(JavaScript) Add EncapsulatedTimestamp to Already-Signed XML

See more XML Digital Signatures Examples

Demonstrates how to add an EncapsulatedTimestamp to an existing XML signature.

Note: This example requires Chilkat v9.5.0.90 or greater.

Note

This example is intended for running within a Chilkat.Js embedded JavaScript engine. All Chilkat JavaScript examples require Chilkat v11.4.0 or greater.

var success = false;

// This example requires the Chilkat API to have been previously unlocked.
// See Global Unlock Sample for sample code.

// Note: We cannot load the already-signed XML into a Chilkat XML object because it would re-format the XML when re-emitted.
// (i.e. indentation and whitespace could change, and it would invalidate the existing signature.)
// We must use a StringBuilder.
var sbXml = new CkStringBuilder();
success = sbXml.LoadFile("qa_data/xml_dsig_valid_samples/encapsulatedTimestamp_not_yet_added.xml","utf-8");
if (success == false) {
    console.log("Failed to load the XML file.");
    return;
}

var dsig = new CkXmlDSig();
success = dsig.LoadSignatureSb(sbXml);
if (success == false) {
    console.log(dsig.LastErrorText);
    return;
}

if (dsig.HasEncapsulatedTimeStamp() == true) {
    console.log("This signed XML already has an EncapsulatedTimeStamp");
    return;
}

// Specify the timestamping authority URL
var json = new CkJsonObject();
json.UpdateString("timestampToken.tsaUrl","http://timestamp.digicert.com");
json.UpdateBool("timestampToken.requestTsaCert",true);

// Call AddEncapsulatedTimeStamp to add the EncapsulatedTimeStamp to the signature.
// Note: If the signed XML contains multiple signatures, the signature modified is the one 
// indicated by the dsig.Selector property.
var sbOut = new CkStringBuilder();
success = dsig.AddEncapsulatedTimeStamp(json,sbOut);
if (success == false) {
    console.log(dsig.LastErrorText);
    return;
}

sbOut.WriteFile("qa_output/addedEncapsulatedTimeStamp.xml","utf-8",false);

// The EncapsulatedTimeStamp can be validated when validating the signature by adding the VerifyEncapsulatedTimeStamp
// keyword to UncommonOptions.  See here:

// ----------------------------------------
// Verify the signatures we just produced...
var verifier = new CkXmlDSig();
success = verifier.LoadSignatureSb(sbOut);
if (success !== true) {
    console.log(verifier.LastErrorText);
    return;
}

// Add "VerifyEncapsulatedTimeStamp" to the UncommonOptions to also verify any EncapsulatedTimeStamps
verifier.UncommonOptions = "VerifyEncapsulatedTimeStamp";

var numSigs = verifier.NumSignatures;
var verifyIdx = 0;
while (verifyIdx < numSigs) {
    verifier.Selector = verifyIdx;
    var verified = verifier.VerifySignature(true);
    if (verified !== true) {
        console.log(verifier.LastErrorText);
        return;
    }

    verifyIdx = verifyIdx+1;
}

console.log("All signatures were successfully verified.");