Sample code for 30+ languages & platforms
Tcl

Add EncapsulatedTimestamp to Already-Signed XML

See more XML Digital Signatures Examples

Demonstrates how to add an EncapsulatedTimestamp to an existing XML signature.

Note: This example requires Chilkat v9.5.0.90 or greater.

Chilkat Tcl Downloads

Tcl

load ./chilkat.dll

set success 0

# This example requires the Chilkat API to have been previously unlocked.
# See Global Unlock Sample for sample code.

# Note: We cannot load the already-signed XML into a Chilkat XML object because it would re-format the XML when re-emitted.
# (i.e. indentation and whitespace could change, and it would invalidate the existing signature.)
# We must use a StringBuilder.
set sbXml [new_CkStringBuilder]

set success [CkStringBuilder_LoadFile $sbXml "qa_data/xml_dsig_valid_samples/encapsulatedTimestamp_not_yet_added.xml" "utf-8"]
if {$success == 0} then {
    puts "Failed to load the XML file."
    delete_CkStringBuilder $sbXml
    exit
}

set dsig [new_CkXmlDSig]

set success [CkXmlDSig_LoadSignatureSb $dsig $sbXml]
if {$success == 0} then {
    puts [CkXmlDSig_lastErrorText $dsig]
    delete_CkStringBuilder $sbXml
    delete_CkXmlDSig $dsig
    exit
}

if {[CkXmlDSig_HasEncapsulatedTimeStamp $dsig] == 1} then {
    puts "This signed XML already has an EncapsulatedTimeStamp"
    delete_CkStringBuilder $sbXml
    delete_CkXmlDSig $dsig
    exit
}

# Specify the timestamping authority URL
set json [new_CkJsonObject]

CkJsonObject_UpdateString $json "timestampToken.tsaUrl" "http://timestamp.digicert.com"
CkJsonObject_UpdateBool $json "timestampToken.requestTsaCert" 1

# Call AddEncapsulatedTimeStamp to add the EncapsulatedTimeStamp to the signature.
# Note: If the signed XML contains multiple signatures, the signature modified is the one 
# indicated by the dsig.Selector property.
set sbOut [new_CkStringBuilder]

set success [CkXmlDSig_AddEncapsulatedTimeStamp $dsig $json $sbOut]
if {$success == 0} then {
    puts [CkXmlDSig_lastErrorText $dsig]
    delete_CkStringBuilder $sbXml
    delete_CkXmlDSig $dsig
    delete_CkJsonObject $json
    delete_CkStringBuilder $sbOut
    exit
}

CkStringBuilder_WriteFile $sbOut "qa_output/addedEncapsulatedTimeStamp.xml" "utf-8" 0

# The EncapsulatedTimeStamp can be validated when validating the signature by adding the VerifyEncapsulatedTimeStamp
# keyword to UncommonOptions.  See here:

# ----------------------------------------
# Verify the signatures we just produced...
set verifier [new_CkXmlDSig]

set success [CkXmlDSig_LoadSignatureSb $verifier $sbOut]
if {$success != 1} then {
    puts [CkXmlDSig_lastErrorText $verifier]
    delete_CkStringBuilder $sbXml
    delete_CkXmlDSig $dsig
    delete_CkJsonObject $json
    delete_CkStringBuilder $sbOut
    delete_CkXmlDSig $verifier
    exit
}

# Add "VerifyEncapsulatedTimeStamp" to the UncommonOptions to also verify any EncapsulatedTimeStamps
CkXmlDSig_put_UncommonOptions $verifier "VerifyEncapsulatedTimeStamp"

set numSigs [CkXmlDSig_get_NumSignatures $verifier]
set verifyIdx 0
while {$verifyIdx < $numSigs} {
    CkXmlDSig_put_Selector $verifier $verifyIdx
    set verified [CkXmlDSig_VerifySignature $verifier 1]
    if {$verified != 1} then {
        puts [CkXmlDSig_lastErrorText $verifier]
        delete_CkStringBuilder $sbXml
        delete_CkXmlDSig $dsig
        delete_CkJsonObject $json
        delete_CkStringBuilder $sbOut
        delete_CkXmlDSig $verifier
        exit
    }

    set verifyIdx [expr $verifyIdx + 1]
}
puts "All signatures were successfully verified."

delete_CkStringBuilder $sbXml
delete_CkXmlDSig $dsig
delete_CkJsonObject $json
delete_CkStringBuilder $sbOut
delete_CkXmlDSig $verifier