Sample code for 30+ languages & platforms
Pascal (Lazarus/Delphi)

Signed Zip as Base64 with XAdES-BES

See more XAdES Examples

This example is to help companies implement a solution for sending XAdES-BES to the Polish government for reporting purposes. Specifically:

Przed podpisaniem deklaracja zbiorcza (PIT-11Z, PIT-8CZ, PIT-40Z, PIT-RZ) musi zostać
umieszczona w archiwum ZIP. W tym przypadku, podpisywany jest plik archiwum ZIP,
przyjmujący w podpisie XAdES-BES formę zakodowaną base64.

The example demonstrates the following:

  1. Zip an XML file (PIT-11Z.xml is zipped to PIT-11Z.zip)
  2. Create XML to be signed, where the XML contains the base64 encoded content of the PIT-11Z.zip archive.
  3. XAdES-BES sign the XML containing the base64 zip.

This example will also show the reverse:

  1. Verify the signed XML.
  2. Extract the PIT-11z.zip from the signed XML.
  3. Unzip the PIT-11Z.zip to get the original PIT-11Z.xml

Chilkat Pascal (Lazarus/Delphi) Downloads

Pascal (Lazarus/Delphi)
program ChilkatDemo;

// Demonstrates using the Chilkat Pascal wrapper via the C bridge DLL.
// Builds as a console application under Lazarus (FPC) or Delphi.

{$IFDEF FPC}
  {$MODE DELPHI}
{$ENDIF}
{$APPTYPE CONSOLE}

uses
  {$IFDEF UNIX}
  cthreads,
  {$ENDIF}
  SysUtils,
  CkDllLoader,
  Chilkat.XmlDSigGen,
  Chilkat.XmlDSig,
  Chilkat.Zip,
  Chilkat.Cert,
  Chilkat.StringBuilder,
  Chilkat.BinData,
  Chilkat.ZipEntry,
  Chilkat.Xml;

// ---------------------------------------------------------------------------

procedure RunDemo;
var
  success: Boolean;
  sbXmlToZip: TStringBuilder;
  zip: TZip;
  bdZip: TBinData;
  gen: TXmlDSigGen;
  object1: TXml;
  cert: TCert;
  sbXml: TStringBuilder;
  verifier: TXmlDSig;
  verified: Boolean;
  xml: TXml;
  strZipBase64: string;
  entry: TZipEntry;
  origXml: string;

begin
  success := False;

  //  This example assumes the Chilkat API to have been previously unlocked.
  //  See Global Unlock Sample for sample code.

  //  Zip the PIT-11Z.xml to create PIT-11Z.zip (not as a .zip file, but in-memory).
  sbXmlToZip := TStringBuilder.Create;
  success := sbXmlToZip.LoadFile('qa_data/xml/PIT-11Z.xml','utf-8');
  if (success <> True) then
    begin
      WriteLn('Failed to load the XML to be zipped.');
      Exit;
    end;

  zip := TZip.Create;

  //  Initialize the zip object. No file is created in this call.
  //  It should always return True.
  success := zip.NewZip('PIT-11Z.zip');

  //  Add the XML to be zipped.
  zip.AddSb('PIT-11Z.xml',sbXmlToZip,'utf-8');

  //  Write the zip to a BinData object.
  bdZip := TBinData.Create;
  zip.WriteBd(bdZip);
  //  The contents of the bdZip will be retrieved in base64 format when needed below..

  gen := TXmlDSigGen.Create;

  gen.SigLocation := '';
  gen.SigLocationMod := 0;

  gen.SigId := 'Signature_2a8df7f8-b958-40cc-83f6-edb53b837347_19';
  gen.SigNamespacePrefix := 'ds';
  gen.SigNamespaceUri := 'http://www.w3.org/2000/09/xmldsig#';
  gen.SigValueId := 'SignatureValue_2a8df7f8-b958-40cc-83f6-edb53b837347_52';
  gen.SignedInfoId := 'SignedInfo_2a8df7f8-b958-40cc-83f6-edb53b837347_41';
  gen.SignedInfoCanonAlg := 'C14N';
  gen.SignedInfoDigestMethod := 'sha1';

  //  Set the KeyInfoId before adding references..
  gen.KeyInfoId := 'KeyInfo_2a8df7f8-b958-40cc-83f6-edb53b837347_24';

  //  Create an Object to be added to the Signature.
  object1 := TXml.Create;
  object1.Tag := 'xades:QualifyingProperties';
  object1.AddAttribute('xmlns:xades','http://uri.etsi.org/01903/v1.3.2#');
  object1.AddAttribute('Id','QualifyingProperties_2a8df7f8-b958-40cc-83f6-edb53b837347_43');
  object1.AddAttribute('Target','#Signature_2a8df7f8-b958-40cc-83f6-edb53b837347_19');
  object1.UpdateAttrAt('xades:SignedProperties',True,'Id','SignedProperties_2a8df7f8-b958-40cc-83f6-edb53b837347_4e');
  object1.UpdateAttrAt('xades:SignedProperties|xades:SignedSignatureProperties',True,'Id','SignedSignatureProperties_2a8df7f8-b958-40cc-83f6-edb53b837347_0a');
  //  Chilkat will replace the strings "TO BE GENERATED BY CHILKAT" with actual values when the signature is created.
  object1.UpdateChildContent('xades:SignedProperties|xades:SignedSignatureProperties|xades:SigningTime','TO BE GENERATED BY CHILKAT');
  //  Note: It may be that http://www.w3.org/2001/04/xmlenc#sha256 is needed in the following line instead of http://www.w3.org/2000/09/xmldsig#sha1
  object1.UpdateAttrAt('xades:SignedProperties|xades:SignedSignatureProperties|xades:SigningCertificateV2|xades:Cert|xades:CertDigest|ds:DigestMethod',True,'Algorithm','http://www.w3.org/2000/09/xmldsig#sha1');
  object1.UpdateChildContent('xades:SignedProperties|xades:SignedSignatureProperties|xades:SigningCertificateV2|xades:Cert|xades:CertDigest|ds:DigestValue','TO BE GENERATED BY CHILKAT');
  object1.UpdateChildContent('xades:SignedProperties|xades:SignedSignatureProperties|xades:SigningCertificateV2|xades:Cert|xades:IssuerSerialV2','TO BE GENERATED BY CHILKAT');
  object1.UpdateAttrAt('xades:SignedProperties|xades:SignedDataObjectProperties',True,'Id','SignedDataObjectProperties_2a8df7f8-b958-40cc-83f6-edb53b837347_4b');
  object1.UpdateAttrAt('xades:SignedProperties|xades:SignedDataObjectProperties|xades:DataObjectFormat',True,'ObjectReference','#Reference1_2a8df7f8-b958-40cc-83f6-edb53b837347_27');
  object1.UpdateChildContent('xades:SignedProperties|xades:SignedDataObjectProperties|xades:DataObjectFormat|xades:Description','MIME-Version: 1.0' + #13#10 + 'Content-Type: application/zip' + #13#10 + 'Content-Transfer-Encoding: binary' + #13#10 + 'Content-Disposition: filename=&quot;PIT-11Z.zip&quot;');
  object1.UpdateAttrAt('xades:SignedProperties|xades:SignedDataObjectProperties|xades:DataObjectFormat|xades:ObjectIdentifier|xades:Identifier',True,'Qualifier','OIDAsURI');
  object1.UpdateChildContent('xades:SignedProperties|xades:SignedDataObjectProperties|xades:DataObjectFormat|xades:ObjectIdentifier|xades:Identifier','http://www.certum.pl/OIDAsURI/signedFile/1.2.616.1.113527.3.1.1.3.1');
  object1.UpdateChildContent('xades:SignedProperties|xades:SignedDataObjectProperties|xades:DataObjectFormat|xades:ObjectIdentifier|xades:Description','Opis formatu dokumentu oraz jego pelna nazwa');
  object1.UpdateChildContent('xades:SignedProperties|xades:SignedDataObjectProperties|xades:DataObjectFormat|xades:ObjectIdentifier|xades:DocumentationReferences|xades:DocumentationReference','http://www.certum.pl/OIDAsURI/signedFile.pdf');
  object1.UpdateChildContent('xades:SignedProperties|xades:SignedDataObjectProperties|xades:DataObjectFormat|xades:MimeType','application/zip');
  object1.UpdateChildContent('xades:SignedProperties|xades:SignedDataObjectProperties|xades:CommitmentTypeIndication|xades:CommitmentTypeId|xades:Identifier','http://uri.etsi.org/01903/v1.2.2#ProofOfApproval');
  object1.UpdateChildContent('xades:SignedProperties|xades:SignedDataObjectProperties|xades:CommitmentTypeIndication|xades:AllSignedDataObjects','');
  object1.UpdateAttrAt('xades:UnsignedProperties',True,'Id','UnsignedProperties_2a8df7f8-b958-40cc-83f6-edb53b837347_55');

  //  Emit XML in compact (single-line) format to avoid whitespace problems.
  object1.EmitCompact := True;
  gen.AddObject('',object1.GetXml(),'','');

  //  Create an Object to be added to the Signature.
  //  This is where we add the base64 representation of the PIT-11Z.zip
  gen.AddObject('Object1_2a8df7f8-b958-40cc-83f6-edb53b837347',bdZip.GetEncoded('base64'),'','http://www.w3.org/2000/09/xmldsig#base64');

  //  -------- Reference 1 --------
  gen.AddObjectRef('Object1_2a8df7f8-b958-40cc-83f6-edb53b837347','sha1','C14N_WithComments','','');
  gen.SetRefIdAttr('Object1_2a8df7f8-b958-40cc-83f6-edb53b837347','Reference1_2a8df7f8-b958-40cc-83f6-edb53b837347_27');

  //  -------- Reference 2 --------
  gen.AddObjectRef('SignedProperties_2a8df7f8-b958-40cc-83f6-edb53b837347_4e','sha1','','','http://uri.etsi.org/01903#SignedProperties');
  gen.SetRefIdAttr('SignedProperties_2a8df7f8-b958-40cc-83f6-edb53b837347_4e','SignedProperties-Reference_2a8df7f8-b958-40cc-83f6-edb53b837347_28');

  //  Provide a certificate + private key. (PFX password is test123)
  cert := TCert.Create;
  success := cert.LoadPfxFile('qa_data/pfx/cert_test123.pfx','test123');
  if (success = False) then
    begin
      WriteLn(cert.LastErrorText);
      Exit;
    end;

  gen.SetX509Cert(cert,True);

  gen.KeyInfoType := 'X509Data';
  gen.X509Type := 'Certificate';

  //  This will be an enveloping signature where the Signature element
  //  is the XML document root, the signed data is contained within Object
  //  tag(s) within the Signature.
  //  Therefore, pass an empty sbXml to CreateXmlDsigSb.
  sbXml := TStringBuilder.Create;

  //  The Polish government's XmlDSig implementation requires that we reproduce an attribute-sorting error.
  //  (This is an error in the XML canonicalization that is not noticed when both the signature-creation code and signature-verification code use
  //  the same XML canonicalization implementation w/ the bug.)
  gen.Behaviors := 'AttributeSortingBug,CompactSignedXml';

  //  Sign the XML...
  success := gen.CreateXmlDSigSb(sbXml);
  if (success = False) then
    begin
      WriteLn(gen.LastErrorText);
      Exit;
    end;

  //  -----------------------------------------------

  //  Save the signed XML to a file.
  success := sbXml.WriteFile('qa_output/signedXml.xml','utf-8',False);

  WriteLn(sbXml.GetAsString());

  //  ----------------------------------------
  //  Verify the signature we just produced...
  verifier := TXmlDSig.Create;
  success := verifier.LoadSignatureSb(sbXml);
  if (success = False) then
    begin
      WriteLn(verifier.LastErrorText);
      Exit;
    end;

  verified := verifier.VerifySignature(True);
  if (verified <> True) then
    begin
      WriteLn(verifier.LastErrorText);
      Exit;
    end;
  WriteLn('This signature was successfully verified.');

  //  ------------------------------------
  //  Finally, let's extract the .zip from the signed XML, and then unzip the original PIT-11Z.xml from the in-memory zip.
  xml := TXml.Create;
  xml.LoadSb(sbXml,True);

  //  The base64 image of the PIT-11Z.zip is in the 2nd ds:Object child of the ds:Signature (the ds:Signature is the root element of the signed XML).
  //  (ds:Object[0] would be the 1st ds:Object child.  Index 1 is the 2nd ds:Object child.)
  strZipBase64 := xml.GetChildContent('ds:Object[1]');

  bdZip.Clear();
  bdZip.AppendEncoded(strZipBase64,'base64');
  if (bdZip.NumBytes = 0) then
    begin
      WriteLn('Something went wrong.. we dont'' have any data..');
      Exit;
    end;

  success := zip.OpenBd(bdZip);
  if (success = False) then
    begin
      WriteLn(zip.LastErrorText);
      Exit;
    end;

  //  Get the 1st file in the zip, which should be the PIT-11Z.xml
  entry := TZipEntry.Create;
  success := zip.EntryAt(0,entry);
  if (success = False) then
    begin
      WriteLn('Zip contains no files...');
      Exit;
    end;

  //  Get the XML:
  origXml := entry.UnzipToString(0,'utf-8');
  WriteLn('Original XML extracted from base64 zip:');
  WriteLn(origXml);


  sbXmlToZip.Free;
  zip.Free;
  bdZip.Free;
  gen.Free;
  object1.Free;
  cert.Free;
  sbXml.Free;
  verifier.Free;
  xml.Free;
  entry.Free;

end;

// ---------------------------------------------------------------------------

begin

  try
    RunDemo;
  except
    on E: Exception do
      WriteLn('Unhandled exception: ', E.ClassName, ': ', E.Message);
  end;

  WriteLn;
  {$IFDEF MSWINDOWS}
  WriteLn('Press Enter to exit...');
  ReadLn;
  {$ENDIF}
end.