Unicode C++
Unicode C++
Signed Zip as Base64 with XAdES-BES
See more XAdES Examples
This example is to help companies implement a solution for sending XAdES-BES to the Polish government for reporting purposes. Specifically:Przed podpisaniem deklaracja zbiorcza (PIT-11Z, PIT-8CZ, PIT-40Z, PIT-RZ) musi zostać
umieszczona w archiwum ZIP. W tym przypadku, podpisywany jest plik archiwum ZIP,
przyjmujący w podpisie XAdES-BES formę zakodowaną base64.
The example demonstrates the following:
- Zip an XML file (PIT-11Z.xml is zipped to PIT-11Z.zip)
- Create XML to be signed, where the XML contains the base64 encoded content of the PIT-11Z.zip archive.
- XAdES-BES sign the XML containing the base64 zip.
This example will also show the reverse:
- Verify the signed XML.
- Extract the PIT-11z.zip from the signed XML.
- Unzip the PIT-11Z.zip to get the original PIT-11Z.xml
Chilkat Unicode C++ Downloads
#include <CkStringBuilderW.h>
#include <CkZipW.h>
#include <CkBinDataW.h>
#include <CkXmlDSigGenW.h>
#include <CkXmlW.h>
#include <CkCertW.h>
#include <CkXmlDSigW.h>
#include <CkZipEntryW.h>
void ChilkatSample(void)
{
bool success = false;
// This example assumes the Chilkat API to have been previously unlocked.
// See Global Unlock Sample for sample code.
// Zip the PIT-11Z.xml to create PIT-11Z.zip (not as a .zip file, but in-memory).
CkStringBuilderW sbXmlToZip;
success = sbXmlToZip.LoadFile(L"qa_data/xml/PIT-11Z.xml",L"utf-8");
if (success != true) {
wprintf(L"Failed to load the XML to be zipped.\n");
return;
}
CkZipW zip;
// Initialize the zip object. No file is created in this call.
// It should always return true.
success = zip.NewZip(L"PIT-11Z.zip");
// Add the XML to be zipped.
zip.AddSb(L"PIT-11Z.xml",sbXmlToZip,L"utf-8");
// Write the zip to a BinData object.
CkBinDataW bdZip;
zip.WriteBd(bdZip);
// The contents of the bdZip will be retrieved in base64 format when needed below..
CkXmlDSigGenW gen;
gen.put_SigLocation(L"");
gen.put_SigLocationMod(0);
gen.put_SigId(L"Signature_2a8df7f8-b958-40cc-83f6-edb53b837347_19");
gen.put_SigNamespacePrefix(L"ds");
gen.put_SigNamespaceUri(L"http://www.w3.org/2000/09/xmldsig#");
gen.put_SigValueId(L"SignatureValue_2a8df7f8-b958-40cc-83f6-edb53b837347_52");
gen.put_SignedInfoId(L"SignedInfo_2a8df7f8-b958-40cc-83f6-edb53b837347_41");
gen.put_SignedInfoCanonAlg(L"C14N");
gen.put_SignedInfoDigestMethod(L"sha1");
// Set the KeyInfoId before adding references..
gen.put_KeyInfoId(L"KeyInfo_2a8df7f8-b958-40cc-83f6-edb53b837347_24");
// Create an Object to be added to the Signature.
CkXmlW object1;
object1.put_Tag(L"xades:QualifyingProperties");
object1.AddAttribute(L"xmlns:xades",L"http://uri.etsi.org/01903/v1.3.2#");
object1.AddAttribute(L"Id",L"QualifyingProperties_2a8df7f8-b958-40cc-83f6-edb53b837347_43");
object1.AddAttribute(L"Target",L"#Signature_2a8df7f8-b958-40cc-83f6-edb53b837347_19");
object1.UpdateAttrAt(L"xades:SignedProperties",true,L"Id",L"SignedProperties_2a8df7f8-b958-40cc-83f6-edb53b837347_4e");
object1.UpdateAttrAt(L"xades:SignedProperties|xades:SignedSignatureProperties",true,L"Id",L"SignedSignatureProperties_2a8df7f8-b958-40cc-83f6-edb53b837347_0a");
// Chilkat will replace the strings "TO BE GENERATED BY CHILKAT" with actual values when the signature is created.
object1.UpdateChildContent(L"xades:SignedProperties|xades:SignedSignatureProperties|xades:SigningTime",L"TO BE GENERATED BY CHILKAT");
// Note: It may be that http://www.w3.org/2001/04/xmlenc#sha256 is needed in the following line instead of http://www.w3.org/2000/09/xmldsig#sha1
object1.UpdateAttrAt(L"xades:SignedProperties|xades:SignedSignatureProperties|xades:SigningCertificateV2|xades:Cert|xades:CertDigest|ds:DigestMethod",true,L"Algorithm",L"http://www.w3.org/2000/09/xmldsig#sha1");
object1.UpdateChildContent(L"xades:SignedProperties|xades:SignedSignatureProperties|xades:SigningCertificateV2|xades:Cert|xades:CertDigest|ds:DigestValue",L"TO BE GENERATED BY CHILKAT");
object1.UpdateChildContent(L"xades:SignedProperties|xades:SignedSignatureProperties|xades:SigningCertificateV2|xades:Cert|xades:IssuerSerialV2",L"TO BE GENERATED BY CHILKAT");
object1.UpdateAttrAt(L"xades:SignedProperties|xades:SignedDataObjectProperties",true,L"Id",L"SignedDataObjectProperties_2a8df7f8-b958-40cc-83f6-edb53b837347_4b");
object1.UpdateAttrAt(L"xades:SignedProperties|xades:SignedDataObjectProperties|xades:DataObjectFormat",true,L"ObjectReference",L"#Reference1_2a8df7f8-b958-40cc-83f6-edb53b837347_27");
object1.UpdateChildContent(L"xades:SignedProperties|xades:SignedDataObjectProperties|xades:DataObjectFormat|xades:Description",L"MIME-Version: 1.0\r\nContent-Type: application/zip\r\nContent-Transfer-Encoding: binary\r\nContent-Disposition: filename="PIT-11Z.zip"");
object1.UpdateAttrAt(L"xades:SignedProperties|xades:SignedDataObjectProperties|xades:DataObjectFormat|xades:ObjectIdentifier|xades:Identifier",true,L"Qualifier",L"OIDAsURI");
object1.UpdateChildContent(L"xades:SignedProperties|xades:SignedDataObjectProperties|xades:DataObjectFormat|xades:ObjectIdentifier|xades:Identifier",L"http://www.certum.pl/OIDAsURI/signedFile/1.2.616.1.113527.3.1.1.3.1");
object1.UpdateChildContent(L"xades:SignedProperties|xades:SignedDataObjectProperties|xades:DataObjectFormat|xades:ObjectIdentifier|xades:Description",L"Opis formatu dokumentu oraz jego pelna nazwa");
object1.UpdateChildContent(L"xades:SignedProperties|xades:SignedDataObjectProperties|xades:DataObjectFormat|xades:ObjectIdentifier|xades:DocumentationReferences|xades:DocumentationReference",L"http://www.certum.pl/OIDAsURI/signedFile.pdf");
object1.UpdateChildContent(L"xades:SignedProperties|xades:SignedDataObjectProperties|xades:DataObjectFormat|xades:MimeType",L"application/zip");
object1.UpdateChildContent(L"xades:SignedProperties|xades:SignedDataObjectProperties|xades:CommitmentTypeIndication|xades:CommitmentTypeId|xades:Identifier",L"http://uri.etsi.org/01903/v1.2.2#ProofOfApproval");
object1.UpdateChildContent(L"xades:SignedProperties|xades:SignedDataObjectProperties|xades:CommitmentTypeIndication|xades:AllSignedDataObjects",L"");
object1.UpdateAttrAt(L"xades:UnsignedProperties",true,L"Id",L"UnsignedProperties_2a8df7f8-b958-40cc-83f6-edb53b837347_55");
// Emit XML in compact (single-line) format to avoid whitespace problems.
object1.put_EmitCompact(true);
gen.AddObject(L"",object1.getXml(),L"",L"");
// Create an Object to be added to the Signature.
// This is where we add the base64 representation of the PIT-11Z.zip
gen.AddObject(L"Object1_2a8df7f8-b958-40cc-83f6-edb53b837347",bdZip.getEncoded(L"base64"),L"",L"http://www.w3.org/2000/09/xmldsig#base64");
// -------- Reference 1 --------
gen.AddObjectRef(L"Object1_2a8df7f8-b958-40cc-83f6-edb53b837347",L"sha1",L"C14N_WithComments",L"",L"");
gen.SetRefIdAttr(L"Object1_2a8df7f8-b958-40cc-83f6-edb53b837347",L"Reference1_2a8df7f8-b958-40cc-83f6-edb53b837347_27");
// -------- Reference 2 --------
gen.AddObjectRef(L"SignedProperties_2a8df7f8-b958-40cc-83f6-edb53b837347_4e",L"sha1",L"",L"",L"http://uri.etsi.org/01903#SignedProperties");
gen.SetRefIdAttr(L"SignedProperties_2a8df7f8-b958-40cc-83f6-edb53b837347_4e",L"SignedProperties-Reference_2a8df7f8-b958-40cc-83f6-edb53b837347_28");
// Provide a certificate + private key. (PFX password is test123)
CkCertW cert;
success = cert.LoadPfxFile(L"qa_data/pfx/cert_test123.pfx",L"test123");
if (success == false) {
wprintf(L"%s\n",cert.lastErrorText());
return;
}
gen.SetX509Cert(cert,true);
gen.put_KeyInfoType(L"X509Data");
gen.put_X509Type(L"Certificate");
// This will be an enveloping signature where the Signature element
// is the XML document root, the signed data is contained within Object
// tag(s) within the Signature.
// Therefore, pass an empty sbXml to CreateXmlDsigSb.
CkStringBuilderW sbXml;
// The Polish government's XmlDSig implementation requires that we reproduce an attribute-sorting error.
// (This is an error in the XML canonicalization that is not noticed when both the signature-creation code and signature-verification code use
// the same XML canonicalization implementation w/ the bug.)
gen.put_Behaviors(L"AttributeSortingBug,CompactSignedXml");
// Sign the XML...
success = gen.CreateXmlDSigSb(sbXml);
if (success == false) {
wprintf(L"%s\n",gen.lastErrorText());
return;
}
// -----------------------------------------------
// Save the signed XML to a file.
success = sbXml.WriteFile(L"qa_output/signedXml.xml",L"utf-8",false);
wprintf(L"%s\n",sbXml.getAsString());
// ----------------------------------------
// Verify the signature we just produced...
CkXmlDSigW verifier;
success = verifier.LoadSignatureSb(sbXml);
if (success == false) {
wprintf(L"%s\n",verifier.lastErrorText());
return;
}
bool verified = verifier.VerifySignature(true);
if (verified != true) {
wprintf(L"%s\n",verifier.lastErrorText());
return;
}
wprintf(L"This signature was successfully verified.\n");
// ------------------------------------
// Finally, let's extract the .zip from the signed XML, and then unzip the original PIT-11Z.xml from the in-memory zip.
CkXmlW xml;
xml.LoadSb(sbXml,true);
// The base64 image of the PIT-11Z.zip is in the 2nd ds:Object child of the ds:Signature (the ds:Signature is the root element of the signed XML).
// (ds:Object[0] would be the 1st ds:Object child. Index 1 is the 2nd ds:Object child.)
const wchar_t *strZipBase64 = xml.getChildContent(L"ds:Object[1]");
bdZip.Clear();
bdZip.AppendEncoded(strZipBase64,L"base64");
if (bdZip.get_NumBytes() == 0) {
wprintf(L"Something went wrong.. we dont' have any data..\n");
return;
}
success = zip.OpenBd(bdZip);
if (success == false) {
wprintf(L"%s\n",zip.lastErrorText());
return;
}
// Get the 1st file in the zip, which should be the PIT-11Z.xml
CkZipEntryW entry;
success = zip.EntryAt(0,entry);
if (success == false) {
wprintf(L"Zip contains no files...\n");
return;
}
// Get the XML:
const wchar_t *origXml = entry.unzipToString(0,L"utf-8");
wprintf(L"Original XML extracted from base64 zip:\n");
wprintf(L"%s\n",origXml);
}