PHP Extension
PHP Extension
Add EncapsulatedTimestamp to Already-Signed XML
See more XML Digital Signatures Examples
Demonstrates how to add an EncapsulatedTimestamp to an existing XML signature.Note: This example requires Chilkat v9.5.0.90 or greater.
Chilkat PHP Extension Downloads
<?php
include("chilkat.php");
$success = false;
// This example requires the Chilkat API to have been previously unlocked.
// See Global Unlock Sample for sample code.
// Note: We cannot load the already-signed XML into a Chilkat XML object because it would re-format the XML when re-emitted.
// (i.e. indentation and whitespace could change, and it would invalidate the existing signature.)
// We must use a StringBuilder.
$sbXml = new CkStringBuilder();
$success = $sbXml->LoadFile('qa_data/xml_dsig_valid_samples/encapsulatedTimestamp_not_yet_added.xml','utf-8');
if ($success == false) {
print 'Failed to load the XML file.' . "\n";
exit;
}
$dsig = new CkXmlDSig();
$success = $dsig->LoadSignatureSb($sbXml);
if ($success == false) {
print $dsig->lastErrorText() . "\n";
exit;
}
if ($dsig->HasEncapsulatedTimeStamp() == true) {
print 'This signed XML already has an EncapsulatedTimeStamp' . "\n";
exit;
}
// Specify the timestamping authority URL
$json = new CkJsonObject();
$json->UpdateString('timestampToken.tsaUrl','http://timestamp.digicert.com');
$json->UpdateBool('timestampToken.requestTsaCert',true);
// Call AddEncapsulatedTimeStamp to add the EncapsulatedTimeStamp to the signature.
// Note: If the signed XML contains multiple signatures, the signature modified is the one
// indicated by the dsig.Selector property.
$sbOut = new CkStringBuilder();
$success = $dsig->AddEncapsulatedTimeStamp($json,$sbOut);
if ($success == false) {
print $dsig->lastErrorText() . "\n";
exit;
}
$sbOut->WriteFile('qa_output/addedEncapsulatedTimeStamp.xml','utf-8',false);
// The EncapsulatedTimeStamp can be validated when validating the signature by adding the VerifyEncapsulatedTimeStamp
// keyword to UncommonOptions. See here:
// ----------------------------------------
// Verify the signatures we just produced...
$verifier = new CkXmlDSig();
$success = $verifier->LoadSignatureSb($sbOut);
if ($success != true) {
print $verifier->lastErrorText() . "\n";
exit;
}
// Add "VerifyEncapsulatedTimeStamp" to the UncommonOptions to also verify any EncapsulatedTimeStamps
$verifier->put_UncommonOptions('VerifyEncapsulatedTimeStamp');
$numSigs = $verifier->get_NumSignatures();
$verifyIdx = 0;
while ($verifyIdx < $numSigs) {
$verifier->put_Selector($verifyIdx);
$verified = $verifier->VerifySignature(true);
if ($verified != true) {
print $verifier->lastErrorText() . "\n";
exit;
}
$verifyIdx = $verifyIdx + 1;
}
print 'All signatures were successfully verified.' . "\n";
?>