt2_signStringENC $crypt [CkJsonObject_emit $manifest]]
set bdSig [new_CkBinData]

CkBinData_AppendEncoded $bdSig $sig "base64"
CkZip_AddBd $zip "signature" $bdSig

# ---------------------------------------------------------------------------------------------
# Note: Chilkat also has the capability to do everything in-memory (no files would be involved).  
# If this is of interest, please send email to support@chilkatsoft.com
# ---------------------------------------------------------------------------------------------

# Create the .pkipass archive (which is a .zip archive containing the required files).
# the .zip is written to bdZip
set bdZip [new_CkBinData]

set success [CkZip_WriteBd $zip $bdZip]
if {$success == 0} then {
    puts [CkZip_lastErrorText $zip]
    delete_CkJsonObject $manifest
    delete_CkCrypt2 $crypt
    delete_CkZip $zip
    delete_CkBinData $pngData
    delete_CkXmlCertVault $certVault
    delete_CkCert $appleWwdrCert
    delete_CkBinData $bdPfx
    delete_CkCert $cert
    delete_CkJsonObject $jsonSignedAttrs
    delete_CkBinData $bdSig
    delete_CkBinData $bdZip
    exit
}

puts "Success."

delete_CkJsonObject $manifest
delete_CkCrypt2 $crypt
delete_CkZip $zip
delete_CkBinData $pngData
delete_CkXmlCertVault $certVault
delete_CkCert $appleWwdrCert
delete_CkBinData $bdPfx
delete_CkCert $cert
delete_CkJsonObject $jsonSignedAttrs
delete_CkBinData $bdSig
delete_CkBinData $bdZip