Chilkat HOME .NET Core C# Android™ AutoIt C C# C++ Chilkat2-Python CkPython Classic ASP DataFlex Delphi ActiveX Delphi DLL Go Java Lianja Mono C# Node.js Objective-C PHP ActiveX PHP Extension Perl PowerBuilder PowerShell PureBasic Ruby SQL Server Swift 2 Swift 3,4,5... Tcl Unicode C Unicode C++ VB.NET VBScript Visual Basic 6.0 Visual FoxPro Xojo Plugin
(Unicode C) Create XAdES-T Signed XMLSee more XAdES ExamplesThis example signs XML using the XAdES-T profile. XAdES-T is a profile within the XAdES standard that adds support for secure timestamping of signatures. Secure timestamping involves adding a timestamp to the signature, indicating the exact time when the signature was applied. Timestamping enhances the long-term validity of signatures by providing evidence that the signature existed at a specific point in time, even if the signer's certificate has expired or been revoked. XAdES-T signatures include elements for embedding timestamp data within the XML signature, along with information about the timestamp authority and the timestamp verification process. XAdES-T signatures are suitable for scenarios where long-term validity and integrity of signatures are essential, such as in legal and regulatory contexts where archived documents may need to be validated years or decades later.
#include <C_CkXmlW.h> #include <C_CkXmlDSigGenW.h> #include <C_CkCertW.h> #include <C_CkJsonObjectW.h> #include <C_CkStringBuilderW.h> #include <C_CkXmlDSigW.h> void ChilkatSample(void) { BOOL success; HCkXmlW xmlToSign; HCkXmlDSigGenW gen; HCkXmlW object1; HCkXmlW object2; HCkCertW cert; HCkJsonObjectW jsonTsa; HCkStringBuilderW sbXml; HCkXmlDSigW verifier; int numSigs; int verifyIdx; BOOL verified; // This example requires the Chilkat API to have been previously unlocked. // See Global Unlock Sample for sample code. success = TRUE; // Create the XML to be signed... // Use this online tool to generate code from sample XML: // Generate Code to Create XML // <?xml version="1.0" encoding="UTF-8"?> // <es:Dossier xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns="http://uri.etsi.org/01903/v1.3.2#" xmlns:es="https://www.microsec.hu/ds/e-szigno30#" xsi:schemaLocation="https://www.microsec.hu/ds/e-szigno30# https://www.microsec.hu/ds/e-szigno30.xsd"> // <es:DossierProfile Id="PObject0" OBJREF="Object0"> // <es:Title>e-akta.es3</es:Title> // <es:E-category>electronic dossier</es:E-category> // <es:CreationDate>2022-12-02T07:55:16Z</es:CreationDate> // </es:DossierProfile> // <es:Documents Id="Object0"/> // </es:Dossier> xmlToSign = CkXmlW_Create(); CkXmlW_putTag(xmlToSign,L"es:Dossier"); CkXmlW_AddAttribute(xmlToSign,L"xmlns:xsi",L"http://www.w3.org/2001/XMLSchema-instance"); CkXmlW_AddAttribute(xmlToSign,L"xmlns:ds",L"http://www.w3.org/2000/09/xmldsig#"); CkXmlW_AddAttribute(xmlToSign,L"xmlns",L"http://uri.etsi.org/01903/v1.3.2#"); CkXmlW_AddAttribute(xmlToSign,L"xmlns:es",L"https://www.microsec.hu/ds/e-szigno30#"); CkXmlW_AddAttribute(xmlToSign,L"xsi:schemaLocation",L"https://www.microsec.hu/ds/e-szigno30# https://www.microsec.hu/ds/e-szigno30.xsd"); CkXmlW_UpdateAttrAt(xmlToSign,L"es:DossierProfile",TRUE,L"Id",L"PObject0"); CkXmlW_UpdateAttrAt(xmlToSign,L"es:DossierProfile",TRUE,L"OBJREF",L"Object0"); CkXmlW_UpdateChildContent(xmlToSign,L"es:DossierProfile|es:Title",L"e-akta.es3"); CkXmlW_UpdateChildContent(xmlToSign,L"es:DossierProfile|es:E-category",L"electronic dossier"); CkXmlW_UpdateChildContent(xmlToSign,L"es:DossierProfile|es:CreationDate",L"2022-12-02T07:55:16Z"); CkXmlW_UpdateAttrAt(xmlToSign,L"es:Documents",TRUE,L"Id",L"Object0"); gen = CkXmlDSigGenW_Create(); CkXmlDSigGenW_putSigLocation(gen,L"es:Dossier"); CkXmlDSigGenW_putSigLocationMod(gen,0); CkXmlDSigGenW_putSigId(gen,L"S9fe8096e-2cac-415d-9222-f6cf2ecb314b"); CkXmlDSigGenW_putSigValueId(gen,L"VS9fe8096e-2cac-415d-9222-f6cf2ecb314b"); CkXmlDSigGenW_putSignedInfoId(gen,L"SIS9fe8096e-2cac-415d-9222-f6cf2ecb314b"); CkXmlDSigGenW_putSignedInfoCanonAlg(gen,L"EXCL_C14N"); CkXmlDSigGenW_putSignedInfoDigestMethod(gen,L"sha256"); // Set the KeyInfoId before adding references.. CkXmlDSigGenW_putKeyInfoId(gen,L"KS9fe8096e-2cac-415d-9222-f6cf2ecb314b"); // Create an Object to be added to the Signature. object1 = CkXmlW_Create(); CkXmlW_putTag(object1,L"es:SignatureProfile"); CkXmlW_AddAttribute(object1,L"Id",L"PS9fe8096e-2cac-415d-9222-f6cf2ecb314b"); CkXmlW_AddAttribute(object1,L"OBJREF",L"Object0"); CkXmlW_AddAttribute(object1,L"SIGREF",L"S9fe8096e-2cac-415d-9222-f6cf2ecb314b"); CkXmlW_AddAttribute(object1,L"SIGREFLIST",L"#Object0 #PS9fe8096e-2cac-415d-9222-f6cf2ecb314b #PObject0 #XS9fe8096e-2cac-415d-9222-f6cf2ecb314b"); CkXmlW_UpdateChildContent(object1,L"es:SignerName",L"EC Minsített-Tesztel Péterke"); CkXmlW_UpdateChildContent(object1,L"es:SDPresented",L"false"); CkXmlW_UpdateChildContent(object1,L"es:Type",L"signature"); CkXmlW_UpdateAttrAt(object1,L"es:Generator|es:Program",TRUE,L"name",L"e-Szigno"); CkXmlW_UpdateAttrAt(object1,L"es:Generator|es:Program",TRUE,L"version",L"3.3.6.8"); CkXmlW_UpdateAttrAt(object1,L"es:Generator|es:Device",TRUE,L"name",L"OpenSSL 1.1.1n 15 Mar 2022"); CkXmlW_UpdateAttrAt(object1,L"es:Generator|es:Device",TRUE,L"type",L""); CkXmlDSigGenW_AddObject(gen,L"O1S9fe8096e-2cac-415d-9222-f6cf2ecb314b",CkXmlW_getXml(object1),L"",L""); // Create an Object to be added to the Signature. object2 = CkXmlW_Create(); CkXmlW_putTag(object2,L"QualifyingProperties"); CkXmlW_AddAttribute(object2,L"Target",L"#S9fe8096e-2cac-415d-9222-f6cf2ecb314b"); CkXmlW_AddAttribute(object2,L"Id",L"QPS9fe8096e-2cac-415d-9222-f6cf2ecb314b"); CkXmlW_UpdateAttrAt(object2,L"SignedProperties",TRUE,L"Id",L"XS9fe8096e-2cac-415d-9222-f6cf2ecb314b"); CkXmlW_UpdateChildContent(object2,L"SignedProperties|SignedSignatureProperties|SigningTime",L"TO BE GENERATED BY CHILKAT"); CkXmlW_UpdateAttrAt(object2,L"SignedProperties|SignedSignatureProperties|SigningCertificateV2|Cert|CertDigest|ds:DigestMethod",TRUE,L"Algorithm",L"http://www.w3.org/2001/04/xmlenc#sha256"); CkXmlW_UpdateChildContent(object2,L"SignedProperties|SignedSignatureProperties|SigningCertificateV2|Cert|CertDigest|ds:DigestValue",L"TO BE GENERATED BY CHILKAT"); CkXmlW_UpdateChildContent(object2,L"SignedProperties|SignedSignatureProperties|SigningCertificateV2|Cert|IssuerSerialV2",L"TO BE GENERATED BY CHILKAT"); CkXmlW_UpdateChildContent(object2,L"SignedProperties|SignedSignatureProperties|SignaturePolicyIdentifier|SignaturePolicyImplied",L""); CkXmlW_UpdateChildContent(object2,L"SignedProperties|SignedSignatureProperties|SignerRoleV2|ClaimedRoles|ClaimedRole",L"tesztel"); // Here we have the EncapsulatedTimestamp found in the unsigned signature properties. CkXmlW_UpdateAttrAt(object2,L"UnsignedProperties|UnsignedSignatureProperties|SignatureTimeStamp",TRUE,L"Id",L"T72cb4961-4326-4319-857a-7cf55e7ef899"); CkXmlW_UpdateAttrAt(object2,L"UnsignedProperties|UnsignedSignatureProperties|SignatureTimeStamp|ds:CanonicalizationMethod",TRUE,L"Algorithm",L"http://www.w3.org/2001/10/xml-exc-c14n#"); CkXmlW_UpdateAttrAt(object2,L"UnsignedProperties|UnsignedSignatureProperties|SignatureTimeStamp|EncapsulatedTimeStamp",TRUE,L"Id",L"ET72cb4961-4326-4319-857a-7cf55e7ef899"); CkXmlW_UpdateChildContent(object2,L"UnsignedProperties|UnsignedSignatureProperties|SignatureTimeStamp|EncapsulatedTimeStamp",L"TO BE GENERATED BY CHILKAT"); CkXmlW_UpdateAttrAt(object2,L"UnsignedProperties|UnsignedSignatureProperties|TimeStampValidationData",TRUE,L"xmlns",L"http://uri.etsi.org/01903/v1.4.1#"); CkXmlW_UpdateAttrAt(object2,L"UnsignedProperties|UnsignedSignatureProperties|CertificateValues",TRUE,L"Id",L"CV18c7702d-d45b-44bc-853a-a720f41053cd"); CkXmlW_UpdateAttrAt(object2,L"UnsignedProperties|UnsignedSignatureProperties|CertificateValues|EncapsulatedX509Certificate",TRUE,L"Id",L"EC42db04c8-1422-407b-8c42-189353a55268"); CkXmlW_UpdateChildContent(object2,L"UnsignedProperties|UnsignedSignatureProperties|CertificateValues|EncapsulatedX509Certificate",L"BASE64_CONTENT"); CkXmlW_UpdateAttrAt(object2,L"UnsignedProperties|UnsignedSignatureProperties|CertificateValues|EncapsulatedX509Certificate[1]",TRUE,L"Id",L"EC04728b44-a32c-46c1-b9bb-85b1f6b3c7d3"); CkXmlW_UpdateChildContent(object2,L"UnsignedProperties|UnsignedSignatureProperties|CertificateValues|EncapsulatedX509Certificate[1]",L"BASE64_CONTENT"); CkXmlDSigGenW_AddObject(gen,L"O2S9fe8096e-2cac-415d-9222-f6cf2ecb314b",CkXmlW_getXml(object2),L"",L""); // -------- Reference 1 -------- CkXmlDSigGenW_AddSameDocRef(gen,L"Object0",L"sha256",L"EXCL_C14N",L"",L""); CkXmlDSigGenW_SetRefIdAttr(gen,L"Object0",L"Re1f816c4-7898-4544-9b41-f4156dc0c528"); // -------- Reference 2 -------- CkXmlDSigGenW_AddObjectRef(gen,L"PS9fe8096e-2cac-415d-9222-f6cf2ecb314b",L"sha256",L"EXCL_C14N",L"",L""); CkXmlDSigGenW_SetRefIdAttr(gen,L"PS9fe8096e-2cac-415d-9222-f6cf2ecb314b",L"Ra873b616-e568-4c38-ae94-27fbff67cc43"); // -------- Reference 3 -------- CkXmlDSigGenW_AddSameDocRef(gen,L"PObject0",L"sha256",L"EXCL_C14N",L"",L""); CkXmlDSigGenW_SetRefIdAttr(gen,L"PObject0",L"Ra5d85948-5d6a-4914-8c32-242f5d6d9e81"); // -------- Reference 4 -------- CkXmlDSigGenW_AddObjectRef(gen,L"XS9fe8096e-2cac-415d-9222-f6cf2ecb314b",L"sha256",L"EXCL_C14N",L"",L"http://uri.etsi.org/01903#SignedProperties"); CkXmlDSigGenW_SetRefIdAttr(gen,L"XS9fe8096e-2cac-415d-9222-f6cf2ecb314b",L"Ra7412a43-dc05-4e0a-ac84-e9a070214757"); // Provide a certificate + private key. (PFX password is test123) cert = CkCertW_Create(); success = CkCertW_LoadPfxFile(cert,L"qa_data/pfx/cert_test123.pfx",L"test123"); if (success != TRUE) { wprintf(L"%s\n",CkCertW_lastErrorText(cert)); CkXmlW_Dispose(xmlToSign); CkXmlDSigGenW_Dispose(gen); CkXmlW_Dispose(object1); CkXmlW_Dispose(object2); CkCertW_Dispose(cert); return; } CkXmlDSigGenW_SetX509Cert(gen,cert,TRUE); CkXmlDSigGenW_putKeyInfoType(gen,L"X509Data"); CkXmlDSigGenW_putX509Type(gen,L"Certificate"); // ------------------------------------------------------------------------------------------- // To have the EncapsulatedTimeStamp automatically added, we only need to do 2 things. // 1) Add the <xades:EncapsulatedTimeStamp Encoding="http://uri.etsi.org/01903/v1.2.2#DER">TO BE GENERATED BY CHILKAT</xades:EncapsulatedTimeStamp> // to the unsigned properties. // 2) Specify the TSA URL (Timestamping Authority URL). // Here we specify the TSA URL: // ------------------------------------------------------------------------------------------- jsonTsa = CkJsonObjectW_Create(); CkJsonObjectW_UpdateString(jsonTsa,L"timestampToken.tsaUrl",L"http://timestamp.digicert.com"); CkJsonObjectW_UpdateBool(jsonTsa,L"timestampToken.requestTsaCert",TRUE); CkXmlDSigGenW_SetTsa(gen,jsonTsa); // Load XML to be signed... sbXml = CkStringBuilderW_Create(); CkXmlW_GetXmlSb(xmlToSign,sbXml); CkXmlDSigGenW_putBehaviors(gen,L"IndentedSignature,OmitAlreadyDefinedSigNamespace"); // Sign the XML... success = CkXmlDSigGenW_CreateXmlDSigSb(gen,sbXml); if (success != TRUE) { wprintf(L"%s\n",CkXmlDSigGenW_lastErrorText(gen)); CkXmlW_Dispose(xmlToSign); CkXmlDSigGenW_Dispose(gen); CkXmlW_Dispose(object1); CkXmlW_Dispose(object2); CkCertW_Dispose(cert); CkJsonObjectW_Dispose(jsonTsa); CkStringBuilderW_Dispose(sbXml); return; } // ----------------------------------------------- // Save the signed XML to a file. success = CkStringBuilderW_WriteFile(sbXml,L"c:/temp/qa_output/signedXml.xml",L"utf-8",FALSE); wprintf(L"%s\n",CkStringBuilderW_getAsString(sbXml)); // ---------------------------------------- // Verify the signatures we just produced... verifier = CkXmlDSigW_Create(); success = CkXmlDSigW_LoadSignatureSb(verifier,sbXml); if (success != TRUE) { wprintf(L"%s\n",CkXmlDSigW_lastErrorText(verifier)); CkXmlW_Dispose(xmlToSign); CkXmlDSigGenW_Dispose(gen); CkXmlW_Dispose(object1); CkXmlW_Dispose(object2); CkCertW_Dispose(cert); CkJsonObjectW_Dispose(jsonTsa); CkStringBuilderW_Dispose(sbXml); CkXmlDSigW_Dispose(verifier); return; } numSigs = CkXmlDSigW_getNumSignatures(verifier); verifyIdx = 0; while (verifyIdx < numSigs) { CkXmlDSigW_putSelector(verifier,verifyIdx); verified = CkXmlDSigW_VerifySignature(verifier,TRUE); if (verified != TRUE) { wprintf(L"%s\n",CkXmlDSigW_lastErrorText(verifier)); CkXmlW_Dispose(xmlToSign); CkXmlDSigGenW_Dispose(gen); CkXmlW_Dispose(object1); CkXmlW_Dispose(object2); CkCertW_Dispose(cert); CkJsonObjectW_Dispose(jsonTsa); CkStringBuilderW_Dispose(sbXml); CkXmlDSigW_Dispose(verifier); return; } verifyIdx = verifyIdx + 1; } wprintf(L"All signatures were successfully verified.\n"); CkXmlW_Dispose(xmlToSign); CkXmlDSigGenW_Dispose(gen); CkXmlW_Dispose(object1); CkXmlW_Dispose(object2); CkCertW_Dispose(cert); CkJsonObjectW_Dispose(jsonTsa); CkStringBuilderW_Dispose(sbXml); CkXmlDSigW_Dispose(verifier); } |
© 2000-2024 Chilkat Software, Inc. All Rights Reserved.