Tcl
Tcl
Sign Manifest File to Generate a Passbook .pkpass in Memory
Demonstrates how to create a Passbook .pkpass archive by creating a signature of a manifest file and then zipping to a .pkpass archive in memoryChilkat Tcl Downloads
load ./chilkat.dll
set success 0
# This requires the Chilkat API to have been previously unlocked.
# See Global Unlock Sample for sample code.
# ---------------------------------------------------------------------------------------------
# This example is the same as Sign Manifest File to Generate a Passbook .pkpass file
# except everything happens in memory (no input files, no output files)
# ---------------------------------------------------------------------------------------------
# First create the manifest.json
set manifest [new_CkJsonObject]
set crypt [new_CkCrypt2]
set zip [new_CkZip]
CkZip_NewZip $zip "notUsedAndNeverCreated.zip"
CkCrypt2_put_HashAlgorithm $crypt "sha1"
# Return hashes as lowercase hex.
CkCrypt2_put_EncodingMode $crypt "hexlower"
set pngData [new_CkBinData]
# Assume we load the pngData with bytes for "icon.png" from somewhere, such as a byte array in memory.
CkZip_AddBd $zip "icon.png" $pngData
set digestStr [CkCrypt2_hashBdENC $crypt $pngData]
CkJsonObject_UpdateString $manifest "\"icon.png\"" $digestStr
CkBinData_Clear $pngData
# Assume we load the pngData with bytes for "icon@2x.png" from somewhere...
CkZip_AddBd $zip "icon@2x.png" $pngData
set digestStr [CkCrypt2_hashBdENC $crypt $pngData]
CkJsonObject_UpdateString $manifest "\"icon@2x.png\"" $digestStr
CkBinData_Clear $pngData
# Assume we load the pngData with bytes for "logo.png" from somewhere...
CkZip_AddBd $zip "logo.png" $pngData
set digestStr [CkCrypt2_hashBdENC $crypt $pngData]
CkJsonObject_UpdateString $manifest "\"logo.png\"" $digestStr
CkBinData_Clear $pngData
# Assume we load the pngData with bytes for "logo@2x.png" from somewhere...
CkZip_AddBd $zip "logo@2x.png" $pngData
set digestStr [CkCrypt2_hashBdENC $crypt $pngData]
CkJsonObject_UpdateString $manifest "\"logo@2x.png\"" $digestStr
set passJson "{ .... }"# Contains the contents of pass.json
CkZip_AddString $zip "pass.json" $passJson "utf-8"
set digestStr [CkCrypt2_hashStringENC $crypt $passJson]
CkJsonObject_UpdateString $manifest "\"pass.json\"" $digestStr
CkZip_AddString $zip "manifest.json" [CkJsonObject_emit $manifest] "utf-8"
# Make sure we have the Apple WWDR intermediate certificate available for
# the cert chain in the signature.
set certVault [new_CkXmlCertVault]
set appleWwdrCert [new_CkCert]
set success [CkCert_LoadByCommonName $appleWwdrCert "Apple Worldwide Developer Relations Certification Authority"]
if {$success != 1} then {
puts "The Apple WWDR intermediate certificate is not installed."
puts "It is available at https://developer.apple.com/certificationauthority/AppleWWDRCA.cer"
puts "You may alternatively load the .cer like this..."
set success [CkCert_LoadFromFile $appleWwdrCert "qa_data/certs/AppleWWDRCA.cer"]
if {$success == 0} then {
puts [CkCert_lastErrorText $appleWwdrCert]
delete_CkJsonObject $manifest
delete_CkCrypt2 $crypt
delete_CkZip $zip
delete_CkBinData $pngData
delete_CkXmlCertVault $certVault
delete_CkCert $appleWwdrCert
exit
}
}
CkXmlCertVault_AddCert $certVault $appleWwdrCert
CkCrypt2_UseCertVault $crypt $certVault
# Use a digital certificate and private key from a PFX
set bdPfx [new_CkBinData]
# Assume we loaded a PFX into bdPfx....
set pfxPassword "test123"
set cert [new_CkCert]
set success [CkCert_LoadPfxBd $cert $bdPfx $pfxPassword]
if {$success == 0} then {
puts [CkCert_lastErrorText $cert]
delete_CkJsonObject $manifest
delete_CkCrypt2 $crypt
delete_CkZip $zip
delete_CkBinData $pngData
delete_CkXmlCertVault $certVault
delete_CkCert $appleWwdrCert
delete_CkBinData $bdPfx
delete_CkCert $cert
exit
}
# Provide the signing cert (with associated private key).
set success [CkCrypt2_SetSigningCert $crypt $cert]
if {$success == 0} then {
puts [CkCrypt2_lastErrorText $crypt]
delete_CkJsonObject $manifest
delete_CkCrypt2 $crypt
delete_CkZip $zip
delete_CkBinData $pngData
delete_CkXmlCertVault $certVault
delete_CkCert $appleWwdrCert
delete_CkBinData $bdPfx
delete_CkCert $cert
exit
}
# Specify the signed attributes to be included.
# (These attributes appear to not be necessary, but we're including
# them just in case they become necessary in the future.)
set jsonSignedAttrs [new_CkJsonObject]
CkJsonObject_UpdateInt $jsonSignedAttrs "contentType" 1
CkJsonObject_UpdateInt $jsonSignedAttrs "signingTime" 1
CkCrypt2_put_SigningAttributes $crypt [CkJsonObject_emit $jsonSignedAttrs]
# Sign the manifest JSON to produce a signature
CkCrypt2_put_EncodingMode $crypt "base64"
set sig [CkCrypt2_signStringENC $crypt [CkJsonObject_emit $manifest]]
set bdSig [new_CkBinData]
CkBinData_AppendEncoded $bdSig $sig "base64"
CkZip_AddBd $zip "signature" $bdSig
# ---------------------------------------------------------------------------------------------
# Note: Chilkat also has the capability to do everything in-memory (no files would be involved).
# If this is of interest, please send email to support@chilkatsoft.com
# ---------------------------------------------------------------------------------------------
# Create the .pkipass archive (which is a .zip archive containing the required files).
# the .zip is written to bdZip
set bdZip [new_CkBinData]
set success [CkZip_WriteBd $zip $bdZip]
if {$success == 0} then {
puts [CkZip_lastErrorText $zip]
delete_CkJsonObject $manifest
delete_CkCrypt2 $crypt
delete_CkZip $zip
delete_CkBinData $pngData
delete_CkXmlCertVault $certVault
delete_CkCert $appleWwdrCert
delete_CkBinData $bdPfx
delete_CkCert $cert
delete_CkJsonObject $jsonSignedAttrs
delete_CkBinData $bdSig
delete_CkBinData $bdZip
exit
}
puts "Success."
delete_CkJsonObject $manifest
delete_CkCrypt2 $crypt
delete_CkZip $zip
delete_CkBinData $pngData
delete_CkXmlCertVault $certVault
delete_CkCert $appleWwdrCert
delete_CkBinData $bdPfx
delete_CkCert $cert
delete_CkJsonObject $jsonSignedAttrs
delete_CkBinData $bdSig
delete_CkBinData $bdZip