|
|
(JavaScript) XML-DSig Add Object Reference with Transforms Specified Explicitly
Demonstrates how to use the new AddObjectRef2 method to explicitly specify the XML Transforms fragment.
var success = false;
// This example requires the Chilkat API to have been previously unlocked.
// See Global Unlock Sample for sample code.
success = true;
// Build the following XML to be signed:
// <?xml version="1.0" encoding="utf-8"?>
// <InitUpload xmlns="http://e-dokumenty.mf.gov.pl">
// <DocumentType>JPK</DocumentType>
// <Version>01.02.01.20160617</Version>
// <EncryptionKey algorithm="RSA" encoding="Base64" mode="ECB" padding="PKCS#1">xxxx</EncryptionKey>
// <DocumentList>
// <Document>
// <FormCode schemaVersion="1-1" systemCode="JPK_VAT (3)">JPK_VAT</FormCode>
// <FileName>JPK_VAT_3_v1-1_20181201.xml</FileName>
// <ContentLength>8736</ContentLength>
// <HashValue algorithm="SHA-256" encoding="Base64">JEDI1pItwh6dj/Xx1uts/x61qnjZ4DLHpkZMhmf1oKQ=</HashValue>
// <FileSignatureList filesNumber="1">
// <Packaging>
// <SplitZip mode="zip" type="split"/>
// </Packaging>
// <Encryption>
// <AES block="16" mode="CBC" padding="PKCS#7" size="256">
// <IV bytes="16" encoding="Base64">z64oN9zXHt1+S3XACRSCYw==</IV>
// </AES>
// </Encryption>
// <FileSignature>
// <OrdinalNumber>1</OrdinalNumber>
// <FileName>JPK_VAT_3_v1-1_20181201-000.xml.zip.aes</FileName>
// <ContentLength>16</ContentLength>
// <HashValue algorithm="MD5" encoding="Base64">5MX0q1935fvMjLFV7E1yDw==</HashValue>
// </FileSignature>
// </FileSignatureList>
// </Document>
// </DocumentList>
// </InitUpload>
// Use this online tool to generate code from sample XML:
// Generate Code to Create XML
var xmlToSign = new CkXml();
xmlToSign.Tag = "InitUpload";
xmlToSign.AddAttribute("xmlns","http://e-dokumenty.mf.gov.pl");
xmlToSign.UpdateChildContent("DocumentType","JPK");
xmlToSign.UpdateChildContent("Version","01.02.01.20160617");
xmlToSign.UpdateAttrAt("EncryptionKey",true,"algorithm","RSA");
xmlToSign.UpdateAttrAt("EncryptionKey",true,"encoding","Base64");
xmlToSign.UpdateAttrAt("EncryptionKey",true,"mode","ECB");
xmlToSign.UpdateAttrAt("EncryptionKey",true,"padding","PKCS#1");
xmlToSign.UpdateChildContent("EncryptionKey","xxxx");
xmlToSign.UpdateAttrAt("DocumentList|Document|FormCode",true,"schemaVersion","1-1");
xmlToSign.UpdateAttrAt("DocumentList|Document|FormCode",true,"systemCode","JPK_VAT (3)");
xmlToSign.UpdateChildContent("DocumentList|Document|FormCode","JPK_VAT");
xmlToSign.UpdateChildContent("DocumentList|Document|FileName","JPK_VAT_3_v1-1_20181201.xml");
xmlToSign.UpdateChildContent("DocumentList|Document|ContentLength","8736");
xmlToSign.UpdateAttrAt("DocumentList|Document|HashValue",true,"algorithm","SHA-256");
xmlToSign.UpdateAttrAt("DocumentList|Document|HashValue",true,"encoding","Base64");
xmlToSign.UpdateChildContent("DocumentList|Document|HashValue","JEDI1pItwh6dj/Xx1uts/x61qnjZ4DLHpkZMhmf1oKQ=");
xmlToSign.UpdateAttrAt("DocumentList|Document|FileSignatureList",true,"filesNumber","1");
xmlToSign.UpdateAttrAt("DocumentList|Document|FileSignatureList|Packaging|SplitZip",true,"mode","zip");
xmlToSign.UpdateAttrAt("DocumentList|Document|FileSignatureList|Packaging|SplitZip",true,"type","split");
xmlToSign.UpdateAttrAt("DocumentList|Document|FileSignatureList|Encryption|AES",true,"block","16");
xmlToSign.UpdateAttrAt("DocumentList|Document|FileSignatureList|Encryption|AES",true,"mode","CBC");
xmlToSign.UpdateAttrAt("DocumentList|Document|FileSignatureList|Encryption|AES",true,"padding","PKCS#7");
xmlToSign.UpdateAttrAt("DocumentList|Document|FileSignatureList|Encryption|AES",true,"size","256");
xmlToSign.UpdateAttrAt("DocumentList|Document|FileSignatureList|Encryption|AES|IV",true,"bytes","16");
xmlToSign.UpdateAttrAt("DocumentList|Document|FileSignatureList|Encryption|AES|IV",true,"encoding","Base64");
xmlToSign.UpdateChildContent("DocumentList|Document|FileSignatureList|Encryption|AES|IV","z64oN9zXHt1+S3XACRSCYw==");
xmlToSign.UpdateChildContent("DocumentList|Document|FileSignatureList|FileSignature|OrdinalNumber","1");
xmlToSign.UpdateChildContent("DocumentList|Document|FileSignatureList|FileSignature|FileName","JPK_VAT_3_v1-1_20181201-000.xml.zip.aes");
xmlToSign.UpdateChildContent("DocumentList|Document|FileSignatureList|FileSignature|ContentLength","16");
xmlToSign.UpdateAttrAt("DocumentList|Document|FileSignatureList|FileSignature|HashValue",true,"algorithm","MD5");
xmlToSign.UpdateAttrAt("DocumentList|Document|FileSignatureList|FileSignature|HashValue",true,"encoding","Base64");
xmlToSign.UpdateChildContent("DocumentList|Document|FileSignatureList|FileSignature|HashValue","5MX0q1935fvMjLFV7E1yDw==");
var gen = new CkXmlDSigGen();
gen.SigLocation = "InitUpload";
gen.SigLocationMod = 0;
gen.SigId = "id-1234";
gen.SigNamespacePrefix = "ds";
gen.SigNamespaceUri = "http://www.w3.org/2000/09/xmldsig#";
gen.SignedInfoCanonAlg = "EXCL_C14N";
gen.SignedInfoDigestMethod = "sha256";
// Create an Object to be added to the Signature.
// <xades:QualifyingProperties Target="#id-1234" xmlns:xades="http://uri.etsi.org/01903/v1.3.2#">
// <xades:SignedProperties Id="xades-id-1234">
// <xades:SignedSignatureProperties>
// <xades:SigningTime>TO BE GENERATED BY CHILKAT</xades:SigningTime>
// <xades:SigningCertificate>
// <xades:Cert>
// <xades:CertDigest>
// <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
// <ds:DigestValue>TO BE GENERATED BY CHILKAT</ds:DigestValue>
// </xades:CertDigest>
// <xades:IssuerSerial>
// <ds:X509IssuerName>TO BE GENERATED BY CHILKAT</ds:X509IssuerName>
// <ds:X509SerialNumber>TO BE GENERATED BY CHILKAT</ds:X509SerialNumber>
// </xades:IssuerSerial>
// </xades:Cert>
// </xades:SigningCertificate>
// </xades:SignedSignatureProperties>
// <xades:SignedDataObjectProperties>
// <xades:DataObjectFormat ObjectReference="#r-id-1">
// <xades:MimeType>text/xml</xades:MimeType>
// </xades:DataObjectFormat>
// </xades:SignedDataObjectProperties>
// </xades:SignedProperties>
// </xades:QualifyingProperties>
var object1 = new CkXml();
object1.Tag = "xades:QualifyingProperties";
object1.AddAttribute("xmlns:xades","http://uri.etsi.org/01903/v1.3.2#");
object1.AddAttribute("Target","#id-1234");
object1.UpdateAttrAt("xades:SignedProperties",true,"Id","xades-id-1234");
// Note: It may be that http://www.w3.org/2001/04/xmlenc#sha256 is needed in the following line instead of http://www.w3.org/2000/09/xmldsig#sha1
object1.UpdateChildContent("xades:SignedProperties|xades:SignedSignatureProperties|xades:SigningTime","TO BE GENERATED BY CHILKAT");
object1.UpdateAttrAt("xades:SignedProperties|xades:SignedSignatureProperties|xades:SigningCertificateV2|xades:Cert|xades:CertDigest|ds:DigestMethod",true,"Algorithm","http://www.w3.org/2000/09/xmldsig#sha1");
object1.UpdateChildContent("xades:SignedProperties|xades:SignedSignatureProperties|xades:SigningCertificateV2|xades:Cert|xades:CertDigest|ds:DigestValue","TO BE GENERATED BY CHILKAT");
object1.UpdateChildContent("xades:SignedProperties|xades:SignedSignatureProperties|xades:SigningCertificateV2|xades:Cert|xades:IssuerSerialV2","TO BE GENERATED BY CHILKAT");
object1.UpdateAttrAt("xades:SignedProperties|xades:SignedDataObjectProperties|xades:DataObjectFormat",true,"ObjectReference","#r-id-1");
object1.UpdateChildContent("xades:SignedProperties|xades:SignedDataObjectProperties|xades:DataObjectFormat|xades:MimeType","text/xml");
gen.AddObject("",object1.GetXml(),"","");
// -------- Reference 1 --------
// Build the following Transforms fragment:
// <ds:Transforms>
// <ds:Transform Algorithm="http://www.w3.org/TR/1999/REC-xpath-19991116">
// <ds:XPath>not(ancestor-or-self::ds:Signature)</ds:XPath>
// </ds:Transform>
// <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
// </ds:Transforms>
var xml1 = new CkXml();
xml1.Tag = "ds:Transforms";
xml1.UpdateAttrAt("ds:Transform",true,"Algorithm","http://www.w3.org/TR/1999/REC-xpath-19991116");
xml1.UpdateChildContent("ds:Transform|ds:XPath","not(ancestor-or-self::ds:Signature)");
xml1.UpdateAttrAt("ds:Transform[1]",true,"Algorithm","http://www.w3.org/2001/10/xml-exc-c14n#");
gen.AddSameDocRef2("","sha256",xml1,"");
gen.SetRefIdAttr("","r-id-1");
// -------- Reference 2 --------
// Build the following Transforms fragment:
// <ds:Transforms>
// <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
// </ds:Transforms>
var xml2 = new CkXml();
xml2.Tag = "ds:Transforms";
xml2.UpdateAttrAt("ds:Transform",true,"Algorithm","http://www.w3.org/2001/10/xml-exc-c14n#");
gen.AddObjectRef2("xades-id-1234","sha256",xml2,"http://uri.etsi.org/01903#SignedProperties");
// Provide a certificate + private key. (PFX password is test123)
var cert = new CkCert();
success = cert.LoadPfxFile("qa_data/pfx/cert_test123.pfx","test123");
if (success !== true) {
console.log(cert.LastErrorText);
return;
}
gen.SetX509Cert(cert,true);
gen.KeyInfoType = "X509Data";
gen.X509Type = "Certificate";
// Load XML to be signed...
var sbXml = new CkStringBuilder();
xmlToSign.GetXmlSb(sbXml);
gen.Behaviors = "IndentedSignature";
// Sign the XML...
success = gen.CreateXmlDSigSb(sbXml);
if (success !== true) {
console.log(gen.LastErrorText);
return;
}
// -----------------------------------------------
// Save the signed XML to a file.
success = sbXml.WriteFile("qa_output/signedXml.xml","utf-8",false);
console.log(sbXml.GetAsString());
// ----------------------------------------
// Verify the signatures we just produced...
var verifier = new CkXmlDSig();
success = verifier.LoadSignatureSb(sbXml);
if (success !== true) {
console.log(verifier.LastErrorText);
return;
}
var numSigs = verifier.NumSignatures;
var verifyIdx = 0;
while (verifyIdx < numSigs) {
verifier.Selector = verifyIdx;
var verified = verifier.VerifySignature(true);
if (verified !== true) {
console.log(verifier.LastErrorText);
return;
}
verifyIdx = verifyIdx+1;
}
console.log("All signatures were successfully verified.");
|
