Sample code for 30+ languages & platforms
Tcl

Sign Manifest File to Generate a Passbook .pkpass file

See more Digital Signatures Examples

Demonstrates how to create a Passbook .pkpass archive by creating a signature of a manifest file and then zipping to a .pkpass archive.

Note: Chilkat also has the capability to do everything in-memory (no files would be involved). If this is of interest, please send email to support@chilkatsoft.com

Chilkat Tcl Downloads

Tcl

load ./chilkat.dll

set success 0

# This requires the Chilkat API to have been previously unlocked.
# See Global Unlock Sample for sample code.

# ---------------------------------------------------------------------------------------------
# Note: Chilkat also has the capability to do everything in-memory (no files would be involved).  
# See this example:  Sign Manifest File to Generate a Passbook .pkpass in Memory
# ---------------------------------------------------------------------------------------------

# First create the manifest.json

set manifest [new_CkJsonObject]

set crypt [new_CkCrypt2]

set zip [new_CkZip]

CkZip_NewZip $zip "qa_data/p7s/pass-wallet/example.pkpass"
# Set the AppendFromDir property to prevent that relative paths from being stored in the .pkpass archive.
CkZip_put_AppendFromDir $zip "qa_data/p7s/pass-wallet/"

CkCrypt2_put_HashAlgorithm $crypt "sha1"
# Return hashes as lowercase hex.
CkCrypt2_put_EncodingMode $crypt "hexlower"

set filePath "qa_data/p7s/pass-wallet/icon.png"
set fileHash [CkCrypt2_hashFileENC $crypt $filePath]
CkZip_AddFile $zip "icon.png" 0
CkJsonObject_UpdateString $manifest "\"icon.png\"" $fileHash

set filePath "qa_data/p7s/pass-wallet/icon@2x.png"
set fileHash [CkCrypt2_hashFileENC $crypt $filePath]
CkZip_AddFile $zip "icon@2x.png" 0
CkJsonObject_UpdateString $manifest "\"icon@2x.png\"" $fileHash

set filePath "qa_data/p7s/pass-wallet/logo.png"
set fileHash [CkCrypt2_hashFileENC $crypt $filePath]
CkZip_AddFile $zip "logo.png" 0
CkJsonObject_UpdateString $manifest "\"logo.png\"" $fileHash

set filePath "qa_data/p7s/pass-wallet/logo@2x.png"
set fileHash [CkCrypt2_hashFileENC $crypt $filePath]
CkZip_AddFile $zip "logo@2x.png" 0
CkJsonObject_UpdateString $manifest "\"logo@2x.png\"" $fileHash

set filePath "qa_data/p7s/pass-wallet/pass.json"
set fileHash [CkCrypt2_hashFileENC $crypt $filePath]
CkZip_AddFile $zip "pass.json" 0
CkJsonObject_UpdateString $manifest "\"pass.json\"" $fileHash

set sbJson [new_CkStringBuilder]

CkJsonObject_EmitSb $manifest $sbJson
set manifestPath "qa_data/p7s/pass-wallet/manifest.json"
CkStringBuilder_WriteFile $sbJson $manifestPath "utf-8" 0
CkZip_AddFile $zip "manifest.json" 0

# Make sure we have the Apple WWDR intermediate certificate available for 
# the cert chain in the signature.
set certVault [new_CkXmlCertVault]

set appleWwdrCert [new_CkCert]

set success [CkCert_LoadByCommonName $appleWwdrCert "Apple Worldwide Developer Relations Certification Authority"]
if {$success != 1} then {
    puts "The Apple WWDR intermediate certificate is not installed."
    puts "It is available at https://developer.apple.com/certificationauthority/AppleWWDRCA.cer"
    puts "You may alternatively load the .cer like this..."
    set success [CkCert_LoadFromFile $appleWwdrCert "qa_data/certs/AppleWWDRCA.cer"]
    if {$success == 0} then {
        puts [CkCert_lastErrorText $appleWwdrCert]
        delete_CkJsonObject $manifest
        delete_CkCrypt2 $crypt
        delete_CkZip $zip
        delete_CkStringBuilder $sbJson
        delete_CkXmlCertVault $certVault
        delete_CkCert $appleWwdrCert
        exit
    }

}

CkXmlCertVault_AddCert $certVault $appleWwdrCert
CkCrypt2_UseCertVault $crypt $certVault

# Use a digital certificate and private key from a PFX file (.pfx or .p12).
set pfxPath "qa_data/pfx/cert_test123.pfx"
set pfxPassword "test123"

set cert [new_CkCert]

set success [CkCert_LoadPfxFile $cert $pfxPath $pfxPassword]
if {$success == 0} then {
    puts [CkCert_lastErrorText $cert]
    delete_CkJsonObject $manifest
    delete_CkCrypt2 $crypt
    delete_CkZip $zip
    delete_CkStringBuilder $sbJson
    delete_CkXmlCertVault $certVault
    delete_CkCert $appleWwdrCert
    delete_CkCert $cert
    exit
}

# Provide the signing cert (with associated private key).
set success [CkCrypt2_SetSigningCert $crypt $cert]
if {$success == 0} then {
    puts [CkCrypt2_lastErrorText $crypt]
    delete_CkJsonObject $manifest
    delete_CkCrypt2 $crypt
    delete_CkZip $zip
    delete_CkStringBuilder $sbJson
    delete_CkXmlCertVault $certVault
    delete_CkCert $appleWwdrCert
    delete_CkCert $cert
    exit
}

# Specify the signed attributes to be included.
# (These attributes appear to not be necessary, but we're including
# them just in case they become necessary in the future.)
set jsonSignedAttrs [new_CkJsonObject]

CkJsonObject_UpdateInt $jsonSignedAttrs "contentType" 1
CkJsonObject_UpdateInt $jsonSignedAttrs "signingTime" 1
CkCrypt2_put_SigningAttributes $crypt [CkJsonObject_emit $jsonSignedAttrs]

# Sign the manifest JSON file to produce a file named "signature".
set sigPath "qa_data/p7s/pass-wallet/signature"

# Create the "signature" file.
set success [CkCrypt2_CreateP7S $crypt $manifestPath $sigPath]
if {$success == 0} then {
    puts [CkCrypt2_lastErrorText $crypt]
    delete_CkJsonObject $manifest
    delete_CkCrypt2 $crypt
    delete_CkZip $zip
    delete_CkStringBuilder $sbJson
    delete_CkXmlCertVault $certVault
    delete_CkCert $appleWwdrCert
    delete_CkCert $cert
    delete_CkJsonObject $jsonSignedAttrs
    exit
}

CkZip_AddFile $zip "signature" 0

# ---------------------------------------------------------------------------------------------
# Note: Chilkat also has the capability to do everything in-memory (no files would be involved).  
# If this is of interest, please send email to support@chilkatsoft.com
# ---------------------------------------------------------------------------------------------

# Create the .pkipass archive (which is a .zip archive containing the required files).
set success [CkZip_WriteZipAndClose $zip]
if {$success == 0} then {
    puts [CkZip_lastErrorText $zip]
    delete_CkJsonObject $manifest
    delete_CkCrypt2 $crypt
    delete_CkZip $zip
    delete_CkStringBuilder $sbJson
    delete_CkXmlCertVault $certVault
    delete_CkCert $appleWwdrCert
    delete_CkCert $cert
    delete_CkJsonObject $jsonSignedAttrs
    exit
}

puts "Success."

delete_CkJsonObject $manifest
delete_CkCrypt2 $crypt
delete_CkZip $zip
delete_CkStringBuilder $sbJson
delete_CkXmlCertVault $certVault
delete_CkCert $appleWwdrCert
delete_CkCert $cert
delete_CkJsonObject $jsonSignedAttrs