PHP Extension
PHP Extension
IPS MX Signature - Digitally Sign MX Document
See more XML Digital Signatures Examples
Demonstrates how to digitally sign ISO 20022 SWIFT MX messages.Chilkat PHP Extension Downloads
<?php
include("chilkat.php");
$success = false;
// This example assumes the Chilkat API to have been previously unlocked.
// See Global Unlock Sample for sample code.
$success = true;
// First create the XML to be signed, or load it from a file, or a string,
// To load XML from a file:
$xmlToSign = new CkXml();
$success = $xmlToSign->LoadXmlFile('c:/someDir/mx_document.xml');
// Or to load XML from a string
$success = $xmlToSign->LoadXml('...');
// Or create the XML directly.
$xmlToSign->Clear();
// Use this online tool to generate code from sample XML:
// Generate Code to Create XML
$xmlToSign->put_Tag('DataPDU');
$xmlToSign->AddAttribute('xmlns','urn:cma:stp:xsd:stp.1.0');
$xmlToSign->UpdateAttrAt('Body|AppHdr',true,'xmlns','urn:iso:std:iso:20022:tech:xsd:head.001.001.01');
$xmlToSign->UpdateChildContent('Body|AppHdr|Fr|FIId|FinInstnId|BICFI','ZZZZZZZZ');
$xmlToSign->UpdateChildContent('Body|AppHdr|To|FIId|FinInstnId|BICFI','YYYYYYYYYY');
$xmlToSign->UpdateChildContent('Body|AppHdr|BizMsgIdr','ZZZZZZZZAXXX999999999999999999999');
$xmlToSign->UpdateChildContent('Body|AppHdr|MsgDefIdr','pacs.008.001.08');
$xmlToSign->UpdateChildContent('Body|AppHdr|BizSvc','IPS');
$xmlToSign->UpdateChildContent('Body|AppHdr|CreDt','2017-09-13T18:18:00Z');
$xmlToSign->UpdateAttrAt('Body|Document',true,'xmlns','urn:iso:std:iso:20022:tech:xsd:pacs.008.001.08');
$xmlToSign->UpdateChildContent('Body|Document|FIToFICstmrCdtTrf|GrpHdr|MsgId','ZZZZZZZZAXXX999999999999999999999');
$xmlToSign->UpdateChildContent('Body|Document|FIToFICstmrCdtTrf|GrpHdr|CreDtTm','2017-09-13T18:18:00');
$xmlToSign->UpdateChildContent('Body|Document|FIToFICstmrCdtTrf|GrpHdr|NbOfTxs','1');
$xmlToSign->UpdateChildContent('Body|Document|FIToFICstmrCdtTrf|GrpHdr|SttlmInf|SttlmMtd','CLRG');
$xmlToSign->UpdateChildContent('Body|Document|FIToFICstmrCdtTrf|CdtTrfTxInf|PmtId|EndToEndId','NOTPROVIDED');
$xmlToSign->UpdateChildContent('Body|Document|FIToFICstmrCdtTrf|CdtTrfTxInf|PmtId|TxId','ZZZZZZZZAXXX999999999999999999999');
$xmlToSign->UpdateChildContent('Body|Document|FIToFICstmrCdtTrf|CdtTrfTxInf|PmtTpInf|ClrChanl','RTNS');
$xmlToSign->UpdateChildContent('Body|Document|FIToFICstmrCdtTrf|CdtTrfTxInf|PmtTpInf|LclInstrm|Prtry','CSCT');
$xmlToSign->UpdateChildContent('Body|Document|FIToFICstmrCdtTrf|CdtTrfTxInf|PmtTpInf|CtgyPurp|Prtry','001');
$xmlToSign->UpdateAttrAt('Body|Document|FIToFICstmrCdtTrf|CdtTrfTxInf|IntrBkSttlmAmt',true,'Ccy','JOD');
$xmlToSign->UpdateChildContent('Body|Document|FIToFICstmrCdtTrf|CdtTrfTxInf|IntrBkSttlmAmt','71.12');
$xmlToSign->UpdateChildContent('Body|Document|FIToFICstmrCdtTrf|CdtTrfTxInf|IntrBkSttlmDt','2018-01-14');
$xmlToSign->UpdateChildContent('Body|Document|FIToFICstmrCdtTrf|CdtTrfTxInf|ChrgBr','SLEV');
$xmlToSign->UpdateChildContent('Body|Document|FIToFICstmrCdtTrf|CdtTrfTxInf|InstgAgt|FinInstnId|BICFI','ZZZZZZZZ');
$xmlToSign->UpdateChildContent('Body|Document|FIToFICstmrCdtTrf|CdtTrfTxInf|InstdAgt|FinInstnId|BICFI','UBSIJOA0');
$xmlToSign->UpdateChildContent('Body|Document|FIToFICstmrCdtTrf|CdtTrfTxInf|Dbtr|Nm','John Johnson');
$xmlToSign->UpdateChildContent('Body|Document|FIToFICstmrCdtTrf|CdtTrfTxInf|DbtrAcct|Id|IBAN','JO22CITI00000000000555555555');
$xmlToSign->UpdateChildContent('Body|Document|FIToFICstmrCdtTrf|CdtTrfTxInf|DbtrAgt|FinInstnId|BICFI','ZZZZZZZZ');
$xmlToSign->UpdateChildContent('Body|Document|FIToFICstmrCdtTrf|CdtTrfTxInf|DbtrAgt|FinInstnId|Othr|Id','200004');
$xmlToSign->UpdateChildContent('Body|Document|FIToFICstmrCdtTrf|CdtTrfTxInf|DbtrAgt|FinInstnId|Othr|SchmeNm|Prtry','1700099999');
$xmlToSign->UpdateChildContent('Body|Document|FIToFICstmrCdtTrf|CdtTrfTxInf|DbtrAgtAcct|Id|IBAN','JO66CITI22222222222222222222');
$xmlToSign->UpdateChildContent('Body|Document|FIToFICstmrCdtTrf|CdtTrfTxInf|CdtrAgt|FinInstnId|BICFI','UBSIJOA0');
$xmlToSign->UpdateChildContent('Body|Document|FIToFICstmrCdtTrf|CdtTrfTxInf|CdtrAgt|FinInstnId|Othr|Id','210027');
$xmlToSign->UpdateChildContent('Body|Document|FIToFICstmrCdtTrf|CdtTrfTxInf|CdtrAgt|FinInstnId|Othr|SchmeNm|Prtry','1400199999');
$xmlToSign->UpdateChildContent('Body|Document|FIToFICstmrCdtTrf|CdtTrfTxInf|CdtrAgtAcct|Id|IBAN','JO44UBSI33333333333333333333');
$xmlToSign->UpdateChildContent('Body|Document|FIToFICstmrCdtTrf|CdtTrfTxInf|Cdtr|Nm','Omega Jones');
$xmlToSign->UpdateChildContent('Body|Document|FIToFICstmrCdtTrf|CdtTrfTxInf|CdtrAcct|Id|IBAN','JO95UBSI00000000000777777777');
$xmlToSign->UpdateChildContent('Body|Document|FIToFICstmrCdtTrf|CdtTrfTxInf|InstrForNxtAgt|InstrInf','/BNF/Details');
$xmlToSign->UpdateChildContent('Body|Document|FIToFICstmrCdtTrf|CdtTrfTxInf|Purp|Prtry','5814');
$xmlToSign->UpdateChildContent('Body|Document|FIToFICstmrCdtTrf|CdtTrfTxInf|RgltryRptg|Dtls|Inf','SOMEINFORMATIONABOUTPAYMENT-1');
$xmlToSign->UpdateChildContent('Body|Document|FIToFICstmrCdtTrf|CdtTrfTxInf|RgltryRptg|Dtls|Inf[1]','SOMEINFORMATIONABOUTPAYMENT-2');
$xmlToSign->UpdateChildContent('Body|Document|FIToFICstmrCdtTrf|CdtTrfTxInf|RgltryRptg|Dtls|Inf[2]','SOMEINFORMATIONABOUTPAYMENT-3');
$xmlToSign->UpdateChildContent('Body|Document|FIToFICstmrCdtTrf|CdtTrfTxInf|Tax|Cdtr|TaxId','9900083901');
$xmlToSign->UpdateChildContent('Body|Document|FIToFICstmrCdtTrf|CdtTrfTxInf|Tax|Dbtr|TaxId','1000387561');
$xmlToSign->UpdateChildContent('Body|Document|FIToFICstmrCdtTrf|CdtTrfTxInf|RmtInf|Ustrd','EDV UCUN ODENIR');
$xmlToSign->UpdateChildContent('Body|Document|FIToFICstmrCdtTrf|CdtTrfTxInf|RmtInf|Ustrd[1]','EXTRA INFO');
// The following XML is to be signed:
// <?xml version="1.0" encoding="UTF-8"?>
// <DataPDU xmlns="urn:cma:stp:xsd:stp.1.0">
// <Body>
// <AppHdr xmlns="urn:iso:std:iso:20022:tech:xsd:head.001.001.01">
// <Fr>
// <FIId>
// <FinInstnId>
// <BICFI>ZZZZZZZZ</BICFI>
// </FinInstnId>
// </FIId>
// </Fr>
// <To>
// <FIId>
// <FinInstnId>
// <BICFI>YYYYYYYYYY</BICFI>
// </FinInstnId>
// </FIId>
// </To>
// <BizMsgIdr>ZZZZZZZZAXXX999999999999999999999</BizMsgIdr>
// <MsgDefIdr>pacs.008.001.08</MsgDefIdr>
// <BizSvc>IPS</BizSvc>
// <CreDt>2017-09-13T18:18:00Z</CreDt>
// </AppHdr>
// <Document xmlns="urn:iso:std:iso:20022:tech:xsd:pacs.008.001.08">
// <FIToFICstmrCdtTrf>
// <GrpHdr>
// <MsgId>ZZZZZZZZAXXX999999999999999999999</MsgId>
// <CreDtTm>2017-09-13T18:18:00</CreDtTm>
// <NbOfTxs>1</NbOfTxs>
// <SttlmInf>
// <SttlmMtd>CLRG</SttlmMtd>
// </SttlmInf>
// </GrpHdr>
// <CdtTrfTxInf>
// <PmtId>
// <EndToEndId>NOTPROVIDED</EndToEndId>
// <TxId>ZZZZZZZZAXXX999999999999999999999</TxId>
// </PmtId>
// <PmtTpInf>
// <ClrChanl>RTNS</ClrChanl>
// <LclInstrm>
// <Prtry>CSCT</Prtry>
// </LclInstrm>
// <CtgyPurp>
// <Prtry>001</Prtry>
// </CtgyPurp>
// </PmtTpInf>
// <IntrBkSttlmAmt Ccy="JOD">71.12</IntrBkSttlmAmt>
// <IntrBkSttlmDt>2018-01-14</IntrBkSttlmDt>
// <ChrgBr>SLEV</ChrgBr>
// <InstgAgt>
// <FinInstnId>
// <BICFI>ZZZZZZZZ</BICFI>
// </FinInstnId>
// </InstgAgt>
// <InstdAgt>
// <FinInstnId>
// <BICFI>UBSIJOA0</BICFI>
// </FinInstnId>
// </InstdAgt>
// <Dbtr>
// <Nm>John Johnson</Nm>
// </Dbtr>
// <DbtrAcct>
// <Id>
// <IBAN>JO22CITI00000000000555555555</IBAN>
// </Id>
// </DbtrAcct>
// <DbtrAgt>
// <FinInstnId>
// <BICFI>ZZZZZZZZ</BICFI>
// <Othr>
// <Id>200004</Id>
// <SchmeNm>
// <Prtry>1700089999</Prtry>
// </SchmeNm>
// </Othr>
// </FinInstnId>
// </DbtrAgt>
// <DbtrAgtAcct>
// <Id>
// <IBAN>JO66CITI22222222222222222222</IBAN>
// </Id>
// </DbtrAgtAcct>
// <CdtrAgt>
// <FinInstnId>
// <BICFI>UBSIJOA0</BICFI>
// <Othr>
// <Id>210027</Id>
// <SchmeNm>
// <Prtry>1400199999</Prtry>
// </SchmeNm>
// </Othr>
// </FinInstnId>
// </CdtrAgt>
// <CdtrAgtAcct>
// <Id>
// <IBAN>JO44UBSI33333333333333333333</IBAN>
// </Id>
// </CdtrAgtAcct>
// <Cdtr>
// <Nm>Omega Jones</Nm>
// </Cdtr>
// <CdtrAcct>
// <Id>
// <IBAN>JO95UBSI00000000000777777777</IBAN>
// </Id>
// </CdtrAcct>
// <InstrForNxtAgt>
// <InstrInf>/BNF/Details</InstrInf>
// </InstrForNxtAgt>
// <Purp>
// <Prtry>5814</Prtry>
// </Purp>
// <RgltryRptg>
// <Dtls>
// <Inf>SOMEINFORMATIONABOUTPAYMENT-1</Inf>
// <Inf>SOMEINFORMATIONABOUTPAYMENT-2</Inf>
// <Inf>SOMEINFORMATIONABOUTPAYMENT-3</Inf>
// </Dtls>
// </RgltryRptg>
// <Tax>
// <Cdtr>
// <TaxId>9900083901</TaxId>
// </Cdtr>
// <Dbtr>
// <TaxId>1000387561</TaxId>
// </Dbtr>
// </Tax>
// <RmtInf>
// <Ustrd>EDV UCUN ODENIR</Ustrd>
// <Ustrd>EXTRA INFO</Ustrd>
// </RmtInf>
// </CdtTrfTxInf>
// </FIToFICstmrCdtTrf>
// </Document>
// </Body>
// </DataPDU>
$gen = new CkXmlDSigGen();
$gen->put_SigLocation('DataPDU|Body|AppHdr|Sgntr');
$gen->put_SigLocationMod(0);
$gen->put_SigNamespacePrefix('ds');
$gen->put_SigNamespaceUri('http://www.w3.org/2000/09/xmldsig#');
$gen->put_SignedInfoCanonAlg('EXCL_C14N');
$gen->put_SignedInfoDigestMethod('sha256');
// Set the KeyInfoId before adding references..
$gen->put_KeyInfoId('_f9f2c543-e50a-4a50-bd91-50155d27f7e2');
// Create an Object to be added to the Signature.
$object1 = new CkXml();
$object1->put_Tag('xades:QualifyingProperties');
$object1->AddAttribute('xmlns:xades','http://uri.etsi.org/01903/v1.3.2#');
$object1->UpdateAttrAt('xades:SignedProperties',true,'Id','_4ed8e0ed-f47c-4262-909b-0458532ce7aa-signedprops');
$object1->UpdateChildContent('xades:SignedProperties|xades:SignedSignatureProperties|xades:SigningTime','TO BE GENERATED BY CHILKAT');
$gen->AddObject('',$object1->getXml(),'','');
// -------- Reference 1 --------
$gen->AddSameDocRef('_f9f2c543-e50a-4a50-bd91-50155d27f7e2','sha256','EXCL_C14N','','');
// -------- Reference 2 --------
$gen->AddObjectRef('_4ed8e0ed-f47c-4262-909b-0458532ce7aa-signedprops','sha256','EXCL_C14N','','http://uri.etsi.org/01903/v1.3.2#SignedProperties');
// -------- Reference 3 --------
$gen->AddSameDocRef('','sha256','EXCL_C14N','','');
// Provide a certificate + private key. (PFX password is test123)
$cert = new CkCert();
$success = $cert->LoadPfxFile('qa_data/pfx/cert_test123.pfx','test123');
if ($success == false) {
print $cert->lastErrorText() . "\n";
exit;
}
$gen->SetX509Cert($cert,true);
$gen->put_KeyInfoType('X509Data');
$gen->put_X509Type('IssuerSerial');
// Load XML to be signed...
$sbXml = new CkStringBuilder();
$xmlToSign->GetXmlSb($sbXml);
// Can alternatively use "CompactSignedXml"
$gen->put_Behaviors('IndentedSignature,LocalSigningTime');
// Sign the XML...
$success = $gen->CreateXmlDSigSb($sbXml);
if ($success == false) {
print $gen->lastErrorText() . "\n";
exit;
}
// -----------------------------------------------
// Save the signed XML to a file.
$success = $sbXml->WriteFile('qa_output/mx_signed.xml','utf-8',false);
print $sbXml->getAsString() . "\n";
// ----------------------------------------
// Verify the signatures we just produced...
$verifier = new CkXmlDSig();
$success = $verifier->LoadSignatureSb($sbXml);
if ($success == false) {
print $verifier->lastErrorText() . "\n";
exit;
}
// Important: The above signature did not include the full X.509 certificate.
// You must call verifier.SetPublicKey to provide the public key of the certificate required for validation.
$verifyCert = new CkCert();
$success = $verifyCert->LoadFromFile('qa_data/certs/cert_test123.cer');
if ($success == false) {
print $verifyCert->lastErrorText() . "\n";
exit;
}
$pubKey = new CkPublicKey();
$verifyCert->GetPublicKey($pubKey);
$verifier->SetPublicKey($pubKey);
$numSigs = $verifier->get_NumSignatures();
$verifyIdx = 0;
while ($verifyIdx < $numSigs) {
$verifier->put_Selector($verifyIdx);
$verified = $verifier->VerifySignature(true);
if ($verified != true) {
print $verifier->lastErrorText() . "\n";
exit;
}
$verifyIdx = $verifyIdx + 1;
}
print 'All signatures were successfully verified.' . "\n";
?>