(Tcl) SII XML Digital Signature

Example for SII XML Digital Signature.

Chilkat Tcl Extension Downloads Chilkat Tcl Extension Downloads

load ./chilkat.dll

set success 1

# Load the XML to be signed.
set xmlToSign [new_CkXml]

set success [CkXml_LoadXmlFile $xmlToSign "c:/aaworkarea/eduardo/sii_unsigned.xml"]
if {$success == 0} then {
    puts [CkXml_lastErrorText $xmlToSign]
    delete_CkXml $xmlToSign
    exit
}

# The sample XML to be signed looks like this:

# <?xml version="1.0" encoding="ISO-8859-1"?>
# <EnvioDTE xmlns="http://www.sii.cl/SiiDte" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.sii.cl/SiiDte EnvioDTE_v10.xsd" version="1.0">
# <SetDTE ID="SetDocF0T33_20240425_170512">
#  <Caratula version="1.0">
#   <RutEmisor>99999999-4</RutEmisor>
#   <RutEnvia>12345678-6</RutEnvia>
#   <RutReceptor>888888000-K</RutReceptor>
#   <FchResol>2014-08-22</FchResol>
#   <NroResol>80</NroResol>
#   <TmstFirmaEnv>2024-04-25T17:05:13</TmstFirmaEnv>
#   <SubTotDTE>
#    <TpoDTE>33</TpoDTE>
#    <NroDTE>1</NroDTE>
#   </SubTotDTE>
#  </Caratula>
# <DTE version="1.0">
# <Documento ID="F555T55">
# ...
# </Documento>
# </EnvioDTE>

set gen [new_CkXmlDSigGen]

CkXmlDSigGen_put_SigLocation $gen "EnvioDTE|SetDTE|DTE"
CkXmlDSigGen_put_SigLocationMod $gen 0
CkXmlDSigGen_put_SigNamespacePrefix $gen ""
CkXmlDSigGen_put_SigNamespaceUri $gen "http://www.w3.org/2000/09/xmldsig#"
CkXmlDSigGen_put_SignedInfoCanonAlg $gen "C14N"
CkXmlDSigGen_put_SignedInfoDigestMethod $gen "sha1"

# -------- Reference 1 --------
set xml1 [new_CkXml]

CkXml_put_Tag $xml1 "Transforms"
CkXml_UpdateAttrAt $xml1 "Transform" 1 "Algorithm" "http://www.w3.org/TR/2001/REC-xml-c14n-20010315"

CkXmlDSigGen_AddSameDocRef2 $gen "F511T33" "sha1" $xml1 ""

# Provide a certificate + private key. (PFX password is test123)
set cert [new_CkCert]

set success [CkCert_LoadPfxFile $cert "qa_data/pfx/cert_test123.pfx" "test123"]
if {$success != 1} then {
    puts [CkCert_lastErrorText $cert]
    delete_CkXml $xmlToSign
    delete_CkXmlDSigGen $gen
    delete_CkXml $xml1
    delete_CkCert $cert
    exit
}

CkXmlDSigGen_SetX509Cert $gen $cert 1

CkXmlDSigGen_put_KeyInfoType $gen "X509Data+KeyValue"
CkXmlDSigGen_put_X509Type $gen "Certificate"

# Load XML to be signed...
set sbXml [new_CkStringBuilder]

CkXml_GetXmlSb $xmlToSign $sbXml

CkXmlDSigGen_put_Behaviors $gen "IndentedSignature"

# Sign the XML...
set success [CkXmlDSigGen_CreateXmlDSigSb $gen $sbXml]
if {$success != 1} then {
    puts [CkXmlDSigGen_lastErrorText $gen]
    delete_CkXml $xmlToSign
    delete_CkXmlDSigGen $gen
    delete_CkXml $xml1
    delete_CkCert $cert
    delete_CkStringBuilder $sbXml
    exit
}

# -----------------------------------------------

# Save the signed XML to a file.
set success [CkStringBuilder_WriteFile $sbXml "c:/temp/qa_output/signedXml.xml" "utf-8" 0]

puts [CkStringBuilder_getAsString $sbXml]

# ----------------------------------------
# Verify the signatures we just produced...
set verifier [new_CkXmlDSig]

set success [CkXmlDSig_LoadSignatureSb $verifier $sbXml]
if {$success != 1} then {
    puts [CkXmlDSig_lastErrorText $verifier]
    delete_CkXml $xmlToSign
    delete_CkXmlDSigGen $gen
    delete_CkXml $xml1
    delete_CkCert $cert
    delete_CkStringBuilder $sbXml
    delete_CkXmlDSig $verifier
    exit
}

set numSigs [CkXmlDSig_get_NumSignatures $verifier]
set verifyIdx 0
while {$verifyIdx < $numSigs} {
    CkXmlDSig_put_Selector $verifier $verifyIdx
    set verified [CkXmlDSig_VerifySignature $verifier 1]
    if {$verified != 1} then {
        puts [CkXmlDSig_lastErrorText $verifier]
        delete_CkXml $xmlToSign
        delete_CkXmlDSigGen $gen
        delete_CkXml $xml1
        delete_CkCert $cert
        delete_CkStringBuilder $sbXml
        delete_CkXmlDSig $verifier
        exit
    }

    set verifyIdx [expr $verifyIdx + 1]
}
puts "All signatures were successfully verified."

delete_CkXml $xmlToSign
delete_CkXmlDSigGen $gen
delete_CkXml $xml1
delete_CkCert $cert
delete_CkStringBuilder $sbXml
delete_CkXmlDSig $verifier