|
Chilkat • HOME • .NET Core C# • Android™ • AutoIt • C • C# • C++ • Chilkat2-Python • CkPython • Classic ASP • DataFlex • Delphi ActiveX • Delphi DLL • Go • Java • Lianja • Mono C# • Node.js • Objective-C • PHP ActiveX • PHP Extension • Perl • PowerBuilder • PowerShell • PureBasic • Ruby • SQL Server • Swift 2 • Swift 3,4,5... • Tcl • Unicode C • Unicode C++ • VB.NET • VBScript • Visual Basic 6.0 • Visual FoxPro • Xojo Plugin
(Tcl) Sign XML for Zakat, Tax and Customs Authority (ZATCA)See more ZATCA ExamplesDemonstrates how to sign XML for Zakat, Tax and Customs Authority (ZATCA).
load ./chilkat.dll # This example requires the Chilkat API to have been previously unlocked. # See Global Unlock Sample for sample code. set success 1 # Load XML to be signed... set sbXml [new_CkStringBuilder] set success [CkStringBuilder_LoadFile $sbXml "qa_data/xml_dsig_valid_samples/UBL_Saudi_ZATCA_Zakat_Tax_and_Customs_Authority_toBeSigned.xml" "utf-8"] if {$success == 0} then { puts "Failed to load XML file to be signed." delete_CkStringBuilder $sbXml exit } # Loads XML containing the following (with data modified from the original sample). # <?xml version="1.0" encoding="UTF-8"?> # <Invoice xmlns="urn:oasis:names:specification:ubl:schema:xsd:Invoice-2" xmlns:cac="urn:oasis:names:specification:ubl:schema:xsd:CommonAggregateComponents-2" xmlns:cbc="urn:oasis:names:specification:ubl:schema:xsd:CommonBasicComponents-2" xmlns:ext="urn:oasis:names:specification:ubl:schema:xsd:CommonExtensionComponents-2"><ext:UBLExtensions> # <ext:UBLExtension> # <ext:ExtensionURI>urn:oasis:names:specification:ubl:dsig:enveloped:xades</ext:ExtensionURI> # <ext:ExtensionContent> # <sig:UBLDocumentSignatures xmlns:sig="urn:oasis:names:specification:ubl:schema:xsd:CommonSignatureComponents-2" xmlns:sac="urn:oasis:names:specification:ubl:schema:xsd:SignatureAggregateComponents-2" xmlns:sbc="urn:oasis:names:specification:ubl:schema:xsd:SignatureBasicComponents-2"> # <sac:SignatureInformation> # <cbc:ID>urn:oasis:names:specification:ubl:signature:1</cbc:ID> # <sbc:ReferencedSignatureID>urn:oasis:names:specification:ubl:signature:Invoice</sbc:ReferencedSignatureID> # # </sac:SignatureInformation> # </sig:UBLDocumentSignatures> # </ext:ExtensionContent> # </ext:UBLExtension> # </ext:UBLExtensions> # # <cbc:ProfileID>reporting:1.0</cbc:ProfileID> # <cbc:ID>100</cbc:ID> # <cbc:UUID>3cf5ee18-ee25-44ea-a444-2c37ba7f28be</cbc:UUID> # <cbc:IssueDate>2021-04-25</cbc:IssueDate> # <cbc:IssueTime>15:30:00</cbc:IssueTime> # <cbc:InvoiceTypeCode name="0100000">388</cbc:InvoiceTypeCode> # <cbc:DocumentCurrencyCode>SAR</cbc:DocumentCurrencyCode> # <cbc:TaxCurrencyCode>SAR</cbc:TaxCurrencyCode> # <cbc:LineCountNumeric>2</cbc:LineCountNumeric> # <cac:AdditionalDocumentReference> # <cbc:ID>ICV</cbc:ID> # <cbc:UUID>46531</cbc:UUID> # </cac:AdditionalDocumentReference> # <cac:AdditionalDocumentReference> # <cbc:ID>PIH</cbc:ID> # <cac:Attachment> # <cbc:EmbeddedDocumentBinaryObject mimeCode="text/plain">NWZl......NTdlOQ==</cbc:EmbeddedDocumentBinaryObject> # </cac:Attachment> # </cac:AdditionalDocumentReference> # # # <cac:AdditionalDocumentReference> # <cbc:ID>QR</cbc:ID> # <cac:Attachment> # <cbc:EmbeddedDocumentBinaryObject mimeCode="text/plain">ARlBbC........FAau5g</cbc:EmbeddedDocumentBinaryObject> # </cac:Attachment> # </cac:AdditionalDocumentReference><cac:Signature> # <cbc:ID>urn:oasis:names:specification:ubl:signature:Invoice</cbc:ID> # <cbc:SignatureMethod>urn:oasis:names:specification:ubl:dsig:enveloped:xades</cbc:SignatureMethod> # </cac:Signature><cac:AccountingSupplierParty> # <cac:Party> # <cac:PartyIdentification> # <cbc:ID schemeID="MLS">123457890</cbc:ID> # </cac:PartyIdentification> # <cac:PostalAddress> # <cbc:StreetName>King Abdulaziz Road</cbc:StreetName> # <cbc:BuildingNumber>9999</cbc:BuildingNumber> # <cbc:PlotIdentification>9999</cbc:PlotIdentification> # <cbc:CitySubdivisionName>Al Amal</cbc:CitySubdivisionName> # <cbc:CityName>Riyadh</cbc:CityName> # <cbc:PostalZone>12643</cbc:PostalZone> # <cbc:CountrySubentity>Riyadh Region</cbc:CountrySubentity> # <cac:Country> # <cbc:IdentificationCode>SA</cbc:IdentificationCode> # </cac:Country> # </cac:PostalAddress> # <cac:PartyTaxScheme> # <cbc:CompanyID>300099999900003</cbc:CompanyID> # <cac:TaxScheme> # <cbc:ID>VAT</cbc:ID> # </cac:TaxScheme> # </cac:PartyTaxScheme> # <cac:PartyLegalEntity> # <cbc:RegistrationName>Example Co. LTD</cbc:RegistrationName> # </cac:PartyLegalEntity> # </cac:Party> # </cac:AccountingSupplierParty> # <cac:AccountingCustomerParty> # <cac:Party> # <cac:PartyIdentification> # <cbc:ID schemeID="SAG">123C12345678</cbc:ID> # </cac:PartyIdentification> # <cac:PostalAddress> # <cbc:StreetName>King Abdullah Road</cbc:StreetName> # <cbc:BuildingNumber>9999</cbc:BuildingNumber> # <cbc:PlotIdentification>9999</cbc:PlotIdentification> # <cbc:CitySubdivisionName>Al Mursalat</cbc:CitySubdivisionName> # <cbc:CityName>Riyadh</cbc:CityName> # <cbc:PostalZone>11564</cbc:PostalZone> # <cbc:CountrySubentity>Riyadh Region</cbc:CountrySubentity> # <cac:Country> # <cbc:IdentificationCode>SA</cbc:IdentificationCode> # </cac:Country> # </cac:PostalAddress> # <cac:PartyTaxScheme> # <cac:TaxScheme> # <cbc:ID>VAT</cbc:ID> # </cac:TaxScheme> # </cac:PartyTaxScheme> # <cac:PartyLegalEntity> # <cbc:RegistrationName>EXAMPLE MARKETS</cbc:RegistrationName> # </cac:PartyLegalEntity> # </cac:Party> # </cac:AccountingCustomerParty> # <cac:Delivery> # <cbc:ActualDeliveryDate>2022-04-25</cbc:ActualDeliveryDate> # </cac:Delivery> # <cac:PaymentMeans> # <cbc:PaymentMeansCode>42</cbc:PaymentMeansCode> # </cac:PaymentMeans> # <cac:TaxTotal> # <cbc:TaxAmount currencyID="SAR">135.00</cbc:TaxAmount> # <cac:TaxSubtotal> # <cbc:TaxableAmount currencyID="SAR">900.00</cbc:TaxableAmount> # <cbc:TaxAmount currencyID="SAR">135.00</cbc:TaxAmount> # <cac:TaxCategory> # <cbc:ID>S</cbc:ID> # <cbc:Percent>15</cbc:Percent> # <cac:TaxScheme> # <cbc:ID>VAT</cbc:ID> # </cac:TaxScheme> # </cac:TaxCategory> # </cac:TaxSubtotal> # </cac:TaxTotal> # <cac:TaxTotal> # <cbc:TaxAmount currencyID="SAR">135.00</cbc:TaxAmount> # </cac:TaxTotal> # <cac:LegalMonetaryTotal> # <cbc:LineExtensionAmount currencyID="SAR">900.00</cbc:LineExtensionAmount> # <cbc:TaxExclusiveAmount currencyID="SAR">900.00</cbc:TaxExclusiveAmount> # <cbc:TaxInclusiveAmount currencyID="SAR">1035.00</cbc:TaxInclusiveAmount> # <cbc:AllowanceTotalAmount currencyID="SAR">0.00</cbc:AllowanceTotalAmount> # <cbc:PayableAmount currencyID="SAR">1035.00</cbc:PayableAmount> # </cac:LegalMonetaryTotal> # <cac:InvoiceLine> # <cbc:ID>1</cbc:ID> # <cbc:InvoicedQuantity unitCode="PCE">1</cbc:InvoicedQuantity> # <cbc:LineExtensionAmount currencyID="SAR">200.00</cbc:LineExtensionAmount> # <cac:TaxTotal> # <cbc:TaxAmount currencyID="SAR">30.00</cbc:TaxAmount> # <cbc:RoundingAmount currencyID="SAR">230.00</cbc:RoundingAmount> # </cac:TaxTotal> # <cac:Item> # <cbc:Name>Item A</cbc:Name> # <cac:ClassifiedTaxCategory> # <cbc:ID>S</cbc:ID> # <cbc:Percent>15</cbc:Percent> # <cac:TaxScheme> # <cbc:ID>VAT</cbc:ID> # </cac:TaxScheme> # </cac:ClassifiedTaxCategory> # </cac:Item> # <cac:Price> # <cbc:PriceAmount currencyID="SAR">200.00</cbc:PriceAmount> # </cac:Price> # </cac:InvoiceLine> # <cac:InvoiceLine> # <cbc:ID>2</cbc:ID> # <cbc:InvoicedQuantity unitCode="PCE">2</cbc:InvoicedQuantity> # <cbc:LineExtensionAmount currencyID="SAR">700.00</cbc:LineExtensionAmount> # <cac:TaxTotal> # <cbc:TaxAmount currencyID="SAR">105.00</cbc:TaxAmount> # <cbc:RoundingAmount currencyID="SAR">805.00</cbc:RoundingAmount> # </cac:TaxTotal> # <cac:Item> # <cbc:Name>Item B</cbc:Name> # <cac:ClassifiedTaxCategory> # <cbc:ID>S</cbc:ID> # <cbc:Percent>15</cbc:Percent> # <cac:TaxScheme> # <cbc:ID>VAT</cbc:ID> # </cac:TaxScheme> # </cac:ClassifiedTaxCategory> # </cac:Item> # <cac:Price> # <cbc:PriceAmount currencyID="SAR">350.00</cbc:PriceAmount> # </cac:Price> # </cac:InvoiceLine> # </Invoice> set gen [new_CkXmlDSigGen] CkXmlDSigGen_put_SigLocation $gen "Invoice|ext:UBLExtensions|ext:UBLExtension|ext:ExtensionContent|sig:UBLDocumentSignatures|sac:SignatureInformation" CkXmlDSigGen_put_SigLocationMod $gen 0 CkXmlDSigGen_put_SigId $gen "signature" CkXmlDSigGen_put_SigNamespacePrefix $gen "ds" CkXmlDSigGen_put_SigNamespaceUri $gen "http://www.w3.org/2000/09/xmldsig#" CkXmlDSigGen_put_SignedInfoCanonAlg $gen "C14N_11" CkXmlDSigGen_put_SignedInfoDigestMethod $gen "sha256" # Create an Object to be added to the Signature. set object1 [new_CkXml] CkXml_put_Tag $object1 "xades:QualifyingProperties" CkXml_AddAttribute $object1 "xmlns:xades" "http://uri.etsi.org/01903/v1.3.2#" CkXml_AddAttribute $object1 "Target" "signature" CkXml_UpdateAttrAt $object1 "xades:SignedProperties" 1 "Id" "xadesSignedProperties" CkXml_UpdateChildContent $object1 "xades:SignedProperties|xades:SignedSignatureProperties|xades:SigningTime" "TO BE GENERATED BY CHILKAT" CkXml_UpdateAttrAt $object1 "xades:SignedProperties|xades:SignedSignatureProperties|xades:SigningCertificate|xades:Cert|xades:CertDigest|ds:DigestMethod" 1 "Algorithm" "http://www.w3.org/2001/04/xmlenc#sha256" CkXml_UpdateChildContent $object1 "xades:SignedProperties|xades:SignedSignatureProperties|xades:SigningCertificate|xades:Cert|xades:CertDigest|ds:DigestValue" "TO BE GENERATED BY CHILKAT" CkXml_UpdateChildContent $object1 "xades:SignedProperties|xades:SignedSignatureProperties|xades:SigningCertificate|xades:Cert|xades:IssuerSerial|ds:X509IssuerName" "TO BE GENERATED BY CHILKAT" CkXml_UpdateChildContent $object1 "xades:SignedProperties|xades:SignedSignatureProperties|xades:SigningCertificate|xades:Cert|xades:IssuerSerial|ds:X509SerialNumber" "TO BE GENERATED BY CHILKAT" CkXmlDSigGen_AddObject $gen "" [CkXml_getXml $object1] "" "" # -------- Reference 1 -------- set xml1 [new_CkXml] CkXml_put_Tag $xml1 "ds:Transforms" CkXml_UpdateAttrAt $xml1 "ds:Transform" 1 "Algorithm" "http://www.w3.org/TR/1999/REC-xpath-19991116" CkXml_UpdateChildContent $xml1 "ds:Transform|ds:XPath" "not(//ancestor-or-self::ext:UBLExtensions)" CkXml_UpdateAttrAt $xml1 "ds:Transform[1]" 1 "Algorithm" "http://www.w3.org/TR/1999/REC-xpath-19991116" CkXml_UpdateChildContent $xml1 "ds:Transform[1]|ds:XPath" "not(//ancestor-or-self::cac:Signature)" CkXml_UpdateAttrAt $xml1 "ds:Transform[2]" 1 "Algorithm" "http://www.w3.org/TR/1999/REC-xpath-19991116" CkXml_UpdateChildContent $xml1 "ds:Transform[2]|ds:XPath" "not(//ancestor-or-self::cac:AdditionalDocumentReference[cbc:ID='QR'])" CkXml_UpdateAttrAt $xml1 "ds:Transform[3]" 1 "Algorithm" "http://www.w3.org/2006/12/xml-c14n11" CkXmlDSigGen_AddSameDocRef2 $gen "" "sha256" $xml1 "" CkXmlDSigGen_SetRefIdAttr $gen "" "invoiceSignedData" # -------- Reference 2 -------- CkXmlDSigGen_AddObjectRef $gen "xadesSignedProperties" "sha256" "" "" "http://www.w3.org/2000/09/xmldsig#SignatureProperties" # Provide a certificate + private key. (PFX password is test123) set certFromPfx [new_CkCert] set success [CkCert_LoadPfxFile $certFromPfx "qa_data/pfx/cert_test123.pfx" "test123"] if {$success != 1} then { puts [CkCert_lastErrorText $certFromPfx] delete_CkStringBuilder $sbXml delete_CkXmlDSigGen $gen delete_CkXml $object1 delete_CkXml $xml1 delete_CkCert $certFromPfx exit } # Alternatively, if your certificate and private key are in separate PEM files, do this: set cert [new_CkCert] set success [CkCert_LoadFromFile $cert "qa_data/zatca/cert.pem"] if {$success != 1} then { puts [CkCert_lastErrorText $cert] delete_CkStringBuilder $sbXml delete_CkXmlDSigGen $gen delete_CkXml $object1 delete_CkXml $xml1 delete_CkCert $certFromPfx delete_CkCert $cert exit } puts [CkCert_subjectCN $cert] # Load the private key. set privKey [new_CkPrivateKey] set success [CkPrivateKey_LoadPemFile $privKey "qa_data/zatca/ec-secp256k1-priv-key.pem"] if {$success != 1} then { puts [CkPrivateKey_lastErrorText $privKey] delete_CkStringBuilder $sbXml delete_CkXmlDSigGen $gen delete_CkXml $object1 delete_CkXml $xml1 delete_CkCert $certFromPfx delete_CkCert $cert delete_CkPrivateKey $privKey exit } puts "Key Type: [CkPrivateKey_keyType $privKey]" # Associate the private key with the certificate. set success [CkCert_SetPrivateKey $cert $privKey] if {$success != 1} then { puts [CkCert_lastErrorText $cert] delete_CkStringBuilder $sbXml delete_CkXmlDSigGen $gen delete_CkXml $object1 delete_CkXml $xml1 delete_CkCert $certFromPfx delete_CkCert $cert delete_CkPrivateKey $privKey exit } # The certificate passed to SetX509Cert must have an associated private key. # If the cert was loaded from a PFX, then it should automatically has an associated private key. # If the cert was loaded from PEM, then the private key was explicitly associated as shown above. set success [CkXmlDSigGen_SetX509Cert $gen $cert 1] if {$success != 1} then { puts [CkXmlDSigGen_lastErrorText $gen] delete_CkStringBuilder $sbXml delete_CkXmlDSigGen $gen delete_CkXml $object1 delete_CkXml $xml1 delete_CkCert $certFromPfx delete_CkCert $cert delete_CkPrivateKey $privKey exit } CkXmlDSigGen_put_KeyInfoType $gen "X509Data" CkXmlDSigGen_put_X509Type $gen "Certificate" # ---------------- This is important ----------------------------------------- # Starting in Chilkat v9.5.0.92, add the "ZATCA" behavior to produce the format required by ZATCA. CkXmlDSigGen_put_Behaviors $gen "IndentedSignature,TransformSignatureXPath,ZATCA" # ---------------------------------------------------------------------------- # Sign the XML... set success [CkXmlDSigGen_CreateXmlDSigSb $gen $sbXml] if {$success != 1} then { puts [CkXmlDSigGen_lastErrorText $gen] delete_CkStringBuilder $sbXml delete_CkXmlDSigGen $gen delete_CkXml $object1 delete_CkXml $xml1 delete_CkCert $certFromPfx delete_CkCert $cert delete_CkPrivateKey $privKey exit } # ----------------------------------------------- # Save the signed XML to a file. set success [CkStringBuilder_WriteFile $sbXml "qa_output/signedXml.xml" "utf-8" 0] puts [CkStringBuilder_getAsString $sbXml] # ---------------------------------------- # Verify the signatures we just produced... set verifier [new_CkXmlDSig] set success [CkXmlDSig_LoadSignatureSb $verifier $sbXml] if {$success != 1} then { puts [CkXmlDSig_lastErrorText $verifier] delete_CkStringBuilder $sbXml delete_CkXmlDSigGen $gen delete_CkXml $object1 delete_CkXml $xml1 delete_CkCert $certFromPfx delete_CkCert $cert delete_CkPrivateKey $privKey delete_CkXmlDSig $verifier exit } # ---------------- This is important ----------------------------------------- # Starting in Chilkat v9.5.0.92, specify "ZATCA" in uncommon options # to validate signed XML according to ZATCA needs. # ---------------------------------------------------------------------------- CkXmlDSig_put_UncommonOptions $verifier "ZATCA" set numSigs [CkXmlDSig_get_NumSignatures $verifier] set verifyIdx 0 while {$verifyIdx < $numSigs} { CkXmlDSig_put_Selector $verifier $verifyIdx set verified [CkXmlDSig_VerifySignature $verifier 1] if {$verified != 1} then { puts [CkXmlDSig_lastErrorText $verifier] delete_CkStringBuilder $sbXml delete_CkXmlDSigGen $gen delete_CkXml $object1 delete_CkXml $xml1 delete_CkCert $certFromPfx delete_CkCert $cert delete_CkPrivateKey $privKey delete_CkXmlDSig $verifier exit } set verifyIdx [expr $verifyIdx + 1] } puts "All signatures were successfully verified." delete_CkStringBuilder $sbXml delete_CkXmlDSigGen $gen delete_CkXml $object1 delete_CkXml $xml1 delete_CkCert $certFromPfx delete_CkCert $cert delete_CkPrivateKey $privKey delete_CkXmlDSig $verifier |
||||
© 2000-2024 Chilkat Software, Inc. All Rights Reserved.