Sample code for 30+ languages & platforms
JavaScript

XML-DSig Add Reference with Transforms Specified Explicitly

Demonstrates how to use the new AddSameDocRef2 method to explicitly specify the XML Transforms fragment.
Note
This example is intended for running within a Chilkat.Js embedded JavaScript engine. All Chilkat JavaScript examples require Chilkat v11.4.0 or greater.
JavaScript
var success = false;

// This example requires the Chilkat API to have been previously unlocked.
// See Global Unlock Sample for sample code.

success = true;

// Create the following XML to be signed:

// <doc>
//     <s id="s1">Some text...</s>
//     <p>Some text...</p>
//     <p class="note">A note...</p>
// </doc>

// Use this online tool to generate code from sample XML: 
// Generate Code to Create XML

var xmlToSign = new CkXml();
xmlToSign.Tag = "doc";
xmlToSign.UpdateAttrAt("s",true,"id","s1");
xmlToSign.UpdateChildContent("s","Some text...");
xmlToSign.UpdateChildContent("p","Some text...");
xmlToSign.UpdateAttrAt("p[1]",true,"class","note");
xmlToSign.UpdateChildContent("p[1]","A note...");

console.log(xmlToSign.GetXml());

var gen = new CkXmlDSigGen();

gen.SigLocation = "doc";
gen.SigLocationMod = 0;
gen.SigId = "Signature-78f29839-06af-448f-b479-ca46457fab1b-Signature";
gen.SigNamespacePrefix = "ds";
gen.SigNamespaceUri = "http://www.w3.org/2000/09/xmldsig#";
gen.SigValueId = "Signature-78f29839-06af-448f-b479-ca46457fab1b-SignatureValue";
gen.SignedInfoCanonAlg = "C14N";
gen.SignedInfoDigestMethod = "sha1";

// Set the KeyInfoId before adding references..
gen.KeyInfoId = "Signature-78f29839-06af-448f-b479-ca46457fab1b-KeyInfo";

// The following XML to be added as an Object to the Signature

// Use this online tool to generate code from sample XML: 
// Generate Code to Create XML

// <xades:QualifyingProperties Id="Signature-78f29839-06af-448f-b479-ca46457fab1b-QualifyingProperties" Target="#Signature-78f29839-06af-448f-b479-ca46457fab1b-Signature" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:xades="http://uri.etsi.org/01903/v1.3.2#">
//     <xades:SignedProperties Id="Signature-78f29839-06af-448f-b479-ca46457fab1b-SignedProperties">
//         <xades:SignedSignatureProperties>
//             <xades:SigningTime>TO BE GENERATED BY CHILKAT</xades:SigningTime>
//             <xades:SigningCertificate>
//                 <xades:Cert>
//                     <xades:CertDigest>
//                         <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
//                         <ds:DigestValue>TO BE GENERATED BY CHILKAT</ds:DigestValue>
//                     </xades:CertDigest>
//                     <xades:IssuerSerial>
//                         <ds:X509IssuerName>TO BE GENERATED BY CHILKAT</ds:X509IssuerName>
//                         <ds:X509SerialNumber>TO BE GENERATED BY CHILKAT</ds:X509SerialNumber>
//                     </xades:IssuerSerial>
//                 </xades:Cert>
//             </xades:SigningCertificate>
//         </xades:SignedSignatureProperties>
//         <xades:SignedDataObjectProperties>
//             <xades:DataObjectFormat ObjectReference="#Reference-24eb6003-d41c-442c-a731-d4c58f94790b">
//                 <xades:Description/>
//                 <xades:ObjectIdentifier>
//                     <xades:Identifier Qualifier="OIDAsURN">urn:oid:1.2.840.10003.5.109.10</xades:Identifier>
//                     <xades:Description/>
//                 </xades:ObjectIdentifier>
//                 <xades:MimeType>text/xml</xades:MimeType>
//                 <xades:Encoding/>
//             </xades:DataObjectFormat>
//         </xades:SignedDataObjectProperties>
//     </xades:SignedProperties>
// </xades:QualifyingProperties>

var object1 = new CkXml();
object1.Tag = "xades:QualifyingProperties";
object1.AddAttribute("Id","Signature-78f29839-06af-448f-b479-ca46457fab1b-QualifyingProperties");
object1.AddAttribute("Target","#Signature-78f29839-06af-448f-b479-ca46457fab1b-Signature");
object1.AddAttribute("xmlns:ds","http://www.w3.org/2000/09/xmldsig#");
object1.AddAttribute("xmlns:xades","http://uri.etsi.org/01903/v1.3.2#");
object1.UpdateAttrAt("xades:SignedProperties",true,"Id","Signature-78f29839-06af-448f-b479-ca46457fab1b-SignedProperties");
object1.UpdateChildContent("xades:SignedProperties|xades:SignedSignatureProperties|xades:SigningTime","TO BE GENERATED BY CHILKAT");
// Note: It may be that http://www.w3.org/2001/04/xmlenc#sha256 is needed in the following line instead of http://www.w3.org/2000/09/xmldsig#sha1
object1.UpdateAttrAt("xades:SignedProperties|xades:SignedSignatureProperties|xades:SigningCertificateV2|xades:Cert|xades:CertDigest|ds:DigestMethod",true,"Algorithm","http://www.w3.org/2000/09/xmldsig#sha1");
object1.UpdateChildContent("xades:SignedProperties|xades:SignedSignatureProperties|xades:SigningCertificateV2|xades:Cert|xades:CertDigest|ds:DigestValue","TO BE GENERATED BY CHILKAT");
object1.UpdateChildContent("xades:SignedProperties|xades:SignedSignatureProperties|xades:SigningCertificateV2|xades:Cert|xades:IssuerSerialV2","TO BE GENERATED BY CHILKAT");
object1.UpdateAttrAt("xades:SignedProperties|xades:SignedDataObjectProperties|xades:DataObjectFormat",true,"ObjectReference","#Reference-24eb6003-d41c-442c-a731-d4c58f94790b");
object1.UpdateChildContent("xades:SignedProperties|xades:SignedDataObjectProperties|xades:DataObjectFormat|xades:Description","");
object1.UpdateAttrAt("xades:SignedProperties|xades:SignedDataObjectProperties|xades:DataObjectFormat|xades:ObjectIdentifier|xades:Identifier",true,"Qualifier","OIDAsURN");
object1.UpdateChildContent("xades:SignedProperties|xades:SignedDataObjectProperties|xades:DataObjectFormat|xades:ObjectIdentifier|xades:Identifier","urn:oid:1.2.840.10003.5.109.10");
object1.UpdateChildContent("xades:SignedProperties|xades:SignedDataObjectProperties|xades:DataObjectFormat|xades:ObjectIdentifier|xades:Description","");
object1.UpdateChildContent("xades:SignedProperties|xades:SignedDataObjectProperties|xades:DataObjectFormat|xades:MimeType","text/xml");
object1.UpdateChildContent("xades:SignedProperties|xades:SignedDataObjectProperties|xades:DataObjectFormat|xades:Encoding","");

console.log(object1.GetXml());

gen.AddObject("",object1.GetXml(),"","");

// -------- Reference 1 --------

// Create the following Transforms fragment:

// Use this online tool to generate code from sample XML: 
// Generate Code to Create XML

// <ds:Transforms>
//     <ds:Transform Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
//     <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
//     <ds:Transform Algorithm="http://www.w3.org/TR/1999/REC-xpath-19991116">
//         <ds:XPath xmlns:ds="http://www.w3.org/2000/09/xmldsig#">not(ancestor-or-self::ds:Signature)</ds:XPath>
//     </ds:Transform>
// </ds:Transforms>

var xml1 = new CkXml();
xml1.Tag = "ds:Transforms";
xml1.UpdateAttrAt("ds:Transform",true,"Algorithm","http://www.w3.org/TR/2001/REC-xml-c14n-20010315");
xml1.UpdateAttrAt("ds:Transform[1]",true,"Algorithm","http://www.w3.org/2000/09/xmldsig#enveloped-signature");
xml1.UpdateAttrAt("ds:Transform[2]",true,"Algorithm","http://www.w3.org/TR/1999/REC-xpath-19991116");
xml1.UpdateAttrAt("ds:Transform[2]|ds:XPath",true,"xmlns:ds","http://www.w3.org/2000/09/xmldsig#");
xml1.UpdateChildContent("ds:Transform[2]|ds:XPath","not(ancestor-or-self::ds:Signature)");

// This is the "Transforms" XML fragment passed to AddSameDocRef2.
console.log(xml1.GetXml());

gen.AddSameDocRef2("","sha1",xml1,"");

gen.SetRefIdAttr("","Reference-24eb6003-d41c-442c-a731-d4c58f94790b");

// -------- Reference 2 --------
gen.AddObjectRef("Signature-78f29839-06af-448f-b479-ca46457fab1b-SignedProperties","sha1","","","http://uri.etsi.org/01903#SignedProperties");

// -------- Reference 3 --------
gen.AddSameDocRef("Signature-78f29839-06af-448f-b479-ca46457fab1b-KeyInfo","sha1","","","");

// Provide a certificate + private key. (PFX password is test123)
var cert = new CkCert();
success = cert.LoadPfxFile("qa_data/pfx/cert_test123.pfx","test123");
if (success !== true) {
    console.log(cert.LastErrorText);
    return;
}

gen.SetX509Cert(cert,true);

gen.KeyInfoType = "X509Data+KeyValue";
gen.X509Type = "CertChain";

// Load XML to be signed...
var sbXml = new CkStringBuilder();
xmlToSign.GetXmlSb(sbXml);

gen.Behaviors = "IndentedSignature";

// Sign the XML...
success = gen.CreateXmlDSigSb(sbXml);
if (success !== true) {
    console.log(gen.LastErrorText);
    return;
}

// -----------------------------------------------

// Save the signed XML to a file.
success = sbXml.WriteFile("qa_output/signedXml.xml","utf-8",false);

console.log(sbXml.GetAsString());

// ----------------------------------------
// Verify the signatures we just produced...
var verifier = new CkXmlDSig();
success = verifier.LoadSignatureSb(sbXml);
if (success !== true) {
    console.log(verifier.LastErrorText);
    return;
}

var numSigs = verifier.NumSignatures;
var verifyIdx = 0;
while (verifyIdx < numSigs) {
    verifier.Selector = verifyIdx;
    var verified = verifier.VerifySignature(true);
    if (verified !== true) {
        console.log(verifier.LastErrorText);
        return;
    }

    verifyIdx = verifyIdx+1;
}

console.log("All signatures were successfully verified.");