Objective-C
Objective-C
Add EncapsulatedTimestamp to Already-Signed XML
See more XML Digital Signatures Examples
Demonstrates how to add an EncapsulatedTimestamp to an existing XML signature.Note: This example requires Chilkat v9.5.0.90 or greater.
Chilkat Objective-C Downloads
#import <CkoStringBuilder.h>
#import <CkoXmlDSig.h>
#import <CkoJsonObject.h>
BOOL success = NO;
// This example requires the Chilkat API to have been previously unlocked.
// See Global Unlock Sample for sample code.
// Note: We cannot load the already-signed XML into a Chilkat XML object because it would re-format the XML when re-emitted.
// (i.e. indentation and whitespace could change, and it would invalidate the existing signature.)
// We must use a StringBuilder.
CkoStringBuilder *sbXml = [[CkoStringBuilder alloc] init];
success = [sbXml LoadFile: @"qa_data/xml_dsig_valid_samples/encapsulatedTimestamp_not_yet_added.xml" charset: @"utf-8"];
if (success == NO) {
NSLog(@"%@",@"Failed to load the XML file.");
return;
}
CkoXmlDSig *dsig = [[CkoXmlDSig alloc] init];
success = [dsig LoadSignatureSb: sbXml];
if (success == NO) {
NSLog(@"%@",dsig.LastErrorText);
return;
}
if ([dsig HasEncapsulatedTimeStamp] == YES) {
NSLog(@"%@",@"This signed XML already has an EncapsulatedTimeStamp");
return;
}
// Specify the timestamping authority URL
CkoJsonObject *json = [[CkoJsonObject alloc] init];
[json UpdateString: @"timestampToken.tsaUrl" value: @"http://timestamp.digicert.com"];
[json UpdateBool: @"timestampToken.requestTsaCert" value: YES];
// Call AddEncapsulatedTimeStamp to add the EncapsulatedTimeStamp to the signature.
// Note: If the signed XML contains multiple signatures, the signature modified is the one
// indicated by the dsig.Selector property.
CkoStringBuilder *sbOut = [[CkoStringBuilder alloc] init];
success = [dsig AddEncapsulatedTimeStamp: json sbOut: sbOut];
if (success == NO) {
NSLog(@"%@",dsig.LastErrorText);
return;
}
[sbOut WriteFile: @"qa_output/addedEncapsulatedTimeStamp.xml" charset: @"utf-8" emitBom: NO];
// The EncapsulatedTimeStamp can be validated when validating the signature by adding the VerifyEncapsulatedTimeStamp
// keyword to UncommonOptions. See here:
// ----------------------------------------
// Verify the signatures we just produced...
CkoXmlDSig *verifier = [[CkoXmlDSig alloc] init];
success = [verifier LoadSignatureSb: sbOut];
if (success != YES) {
NSLog(@"%@",verifier.LastErrorText);
return;
}
// Add "VerifyEncapsulatedTimeStamp" to the UncommonOptions to also verify any EncapsulatedTimeStamps
verifier.UncommonOptions = @"VerifyEncapsulatedTimeStamp";
int numSigs = [verifier.NumSignatures intValue];
int verifyIdx = 0;
while (verifyIdx < numSigs) {
verifier.Selector = [NSNumber numberWithInt: verifyIdx];
BOOL verified = [verifier VerifySignature: YES];
if (verified != YES) {
NSLog(@"%@",verifier.LastErrorText);
return;
}
verifyIdx = verifyIdx + 1;
}
NSLog(@"%@",@"All signatures were successfully verified.");