|
Chilkat • HOME • .NET Core C# • Android™ • AutoIt • C • C# • C++ • Chilkat2-Python • CkPython • Classic ASP • DataFlex • Delphi ActiveX • Delphi DLL • Go • Java • Lianja • Mono C# • Node.js • Objective-C • PHP ActiveX • PHP Extension • Perl • PowerBuilder • PowerShell • PureBasic • Ruby • SQL Server • Swift 2 • Swift 3,4,5... • Tcl • Unicode C • Unicode C++ • VB.NET • VBScript • Visual Basic 6.0 • Visual FoxPro • Xojo Plugin
(Unicode C++) Signed Zip as Base64 with XAdES-BESThis example is to help companies implement a solution for sending XAdES-BES to the Polish government for reporting purposes. Specifically: Przed podpisaniem deklaracja zbiorcza (PIT-11Z, PIT-8CZ, PIT-40Z, PIT-RZ) musi zostać The example demonstrates the following:
This example will also show the reverse:
#include <CkStringBuilderW.h> #include <CkZipW.h> #include <CkZipEntryW.h> #include <CkBinDataW.h> #include <CkXmlDSigGenW.h> #include <CkXmlW.h> #include <CkCertW.h> #include <CkXmlDSigW.h> void ChilkatSample(void) { // This example assumes the Chilkat API to have been previously unlocked. // See Global Unlock Sample for sample code. // Zip the PIT-11Z.xml to create PIT-11Z.zip (not as a .zip file, but in-memory). CkStringBuilderW sbXmlToZip; bool success = sbXmlToZip.LoadFile(L"qa_data/xml/PIT-11Z.xml",L"utf-8"); if (success != true) { wprintf(L"Failed to load the XML to be zipped.\n"); return; } CkZipW zip; // Initialize the zip object. No file is created in this call. // It should always return true. success = zip.NewZip(L"PIT-11Z.zip"); // Add the XML to be zipped. CkZipEntryW *entry = zip.AppendString(L"PIT-11Z.xml",sbXmlToZip.getAsString()); delete entry; // Write the zip to a BinData object. CkBinDataW bdZip; zip.WriteBd(bdZip); // The contents of the bdZip will be retrieved in base64 format when needed below.. CkXmlDSigGenW gen; gen.put_SigLocation(L""); gen.put_SigLocationMod(0); gen.put_SigId(L"Signature_2a8df7f8-b958-40cc-83f6-edb53b837347_19"); gen.put_SigNamespacePrefix(L"ds"); gen.put_SigNamespaceUri(L"http://www.w3.org/2000/09/xmldsig#"); gen.put_SigValueId(L"SignatureValue_2a8df7f8-b958-40cc-83f6-edb53b837347_52"); gen.put_SignedInfoId(L"SignedInfo_2a8df7f8-b958-40cc-83f6-edb53b837347_41"); gen.put_SignedInfoCanonAlg(L"C14N"); gen.put_SignedInfoDigestMethod(L"sha1"); // Set the KeyInfoId before adding references.. gen.put_KeyInfoId(L"KeyInfo_2a8df7f8-b958-40cc-83f6-edb53b837347_24"); // Create an Object to be added to the Signature. CkXmlW object1; object1.put_Tag(L"xades:QualifyingProperties"); object1.AddAttribute(L"xmlns:xades",L"http://uri.etsi.org/01903/v1.3.2#"); object1.AddAttribute(L"Id",L"QualifyingProperties_2a8df7f8-b958-40cc-83f6-edb53b837347_43"); object1.AddAttribute(L"Target",L"#Signature_2a8df7f8-b958-40cc-83f6-edb53b837347_19"); object1.UpdateAttrAt(L"xades:SignedProperties",true,L"Id",L"SignedProperties_2a8df7f8-b958-40cc-83f6-edb53b837347_4e"); object1.UpdateAttrAt(L"xades:SignedProperties|xades:SignedSignatureProperties",true,L"Id",L"SignedSignatureProperties_2a8df7f8-b958-40cc-83f6-edb53b837347_0a"); // Chilkat will replace the strings "TO BE GENERATED BY CHILKAT" with actual values when the signature is created. object1.UpdateChildContent(L"xades:SignedProperties|xades:SignedSignatureProperties|xades:SigningTime",L"TO BE GENERATED BY CHILKAT"); // Note: It may be that http://www.w3.org/2001/04/xmlenc#sha256 is needed in the following line instead of http://www.w3.org/2000/09/xmldsig#sha1 object1.UpdateAttrAt(L"xades:SignedProperties|xades:SignedSignatureProperties|xades:SigningCertificate|xades:Cert|xades:CertDigest|ds:DigestMethod",true,L"Algorithm",L"http://www.w3.org/2000/09/xmldsig#sha1"); object1.UpdateChildContent(L"xades:SignedProperties|xades:SignedSignatureProperties|xades:SigningCertificate|xades:Cert|xades:CertDigest|ds:DigestValue",L"TO BE GENERATED BY CHILKAT"); object1.UpdateChildContent(L"xades:SignedProperties|xades:SignedSignatureProperties|xades:SigningCertificate|xades:Cert|xades:IssuerSerial|ds:X509IssuerName",L"TO BE GENERATED BY CHILKAT"); object1.UpdateChildContent(L"xades:SignedProperties|xades:SignedSignatureProperties|xades:SigningCertificate|xades:Cert|xades:IssuerSerial|ds:X509SerialNumber",L"TO BE GENERATED BY CHILKAT"); object1.UpdateAttrAt(L"xades:SignedProperties|xades:SignedDataObjectProperties",true,L"Id",L"SignedDataObjectProperties_2a8df7f8-b958-40cc-83f6-edb53b837347_4b"); object1.UpdateAttrAt(L"xades:SignedProperties|xades:SignedDataObjectProperties|xades:DataObjectFormat",true,L"ObjectReference",L"#Reference1_2a8df7f8-b958-40cc-83f6-edb53b837347_27"); object1.UpdateChildContent(L"xades:SignedProperties|xades:SignedDataObjectProperties|xades:DataObjectFormat|xades:Description",L"MIME-Version: 1.0\r\nContent-Type: application/zip\r\nContent-Transfer-Encoding: binary\r\nContent-Disposition: filename="PIT-11Z.zip""); object1.UpdateAttrAt(L"xades:SignedProperties|xades:SignedDataObjectProperties|xades:DataObjectFormat|xades:ObjectIdentifier|xades:Identifier",true,L"Qualifier",L"OIDAsURI"); object1.UpdateChildContent(L"xades:SignedProperties|xades:SignedDataObjectProperties|xades:DataObjectFormat|xades:ObjectIdentifier|xades:Identifier",L"http://www.certum.pl/OIDAsURI/signedFile/1.2.616.1.113527.3.1.1.3.1"); object1.UpdateChildContent(L"xades:SignedProperties|xades:SignedDataObjectProperties|xades:DataObjectFormat|xades:ObjectIdentifier|xades:Description",L"Opis formatu dokumentu oraz jego pelna nazwa"); object1.UpdateChildContent(L"xades:SignedProperties|xades:SignedDataObjectProperties|xades:DataObjectFormat|xades:ObjectIdentifier|xades:DocumentationReferences|xades:DocumentationReference",L"http://www.certum.pl/OIDAsURI/signedFile.pdf"); object1.UpdateChildContent(L"xades:SignedProperties|xades:SignedDataObjectProperties|xades:DataObjectFormat|xades:MimeType",L"application/zip"); object1.UpdateChildContent(L"xades:SignedProperties|xades:SignedDataObjectProperties|xades:CommitmentTypeIndication|xades:CommitmentTypeId|xades:Identifier",L"http://uri.etsi.org/01903/v1.2.2#ProofOfApproval"); object1.UpdateChildContent(L"xades:SignedProperties|xades:SignedDataObjectProperties|xades:CommitmentTypeIndication|xades:AllSignedDataObjects",L""); object1.UpdateAttrAt(L"xades:UnsignedProperties",true,L"Id",L"UnsignedProperties_2a8df7f8-b958-40cc-83f6-edb53b837347_55"); // Emit XML in compact (single-line) format to avoid whitespace problems. object1.put_EmitCompact(true); gen.AddObject(L"",object1.getXml(),L"",L""); // Create an Object to be added to the Signature. // This is where we add the base64 representation of the PIT-11Z.zip gen.AddObject(L"Object1_2a8df7f8-b958-40cc-83f6-edb53b837347",bdZip.getEncoded(L"base64"),L"",L"http://www.w3.org/2000/09/xmldsig#base64"); // -------- Reference 1 -------- gen.AddObjectRef(L"Object1_2a8df7f8-b958-40cc-83f6-edb53b837347",L"sha1",L"C14N_WithComments",L"",L""); gen.SetRefIdAttr(L"Object1_2a8df7f8-b958-40cc-83f6-edb53b837347",L"Reference1_2a8df7f8-b958-40cc-83f6-edb53b837347_27"); // -------- Reference 2 -------- gen.AddObjectRef(L"SignedProperties_2a8df7f8-b958-40cc-83f6-edb53b837347_4e",L"sha1",L"",L"",L"http://uri.etsi.org/01903#SignedProperties"); gen.SetRefIdAttr(L"SignedProperties_2a8df7f8-b958-40cc-83f6-edb53b837347_4e",L"SignedProperties-Reference_2a8df7f8-b958-40cc-83f6-edb53b837347_28"); // Provide a certificate + private key. (PFX password is test123) CkCertW cert; success = cert.LoadPfxFile(L"qa_data/pfx/cert_test123.pfx",L"test123"); if (success != true) { wprintf(L"%s\n",cert.lastErrorText()); return; } gen.SetX509Cert(cert,true); gen.put_KeyInfoType(L"X509Data"); gen.put_X509Type(L"Certificate"); // This will be an enveloping signature where the Signature element // is the XML document root, the signed data is contained within Object // tag(s) within the Signature. // Therefore, pass an empty sbXml to CreateXmlDsigSb. CkStringBuilderW sbXml; // The Polish government's XmlDSig implementation requires that we reproduce an attribute-sorting error. // (This is an error in the XML canonicalization that is not noticed when both the signature-creation code and signature-verification code use // the same XML canonicalization implementation w/ the bug.) gen.put_Behaviors(L"AttributeSortingBug,CompactSignedXml"); // Sign the XML... success = gen.CreateXmlDSigSb(sbXml); if (success != true) { wprintf(L"%s\n",gen.lastErrorText()); return; } // ----------------------------------------------- // Save the signed XML to a file. success = sbXml.WriteFile(L"qa_output/signedXml.xml",L"utf-8",false); wprintf(L"%s\n",sbXml.getAsString()); // ---------------------------------------- // Verify the signature we just produced... CkXmlDSigW verifier; success = verifier.LoadSignatureSb(sbXml); if (success != true) { wprintf(L"%s\n",verifier.lastErrorText()); return; } bool verified = verifier.VerifySignature(true); if (verified != true) { wprintf(L"%s\n",verifier.lastErrorText()); return; } wprintf(L"This signature was successfully verified.\n"); // ------------------------------------ // Finally, let's extract the .zip from the signed XML, and then unzip the original PIT-11Z.xml from the in-memory zip. CkXmlW xml; xml.LoadSb(sbXml,true); // The base64 image of the PIT-11Z.zip is in the 2nd ds:Object child of the ds:Signature (the ds:Signature is the root element of the signed XML). // (ds:Object[0] would be the 1st ds:Object child. Index 1 is the 2nd ds:Object child.) const wchar_t *strZipBase64 = xml.getChildContent(L"ds:Object[1]"); bdZip.Clear(); bdZip.AppendEncoded(strZipBase64,L"base64"); if (bdZip.get_NumBytes() == 0) { wprintf(L"Something went wrong.. we dont' have any data..\n"); return; } success = zip.OpenBd(bdZip); if (success != true) { wprintf(L"%s\n",zip.lastErrorText()); return; } // Get the 1st file in the zip, which should be the PIT-11Z.xml entry = zip.GetEntryByIndex(0); if (zip.get_LastMethodSuccess() != true) { wprintf(L"Zip contains no files...\n"); return; } // Get the XML: const wchar_t *origXml = entry->unzipToString(0,L"utf-8"); wprintf(L"Original XML extracted from base64 zip:\n"); wprintf(L"%s\n",origXml); delete entry; } |
|||||||
© 2000-2024 Chilkat Software, Inc. All Rights Reserved.