Sample code for 30+ languages & platforms
AutoIt

XML-DSig Add Reference with Transforms Specified Explicitly

Demonstrates how to use the new AddSameDocRef2 method to explicitly specify the XML Transforms fragment.

Chilkat AutoIt Downloads

AutoIt
Local $bSuccess = False

; This example requires the Chilkat API to have been previously unlocked.
; See Global Unlock Sample for sample code.

$bSuccess = True

; Create the following XML to be signed:

; <doc>
;     <s id="s1">Some text...</s>
;     <p>Some text...</p>
;     <p class="note">A note...</p>
; </doc>

; Use this online tool to generate code from sample XML: 
; Generate Code to Create XML

$oXmlToSign = ObjCreate("Chilkat.Xml")
$oXmlToSign.Tag = "doc"
$oXmlToSign.UpdateAttrAt("s",True,"id","s1")
$oXmlToSign.UpdateChildContent "s","Some text..."
$oXmlToSign.UpdateChildContent "p","Some text..."
$oXmlToSign.UpdateAttrAt("p[1]",True,"class","note")
$oXmlToSign.UpdateChildContent "p[1]","A note..."

ConsoleWrite($oXmlToSign.GetXml() & @CRLF)

$oGen = ObjCreate("Chilkat.XmlDSigGen")

$oGen.SigLocation = "doc"
$oGen.SigLocationMod = 0
$oGen.SigId = "Signature-78f29839-06af-448f-b479-ca46457fab1b-Signature"
$oGen.SigNamespacePrefix = "ds"
$oGen.SigNamespaceUri = "http://www.w3.org/2000/09/xmldsig#"
$oGen.SigValueId = "Signature-78f29839-06af-448f-b479-ca46457fab1b-SignatureValue"
$oGen.SignedInfoCanonAlg = "C14N"
$oGen.SignedInfoDigestMethod = "sha1"

; Set the KeyInfoId before adding references..
$oGen.KeyInfoId = "Signature-78f29839-06af-448f-b479-ca46457fab1b-KeyInfo"

; The following XML to be added as an Object to the Signature

; Use this online tool to generate code from sample XML: 
; Generate Code to Create XML

; <xades:QualifyingProperties Id="Signature-78f29839-06af-448f-b479-ca46457fab1b-QualifyingProperties" Target="#Signature-78f29839-06af-448f-b479-ca46457fab1b-Signature" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:xades="http://uri.etsi.org/01903/v1.3.2#">
;     <xades:SignedProperties Id="Signature-78f29839-06af-448f-b479-ca46457fab1b-SignedProperties">
;         <xades:SignedSignatureProperties>
;             <xades:SigningTime>TO BE GENERATED BY CHILKAT</xades:SigningTime>
;             <xades:SigningCertificate>
;                 <xades:Cert>
;                     <xades:CertDigest>
;                         <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
;                         <ds:DigestValue>TO BE GENERATED BY CHILKAT</ds:DigestValue>
;                     </xades:CertDigest>
;                     <xades:IssuerSerial>
;                         <ds:X509IssuerName>TO BE GENERATED BY CHILKAT</ds:X509IssuerName>
;                         <ds:X509SerialNumber>TO BE GENERATED BY CHILKAT</ds:X509SerialNumber>
;                     </xades:IssuerSerial>
;                 </xades:Cert>
;             </xades:SigningCertificate>
;         </xades:SignedSignatureProperties>
;         <xades:SignedDataObjectProperties>
;             <xades:DataObjectFormat ObjectReference="#Reference-24eb6003-d41c-442c-a731-d4c58f94790b">
;                 <xades:Description/>
;                 <xades:ObjectIdentifier>
;                     <xades:Identifier Qualifier="OIDAsURN">urn:oid:1.2.840.10003.5.109.10</xades:Identifier>
;                     <xades:Description/>
;                 </xades:ObjectIdentifier>
;                 <xades:MimeType>text/xml</xades:MimeType>
;                 <xades:Encoding/>
;             </xades:DataObjectFormat>
;         </xades:SignedDataObjectProperties>
;     </xades:SignedProperties>
; </xades:QualifyingProperties>

$oObject1 = ObjCreate("Chilkat.Xml")
$oObject1.Tag = "xades:QualifyingProperties"
$oObject1.AddAttribute("Id","Signature-78f29839-06af-448f-b479-ca46457fab1b-QualifyingProperties")
$oObject1.AddAttribute("Target","#Signature-78f29839-06af-448f-b479-ca46457fab1b-Signature")
$oObject1.AddAttribute("xmlns:ds","http://www.w3.org/2000/09/xmldsig#")
$oObject1.AddAttribute("xmlns:xades","http://uri.etsi.org/01903/v1.3.2#")
$oObject1.UpdateAttrAt("xades:SignedProperties",True,"Id","Signature-78f29839-06af-448f-b479-ca46457fab1b-SignedProperties")
$oObject1.UpdateChildContent "xades:SignedProperties|xades:SignedSignatureProperties|xades:SigningTime","TO BE GENERATED BY CHILKAT"
; Note: It may be that http://www.w3.org/2001/04/xmlenc#sha256 is needed in the following line instead of http://www.w3.org/2000/09/xmldsig#sha1
$oObject1.UpdateAttrAt("xades:SignedProperties|xades:SignedSignatureProperties|xades:SigningCertificateV2|xades:Cert|xades:CertDigest|ds:DigestMethod",True,"Algorithm","http://www.w3.org/2000/09/xmldsig#sha1")
$oObject1.UpdateChildContent "xades:SignedProperties|xades:SignedSignatureProperties|xades:SigningCertificateV2|xades:Cert|xades:CertDigest|ds:DigestValue","TO BE GENERATED BY CHILKAT"
$oObject1.UpdateChildContent "xades:SignedProperties|xades:SignedSignatureProperties|xades:SigningCertificateV2|xades:Cert|xades:IssuerSerialV2","TO BE GENERATED BY CHILKAT"
$oObject1.UpdateAttrAt("xades:SignedProperties|xades:SignedDataObjectProperties|xades:DataObjectFormat",True,"ObjectReference","#Reference-24eb6003-d41c-442c-a731-d4c58f94790b")
$oObject1.UpdateChildContent "xades:SignedProperties|xades:SignedDataObjectProperties|xades:DataObjectFormat|xades:Description",""
$oObject1.UpdateAttrAt("xades:SignedProperties|xades:SignedDataObjectProperties|xades:DataObjectFormat|xades:ObjectIdentifier|xades:Identifier",True,"Qualifier","OIDAsURN")
$oObject1.UpdateChildContent "xades:SignedProperties|xades:SignedDataObjectProperties|xades:DataObjectFormat|xades:ObjectIdentifier|xades:Identifier","urn:oid:1.2.840.10003.5.109.10"
$oObject1.UpdateChildContent "xades:SignedProperties|xades:SignedDataObjectProperties|xades:DataObjectFormat|xades:ObjectIdentifier|xades:Description",""
$oObject1.UpdateChildContent "xades:SignedProperties|xades:SignedDataObjectProperties|xades:DataObjectFormat|xades:MimeType","text/xml"
$oObject1.UpdateChildContent "xades:SignedProperties|xades:SignedDataObjectProperties|xades:DataObjectFormat|xades:Encoding",""

ConsoleWrite($oObject1.GetXml() & @CRLF)

$oGen.AddObject("",$oObject1.GetXml(),"","")

; -------- Reference 1 --------

; Create the following Transforms fragment:

; Use this online tool to generate code from sample XML: 
; Generate Code to Create XML

; <ds:Transforms>
;     <ds:Transform Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
;     <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
;     <ds:Transform Algorithm="http://www.w3.org/TR/1999/REC-xpath-19991116">
;         <ds:XPath xmlns:ds="http://www.w3.org/2000/09/xmldsig#">not(ancestor-or-self::ds:Signature)</ds:XPath>
;     </ds:Transform>
; </ds:Transforms>

$oXml1 = ObjCreate("Chilkat.Xml")
$oXml1.Tag = "ds:Transforms"
$oXml1.UpdateAttrAt("ds:Transform",True,"Algorithm","http://www.w3.org/TR/2001/REC-xml-c14n-20010315")
$oXml1.UpdateAttrAt("ds:Transform[1]",True,"Algorithm","http://www.w3.org/2000/09/xmldsig#enveloped-signature")
$oXml1.UpdateAttrAt("ds:Transform[2]",True,"Algorithm","http://www.w3.org/TR/1999/REC-xpath-19991116")
$oXml1.UpdateAttrAt("ds:Transform[2]|ds:XPath",True,"xmlns:ds","http://www.w3.org/2000/09/xmldsig#")
$oXml1.UpdateChildContent "ds:Transform[2]|ds:XPath","not(ancestor-or-self::ds:Signature)"

; This is the "Transforms" XML fragment passed to AddSameDocRef2.
ConsoleWrite($oXml1.GetXml() & @CRLF)

$oGen.AddSameDocRef2("","sha1",$oXml1,"")

$oGen.SetRefIdAttr("","Reference-24eb6003-d41c-442c-a731-d4c58f94790b")

; -------- Reference 2 --------
$oGen.AddObjectRef("Signature-78f29839-06af-448f-b479-ca46457fab1b-SignedProperties","sha1","","","http://uri.etsi.org/01903#SignedProperties")

; -------- Reference 3 --------
$oGen.AddSameDocRef("Signature-78f29839-06af-448f-b479-ca46457fab1b-KeyInfo","sha1","","","")

; Provide a certificate + private key. (PFX password is test123)
$oCert = ObjCreate("Chilkat.Cert")
$bSuccess = $oCert.LoadPfxFile("qa_data/pfx/cert_test123.pfx","test123")
If ($bSuccess <> True) Then
    ConsoleWrite($oCert.LastErrorText & @CRLF)
    Exit
EndIf

$oGen.SetX509Cert($oCert,True)

$oGen.KeyInfoType = "X509Data+KeyValue"
$oGen.X509Type = "CertChain"

; Load XML to be signed...
$oSbXml = ObjCreate("Chilkat.StringBuilder")
$oXmlToSign.GetXmlSb($oSbXml)

$oGen.Behaviors = "IndentedSignature"

; Sign the XML...
$bSuccess = $oGen.CreateXmlDSigSb($oSbXml)
If ($bSuccess <> True) Then
    ConsoleWrite($oGen.LastErrorText & @CRLF)
    Exit
EndIf

; -----------------------------------------------

; Save the signed XML to a file.
$bSuccess = $oSbXml.WriteFile("qa_output/signedXml.xml","utf-8",False)

ConsoleWrite($oSbXml.GetAsString() & @CRLF)

; ----------------------------------------
; Verify the signatures we just produced...
$oVerifier = ObjCreate("Chilkat.XmlDSig")
$bSuccess = $oVerifier.LoadSignatureSb($oSbXml)
If ($bSuccess <> True) Then
    ConsoleWrite($oVerifier.LastErrorText & @CRLF)
    Exit
EndIf

Local $iNumSigs = $oVerifier.NumSignatures
Local $iVerifyIdx = 0
While $iVerifyIdx < $iNumSigs
    $oVerifier.Selector = $iVerifyIdx
Local $bVerified = $oVerifier.VerifySignature(True)
    If ($bVerified <> True) Then
        ConsoleWrite($oVerifier.LastErrorText & @CRLF)
        Exit
    EndIf

    $iVerifyIdx = $iVerifyIdx + 1
Wend
ConsoleWrite("All signatures were successfully verified." & @CRLF)