(Android™) Create XAdES-T Signed XML

See more XAdES Examples

This example signs XML using the XAdES-T profile. XAdES-T is a profile within the XAdES standard that adds support for secure timestamping of signatures.

Secure timestamping involves adding a timestamp to the signature, indicating the exact time when the signature was applied.

Timestamping enhances the long-term validity of signatures by providing evidence that the signature existed at a specific point in time, even if the signer's certificate has expired or been revoked.

XAdES-T signatures include elements for embedding timestamp data within the XML signature, along with information about the timestamp authority and the timestamp verification process.

XAdES-T signatures are suitable for scenarios where long-term validity and integrity of signatures are essential, such as in legal and regulatory contexts where archived documents may need to be validated years or decades later.

Chilkat Android™ Downloads Android™ Java Libraries Android C/C++ Libraries

// Important: Don't forget to include the call to System.loadLibrary
// as shown at the bottom of this code sample.
package com.test;

import android.app.Activity;
import com.chilkatsoft.*;

import android.widget.TextView;
import android.os.Bundle;

public class SimpleActivity extends Activity {

  private static final String TAG = "Chilkat";

  // Called when the activity is first created.
  @Override
  public void onCreate(Bundle savedInstanceState) {
    super.onCreate(savedInstanceState);

    // This example requires the Chilkat API to have been previously unlocked.
    // See Global Unlock Sample for sample code.

    boolean success = true;
    // Create the XML to be signed...

    // Use this online tool to generate code from sample XML: 
    // Generate Code to Create XML

    // <?xml version="1.0" encoding="UTF-8"?>
    // <es:Dossier xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns="http://uri.etsi.org/01903/v1.3.2#" xmlns:es="https://www.microsec.hu/ds/e-szigno30#" xsi:schemaLocation="https://www.microsec.hu/ds/e-szigno30# https://www.microsec.hu/ds/e-szigno30.xsd">
    // 	<es:DossierProfile Id="PObject0" OBJREF="Object0">
    // 	<es:Title>e-akta.es3</es:Title>
    // 	<es:E-category>electronic dossier</es:E-category>
    // 	<es:CreationDate>2022-12-02T07:55:16Z</es:CreationDate>
    // 	</es:DossierProfile>
    // 	<es:Documents Id="Object0"/>
    // </es:Dossier>

    CkXml xmlToSign = new CkXml();
    xmlToSign.put_Tag("es:Dossier");
    xmlToSign.AddAttribute("xmlns:xsi","http://www.w3.org/2001/XMLSchema-instance");
    xmlToSign.AddAttribute("xmlns:ds","http://www.w3.org/2000/09/xmldsig#");
    xmlToSign.AddAttribute("xmlns","http://uri.etsi.org/01903/v1.3.2#");
    xmlToSign.AddAttribute("xmlns:es","https://www.microsec.hu/ds/e-szigno30#");
    xmlToSign.AddAttribute("xsi:schemaLocation","https://www.microsec.hu/ds/e-szigno30# https://www.microsec.hu/ds/e-szigno30.xsd");
    xmlToSign.UpdateAttrAt("es:DossierProfile",true,"Id","PObject0");
    xmlToSign.UpdateAttrAt("es:DossierProfile",true,"OBJREF","Object0");
    xmlToSign.UpdateChildContent("es:DossierProfile|es:Title","e-akta.es3");
    xmlToSign.UpdateChildContent("es:DossierProfile|es:E-category","electronic dossier");
    xmlToSign.UpdateChildContent("es:DossierProfile|es:CreationDate","2022-12-02T07:55:16Z");
    xmlToSign.UpdateAttrAt("es:Documents",true,"Id","Object0");

    CkXmlDSigGen gen = new CkXmlDSigGen();

    gen.put_SigLocation("es:Dossier");
    gen.put_SigLocationMod(0);
    gen.put_SigId("S9fe8096e-2cac-415d-9222-f6cf2ecb314b");
    gen.put_SigValueId("VS9fe8096e-2cac-415d-9222-f6cf2ecb314b");
    gen.put_SignedInfoId("SIS9fe8096e-2cac-415d-9222-f6cf2ecb314b");
    gen.put_SignedInfoCanonAlg("EXCL_C14N");
    gen.put_SignedInfoDigestMethod("sha256");

    // Set the KeyInfoId before adding references..
    gen.put_KeyInfoId("KS9fe8096e-2cac-415d-9222-f6cf2ecb314b");

    // Create an Object to be added to the Signature.
    CkXml object1 = new CkXml();
    object1.put_Tag("es:SignatureProfile");
    object1.AddAttribute("Id","PS9fe8096e-2cac-415d-9222-f6cf2ecb314b");
    object1.AddAttribute("OBJREF","Object0");
    object1.AddAttribute("SIGREF","S9fe8096e-2cac-415d-9222-f6cf2ecb314b");
    object1.AddAttribute("SIGREFLIST","#Object0 #PS9fe8096e-2cac-415d-9222-f6cf2ecb314b #PObject0 #XS9fe8096e-2cac-415d-9222-f6cf2ecb314b");
    object1.UpdateChildContent("es:SignerName","EC Minsített-Tesztel Péterke");
    object1.UpdateChildContent("es:SDPresented","false");
    object1.UpdateChildContent("es:Type","signature");
    object1.UpdateAttrAt("es:Generator|es:Program",true,"name","e-Szigno");
    object1.UpdateAttrAt("es:Generator|es:Program",true,"version","3.3.6.8");
    object1.UpdateAttrAt("es:Generator|es:Device",true,"name","OpenSSL 1.1.1n  15 Mar 2022");
    object1.UpdateAttrAt("es:Generator|es:Device",true,"type","");

    gen.AddObject("O1S9fe8096e-2cac-415d-9222-f6cf2ecb314b",object1.getXml(),"","");

    // Create an Object to be added to the Signature.
    CkXml object2 = new CkXml();
    object2.put_Tag("QualifyingProperties");
    object2.AddAttribute("Target","#S9fe8096e-2cac-415d-9222-f6cf2ecb314b");
    object2.AddAttribute("Id","QPS9fe8096e-2cac-415d-9222-f6cf2ecb314b");
    object2.UpdateAttrAt("SignedProperties",true,"Id","XS9fe8096e-2cac-415d-9222-f6cf2ecb314b");
    object2.UpdateChildContent("SignedProperties|SignedSignatureProperties|SigningTime","TO BE GENERATED BY CHILKAT");
    object2.UpdateAttrAt("SignedProperties|SignedSignatureProperties|SigningCertificateV2|Cert|CertDigest|ds:DigestMethod",true,"Algorithm","http://www.w3.org/2001/04/xmlenc#sha256");
    object2.UpdateChildContent("SignedProperties|SignedSignatureProperties|SigningCertificateV2|Cert|CertDigest|ds:DigestValue","TO BE GENERATED BY CHILKAT");
    object2.UpdateChildContent("SignedProperties|SignedSignatureProperties|SigningCertificateV2|Cert|IssuerSerialV2","TO BE GENERATED BY CHILKAT");
    object2.UpdateChildContent("SignedProperties|SignedSignatureProperties|SignaturePolicyIdentifier|SignaturePolicyImplied","");
    object2.UpdateChildContent("SignedProperties|SignedSignatureProperties|SignerRoleV2|ClaimedRoles|ClaimedRole","tesztel");

    // Here we have the EncapsulatedTimestamp found in the unsigned signature properties.
    object2.UpdateAttrAt("UnsignedProperties|UnsignedSignatureProperties|SignatureTimeStamp",true,"Id","T72cb4961-4326-4319-857a-7cf55e7ef899");
    object2.UpdateAttrAt("UnsignedProperties|UnsignedSignatureProperties|SignatureTimeStamp|ds:CanonicalizationMethod",true,"Algorithm","http://www.w3.org/2001/10/xml-exc-c14n#");
    object2.UpdateAttrAt("UnsignedProperties|UnsignedSignatureProperties|SignatureTimeStamp|EncapsulatedTimeStamp",true,"Id","ET72cb4961-4326-4319-857a-7cf55e7ef899");
    object2.UpdateChildContent("UnsignedProperties|UnsignedSignatureProperties|SignatureTimeStamp|EncapsulatedTimeStamp","TO BE GENERATED BY CHILKAT");
    object2.UpdateAttrAt("UnsignedProperties|UnsignedSignatureProperties|TimeStampValidationData",true,"xmlns","http://uri.etsi.org/01903/v1.4.1#");
    object2.UpdateAttrAt("UnsignedProperties|UnsignedSignatureProperties|CertificateValues",true,"Id","CV18c7702d-d45b-44bc-853a-a720f41053cd");
    object2.UpdateAttrAt("UnsignedProperties|UnsignedSignatureProperties|CertificateValues|EncapsulatedX509Certificate",true,"Id","EC42db04c8-1422-407b-8c42-189353a55268");
    object2.UpdateChildContent("UnsignedProperties|UnsignedSignatureProperties|CertificateValues|EncapsulatedX509Certificate","BASE64_CONTENT");
    object2.UpdateAttrAt("UnsignedProperties|UnsignedSignatureProperties|CertificateValues|EncapsulatedX509Certificate[1]",true,"Id","EC04728b44-a32c-46c1-b9bb-85b1f6b3c7d3");
    object2.UpdateChildContent("UnsignedProperties|UnsignedSignatureProperties|CertificateValues|EncapsulatedX509Certificate[1]","BASE64_CONTENT");

    gen.AddObject("O2S9fe8096e-2cac-415d-9222-f6cf2ecb314b",object2.getXml(),"","");

    // -------- Reference 1 --------
    gen.AddSameDocRef("Object0","sha256","EXCL_C14N","","");
    gen.SetRefIdAttr("Object0","Re1f816c4-7898-4544-9b41-f4156dc0c528");

    // -------- Reference 2 --------
    gen.AddObjectRef("PS9fe8096e-2cac-415d-9222-f6cf2ecb314b","sha256","EXCL_C14N","","");
    gen.SetRefIdAttr("PS9fe8096e-2cac-415d-9222-f6cf2ecb314b","Ra873b616-e568-4c38-ae94-27fbff67cc43");

    // -------- Reference 3 --------
    gen.AddSameDocRef("PObject0","sha256","EXCL_C14N","","");
    gen.SetRefIdAttr("PObject0","Ra5d85948-5d6a-4914-8c32-242f5d6d9e81");

    // -------- Reference 4 --------
    gen.AddObjectRef("XS9fe8096e-2cac-415d-9222-f6cf2ecb314b","sha256","EXCL_C14N","","http://uri.etsi.org/01903#SignedProperties");
    gen.SetRefIdAttr("XS9fe8096e-2cac-415d-9222-f6cf2ecb314b","Ra7412a43-dc05-4e0a-ac84-e9a070214757");

    // Provide a certificate + private key. (PFX password is test123)
    CkCert cert = new CkCert();
    success = cert.LoadPfxFile("qa_data/pfx/cert_test123.pfx","test123");
    if (success != true) {
        Log.i(TAG, cert.lastErrorText());
        return;
        }

    gen.SetX509Cert(cert,true);

    gen.put_KeyInfoType("X509Data");
    gen.put_X509Type("Certificate");

    // -------------------------------------------------------------------------------------------
    // To have the EncapsulatedTimeStamp automatically added, we only need to do 2 things.
    // 1) Add the <xades:EncapsulatedTimeStamp Encoding="http://uri.etsi.org/01903/v1.2.2#DER">TO BE GENERATED BY CHILKAT</xades:EncapsulatedTimeStamp>
    //    to the unsigned properties.
    // 2) Specify the TSA URL (Timestamping Authority URL).
    //    Here we specify the TSA URL:
    // -------------------------------------------------------------------------------------------

    CkJsonObject jsonTsa = new CkJsonObject();
    jsonTsa.UpdateString("timestampToken.tsaUrl","http://timestamp.digicert.com");
    jsonTsa.UpdateBool("timestampToken.requestTsaCert",true);
    gen.SetTsa(jsonTsa);

    // Load XML to be signed...
    CkStringBuilder sbXml = new CkStringBuilder();
    xmlToSign.GetXmlSb(sbXml);

    gen.put_Behaviors("IndentedSignature,OmitAlreadyDefinedSigNamespace");

    // Sign the XML...
    success = gen.CreateXmlDSigSb(sbXml);
    if (success != true) {
        Log.i(TAG, gen.lastErrorText());
        return;
        }

    // -----------------------------------------------

    // Save the signed XML to a file.
    success = sbXml.WriteFile("c:/temp/qa_output/signedXml.xml","utf-8",false);

    Log.i(TAG, sbXml.getAsString());

    // ----------------------------------------
    // Verify the signatures we just produced...
    CkXmlDSig verifier = new CkXmlDSig();
    success = verifier.LoadSignatureSb(sbXml);
    if (success != true) {
        Log.i(TAG, verifier.lastErrorText());
        return;
        }

    int numSigs = verifier.get_NumSignatures();
    int verifyIdx = 0;
    while (verifyIdx < numSigs) {
        verifier.put_Selector(verifyIdx);
        boolean verified = verifier.VerifySignature(true);
        if (verified != true) {
            Log.i(TAG, verifier.lastErrorText());
            return;
            }

        verifyIdx = verifyIdx + 1;
        }

    Log.i(TAG, "All signatures were successfully verified.");

  }

  static {
      System.loadLibrary("chilkat");

      // Note: If the incorrect library name is passed to System.loadLibrary,
      // then you will see the following error message at application startup:
      //"The application <your-application-name> has stopped unexpectedly. Please try again."
  }
}