Tcl
Tcl
Add EncapsulatedTimestamp to Already-Signed XML
See more XML Digital Signatures Examples
Demonstrates how to add an EncapsulatedTimestamp to an existing XML signature.Note: This example requires Chilkat v9.5.0.90 or greater.
Chilkat Tcl Downloads
load ./chilkat.dll
set success 0
# This example requires the Chilkat API to have been previously unlocked.
# See Global Unlock Sample for sample code.
# Note: We cannot load the already-signed XML into a Chilkat XML object because it would re-format the XML when re-emitted.
# (i.e. indentation and whitespace could change, and it would invalidate the existing signature.)
# We must use a StringBuilder.
set sbXml [new_CkStringBuilder]
set success [CkStringBuilder_LoadFile $sbXml "qa_data/xml_dsig_valid_samples/encapsulatedTimestamp_not_yet_added.xml" "utf-8"]
if {$success == 0} then {
puts "Failed to load the XML file."
delete_CkStringBuilder $sbXml
exit
}
set dsig [new_CkXmlDSig]
set success [CkXmlDSig_LoadSignatureSb $dsig $sbXml]
if {$success == 0} then {
puts [CkXmlDSig_lastErrorText $dsig]
delete_CkStringBuilder $sbXml
delete_CkXmlDSig $dsig
exit
}
if {[CkXmlDSig_HasEncapsulatedTimeStamp $dsig] == 1} then {
puts "This signed XML already has an EncapsulatedTimeStamp"
delete_CkStringBuilder $sbXml
delete_CkXmlDSig $dsig
exit
}
# Specify the timestamping authority URL
set json [new_CkJsonObject]
CkJsonObject_UpdateString $json "timestampToken.tsaUrl" "http://timestamp.digicert.com"
CkJsonObject_UpdateBool $json "timestampToken.requestTsaCert" 1
# Call AddEncapsulatedTimeStamp to add the EncapsulatedTimeStamp to the signature.
# Note: If the signed XML contains multiple signatures, the signature modified is the one
# indicated by the dsig.Selector property.
set sbOut [new_CkStringBuilder]
set success [CkXmlDSig_AddEncapsulatedTimeStamp $dsig $json $sbOut]
if {$success == 0} then {
puts [CkXmlDSig_lastErrorText $dsig]
delete_CkStringBuilder $sbXml
delete_CkXmlDSig $dsig
delete_CkJsonObject $json
delete_CkStringBuilder $sbOut
exit
}
CkStringBuilder_WriteFile $sbOut "qa_output/addedEncapsulatedTimeStamp.xml" "utf-8" 0
# The EncapsulatedTimeStamp can be validated when validating the signature by adding the VerifyEncapsulatedTimeStamp
# keyword to UncommonOptions. See here:
# ----------------------------------------
# Verify the signatures we just produced...
set verifier [new_CkXmlDSig]
set success [CkXmlDSig_LoadSignatureSb $verifier $sbOut]
if {$success != 1} then {
puts [CkXmlDSig_lastErrorText $verifier]
delete_CkStringBuilder $sbXml
delete_CkXmlDSig $dsig
delete_CkJsonObject $json
delete_CkStringBuilder $sbOut
delete_CkXmlDSig $verifier
exit
}
# Add "VerifyEncapsulatedTimeStamp" to the UncommonOptions to also verify any EncapsulatedTimeStamps
CkXmlDSig_put_UncommonOptions $verifier "VerifyEncapsulatedTimeStamp"
set numSigs [CkXmlDSig_get_NumSignatures $verifier]
set verifyIdx 0
while {$verifyIdx < $numSigs} {
CkXmlDSig_put_Selector $verifier $verifyIdx
set verified [CkXmlDSig_VerifySignature $verifier 1]
if {$verified != 1} then {
puts [CkXmlDSig_lastErrorText $verifier]
delete_CkStringBuilder $sbXml
delete_CkXmlDSig $dsig
delete_CkJsonObject $json
delete_CkStringBuilder $sbOut
delete_CkXmlDSig $verifier
exit
}
set verifyIdx [expr $verifyIdx + 1]
}
puts "All signatures were successfully verified."
delete_CkStringBuilder $sbXml
delete_CkXmlDSig $dsig
delete_CkJsonObject $json
delete_CkStringBuilder $sbOut
delete_CkXmlDSig $verifier