Tcl
Tcl
Sign Mexico Pedimento
See more Misc Examples
Add a signature to a Mexico pedimento file.Chilkat Tcl Downloads
load ./chilkat.dll
set success 0
# This example requires the Chilkat API to have been previously unlocked.
# See Global Unlock Sample for sample code.
# This is the contents before signing:
# 500|1|3621|4199800|400||
# 601|3621|4199800|400|IN|1||EKU9003173C9|EKU9003173C9FRNN09|1||
# 507|4199800|IM|2006-7888">
# 507|4199800|MS|2">
# 800|4199800|1">
# 801|M3621037.222|1|5|011|
# This is the contents after signing
# 500|1|3621|4199800|400||
# 601|3621|4199800|400|IN|1||EKU9003173C9|EKU9003173C9FRNN09|1||
# 507|4199800|IM|2006-7888">
# 507|4199800|MS|2">
# 800|4199800|1|fhP2Ker54D2+3+UZch23F0E72 .... 9qNSPIuAqpj524qLZbbA==|30001000000500003416|
# 801|M3621037.222|1|5|011|
# First create the text to be signed.
set bCRLF 1
set sb [new_CkStringBuilder]
# Use CRLF line endings.
CkStringBuilder_AppendLine $sb "500|1|3621|4199800|400||" $bCRLF
CkStringBuilder_AppendLine $sb "601|3621|4199800|400|IN|1||EKU9003173C9|EKU9003173C9FRNN09|1||" $bCRLF
CkStringBuilder_AppendLine $sb "507|4199800|IM|2006-7888">" $bCRLF
CkStringBuilder_AppendLine $sb "507|4199800|MS|2">" $bCRLF
# Generate the MD5 hash of what we have so far..
set md5_base64 [CkStringBuilder_getHash $sb "md5" "base64" "utf-8"]
puts "MD5 hash = $md5_base64"
# Complete the original file.
# After signing, we'll update the BASE64_SIGNATURE and CERT_SERIAL
CkStringBuilder_AppendLine $sb "800|4199800|1|BASE64_SIGNATURE|CERT_SERIAL|" $bCRLF
CkStringBuilder_AppendLine $sb "801|M3621037.222|1|5|011|" $bCRLF
# We're going to sign the MD5 hash using the private key.
set privKey [new_CkPrivateKey]
set success [CkPrivateKey_LoadAnyFormatFile $privKey "qa_data/certs/mexico_test/Certificados_de_Prueba/Certificados_Pruebas/Personas Morales/EKU9003173C9_20230517223532/CSD_EKU9003173C9_20230517223903/CSD_Sucursal_1_EKU9003173C9_20230517_223850.key" "12345678a"]
if {$success == 0} then {
puts [CkPrivateKey_lastErrorText $privKey]
delete_CkStringBuilder $sb
delete_CkPrivateKey $privKey
exit
}
# Generate the ASN.1 to be signed.
# <sequence>
# <sequence>
# <oid>1.2.840.113549.2.5</oid>
# <null/>
# </sequence>
# <octets>SwxHfaJhG+N3pPqay6UzVA==</octets>
# </sequence>
set xml [new_CkXml]
CkXml_put_Tag $xml "sequence"
CkXml_UpdateChildContent $xml "sequence|oid" "1.2.840.113549.2.5"
CkXml_UpdateChildContent $xml "sequence|null" ""
CkXml_UpdateChildContent $xml "octets" $md5_base64
set asn [new_CkAsn]
CkAsn_LoadAsnXml $asn [CkXml_getXml $xml]
puts "ASN.1 = [CkAsn_getEncodedDer $asn base64]"
# Sign with the private key.
set rsa [new_CkRsa]
set success [CkRsa_UsePrivateKey $rsa $privKey]
if {$success == 0} then {
puts [CkRsa_lastErrorText $rsa]
delete_CkStringBuilder $sb
delete_CkPrivateKey $privKey
delete_CkXml $xml
delete_CkAsn $asn
delete_CkRsa $rsa
exit
}
# Create the opaque signature.
set bdSig [new_CkBinData]
CkBinData_AppendEncoded $bdSig [CkAsn_getEncodedDer $asn "base64"] "base64"
set success [CkRsa_SignRawBd $rsa $bdSig]
if {$success == 0} then {
puts [CkRsa_lastErrorText $rsa]
delete_CkStringBuilder $sb
delete_CkPrivateKey $privKey
delete_CkXml $xml
delete_CkAsn $asn
delete_CkRsa $rsa
delete_CkBinData $bdSig
exit
}
# bd now contains the opaque signature, which embeds the ASN.1, which contains the MD5 hash.
# We're going to add this line:
# 800|4199800|1|BASE64_SIGNATURE|CERT_SERIAL_NUM|
set cert [new_CkCert]
set success [CkCert_LoadFromFile $cert "qa_data/certs/mexico_test/Certificados_de_Prueba/Certificados_Pruebas/Personas Morales/EKU9003173C9_20230517223532/CSD_EKU9003173C9_20230517223903/CSD_Sucursal_1_EKU9003173C9_20230517_223850.cer"]
if {$success == 0} then {
puts [CkCert_lastErrorText $cert]
delete_CkStringBuilder $sb
delete_CkPrivateKey $privKey
delete_CkXml $xml
delete_CkAsn $asn
delete_CkRsa $rsa
delete_CkBinData $bdSig
delete_CkCert $cert
exit
}
set serialHex [CkCert_serialNumber $cert]
# The serial in hex form looks like this: 3330303031303030303030353030303033343136
# Decode to us-ascii.
set sbSerial [new_CkStringBuilder]
CkStringBuilder_DecodeAndAppend $sbSerial $serialHex "hex" "us-ascii"
puts "serial number in us-ascii: [CkStringBuilder_getAsString $sbSerial]"
set numReplaced [CkStringBuilder_Replace $sb "CERT_SERIAL" [CkStringBuilder_getAsString $sbSerial]]
set numReplaced [CkStringBuilder_Replace $sb "BASE64_SIGNATURE" [CkBinData_getEncoded $bdSig "base64"]]
puts "------------------------------------"
puts "Result:"
puts [CkStringBuilder_getAsString $sb]
delete_CkStringBuilder $sb
delete_CkPrivateKey $privKey
delete_CkXml $xml
delete_CkAsn $asn
delete_CkRsa $rsa
delete_CkBinData $bdSig
delete_CkCert $cert
delete_CkStringBuilder $sbSerial