Sample code for 30+ languages & platforms
Swift

XML-DSig Add Reference with Transforms Specified Explicitly

Demonstrates how to use the new AddSameDocRef2 method to explicitly specify the XML Transforms fragment.

Chilkat Swift Downloads

Swift

func chilkatTest() {
    var success: Bool = false

    // This example requires the Chilkat API to have been previously unlocked.
    // See Global Unlock Sample for sample code.

    success = true

    // Create the following XML to be signed:

    // <doc>
    //     <s id="s1">Some text...</s>
    //     <p>Some text...</p>
    //     <p class="note">A note...</p>
    // </doc>

    // Use this online tool to generate code from sample XML: 
    // Generate Code to Create XML

    let xmlToSign = CkoXml()!
    xmlToSign.tag = "doc"
    xmlToSign.updateAttrAt(tagPath: "s", autoCreate: true, attrName: "id", attrValue: "s1")
    xmlToSign.updateChildContent(tagPath: "s", value: "Some text...")
    xmlToSign.updateChildContent(tagPath: "p", value: "Some text...")
    xmlToSign.updateAttrAt(tagPath: "p[1]", autoCreate: true, attrName: "class", attrValue: "note")
    xmlToSign.updateChildContent(tagPath: "p[1]", value: "A note...")

    print("\(xmlToSign.getXml()!)")

    let gen = CkoXmlDSigGen()!

    gen.sigLocation = "doc"
    gen.sigLocationMod = 0
    gen.sigId = "Signature-78f29839-06af-448f-b479-ca46457fab1b-Signature"
    gen.sigNamespacePrefix = "ds"
    gen.sigNamespaceUri = "http://www.w3.org/2000/09/xmldsig#"
    gen.sigValueId = "Signature-78f29839-06af-448f-b479-ca46457fab1b-SignatureValue"
    gen.signedInfoCanonAlg = "C14N"
    gen.signedInfoDigestMethod = "sha1"

    // Set the KeyInfoId before adding references..
    gen.keyInfoId = "Signature-78f29839-06af-448f-b479-ca46457fab1b-KeyInfo"

    // The following XML to be added as an Object to the Signature

    // Use this online tool to generate code from sample XML: 
    // Generate Code to Create XML

    // <xades:QualifyingProperties Id="Signature-78f29839-06af-448f-b479-ca46457fab1b-QualifyingProperties" Target="#Signature-78f29839-06af-448f-b479-ca46457fab1b-Signature" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:xades="http://uri.etsi.org/01903/v1.3.2#">
    //     <xades:SignedProperties Id="Signature-78f29839-06af-448f-b479-ca46457fab1b-SignedProperties">
    //         <xades:SignedSignatureProperties>
    //             <xades:SigningTime>TO BE GENERATED BY CHILKAT</xades:SigningTime>
    //             <xades:SigningCertificate>
    //                 <xades:Cert>
    //                     <xades:CertDigest>
    //                         <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
    //                         <ds:DigestValue>TO BE GENERATED BY CHILKAT</ds:DigestValue>
    //                     </xades:CertDigest>
    //                     <xades:IssuerSerial>
    //                         <ds:X509IssuerName>TO BE GENERATED BY CHILKAT</ds:X509IssuerName>
    //                         <ds:X509SerialNumber>TO BE GENERATED BY CHILKAT</ds:X509SerialNumber>
    //                     </xades:IssuerSerial>
    //                 </xades:Cert>
    //             </xades:SigningCertificate>
    //         </xades:SignedSignatureProperties>
    //         <xades:SignedDataObjectProperties>
    //             <xades:DataObjectFormat ObjectReference="#Reference-24eb6003-d41c-442c-a731-d4c58f94790b">
    //                 <xades:Description/>
    //                 <xades:ObjectIdentifier>
    //                     <xades:Identifier Qualifier="OIDAsURN">urn:oid:1.2.840.10003.5.109.10</xades:Identifier>
    //                     <xades:Description/>
    //                 </xades:ObjectIdentifier>
    //                 <xades:MimeType>text/xml</xades:MimeType>
    //                 <xades:Encoding/>
    //             </xades:DataObjectFormat>
    //         </xades:SignedDataObjectProperties>
    //     </xades:SignedProperties>
    // </xades:QualifyingProperties>

    let object1 = CkoXml()!
    object1.tag = "xades:QualifyingProperties"
    object1.addAttribute(name: "Id", value: "Signature-78f29839-06af-448f-b479-ca46457fab1b-QualifyingProperties")
    object1.addAttribute(name: "Target", value: "#Signature-78f29839-06af-448f-b479-ca46457fab1b-Signature")
    object1.addAttribute(name: "xmlns:ds", value: "http://www.w3.org/2000/09/xmldsig#")
    object1.addAttribute(name: "xmlns:xades", value: "http://uri.etsi.org/01903/v1.3.2#")
    object1.updateAttrAt(tagPath: "xades:SignedProperties", autoCreate: true, attrName: "Id", attrValue: "Signature-78f29839-06af-448f-b479-ca46457fab1b-SignedProperties")
    object1.updateChildContent(tagPath: "xades:SignedProperties|xades:SignedSignatureProperties|xades:SigningTime", value: "TO BE GENERATED BY CHILKAT")
    // Note: It may be that http://www.w3.org/2001/04/xmlenc#sha256 is needed in the following line instead of http://www.w3.org/2000/09/xmldsig#sha1
    object1.updateAttrAt(tagPath: "xades:SignedProperties|xades:SignedSignatureProperties|xades:SigningCertificateV2|xades:Cert|xades:CertDigest|ds:DigestMethod", autoCreate: true, attrName: "Algorithm", attrValue: "http://www.w3.org/2000/09/xmldsig#sha1")
    object1.updateChildContent(tagPath: "xades:SignedProperties|xades:SignedSignatureProperties|xades:SigningCertificateV2|xades:Cert|xades:CertDigest|ds:DigestValue", value: "TO BE GENERATED BY CHILKAT")
    object1.updateChildContent(tagPath: "xades:SignedProperties|xades:SignedSignatureProperties|xades:SigningCertificateV2|xades:Cert|xades:IssuerSerialV2", value: "TO BE GENERATED BY CHILKAT")
    object1.updateAttrAt(tagPath: "xades:SignedProperties|xades:SignedDataObjectProperties|xades:DataObjectFormat", autoCreate: true, attrName: "ObjectReference", attrValue: "#Reference-24eb6003-d41c-442c-a731-d4c58f94790b")
    object1.updateChildContent(tagPath: "xades:SignedProperties|xades:SignedDataObjectProperties|xades:DataObjectFormat|xades:Description", value: "")
    object1.updateAttrAt(tagPath: "xades:SignedProperties|xades:SignedDataObjectProperties|xades:DataObjectFormat|xades:ObjectIdentifier|xades:Identifier", autoCreate: true, attrName: "Qualifier", attrValue: "OIDAsURN")
    object1.updateChildContent(tagPath: "xades:SignedProperties|xades:SignedDataObjectProperties|xades:DataObjectFormat|xades:ObjectIdentifier|xades:Identifier", value: "urn:oid:1.2.840.10003.5.109.10")
    object1.updateChildContent(tagPath: "xades:SignedProperties|xades:SignedDataObjectProperties|xades:DataObjectFormat|xades:ObjectIdentifier|xades:Description", value: "")
    object1.updateChildContent(tagPath: "xades:SignedProperties|xades:SignedDataObjectProperties|xades:DataObjectFormat|xades:MimeType", value: "text/xml")
    object1.updateChildContent(tagPath: "xades:SignedProperties|xades:SignedDataObjectProperties|xades:DataObjectFormat|xades:Encoding", value: "")

    print("\(object1.getXml()!)")

    gen.add(id: "", content: object1.getXml(), mimeType: "", encoding: "")

    // -------- Reference 1 --------

    // Create the following Transforms fragment:

    // Use this online tool to generate code from sample XML: 
    // Generate Code to Create XML

    // <ds:Transforms>
    //     <ds:Transform Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
    //     <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
    //     <ds:Transform Algorithm="http://www.w3.org/TR/1999/REC-xpath-19991116">
    //         <ds:XPath xmlns:ds="http://www.w3.org/2000/09/xmldsig#">not(ancestor-or-self::ds:Signature)</ds:XPath>
    //     </ds:Transform>
    // </ds:Transforms>

    let xml1 = CkoXml()!
    xml1.tag = "ds:Transforms"
    xml1.updateAttrAt(tagPath: "ds:Transform", autoCreate: true, attrName: "Algorithm", attrValue: "http://www.w3.org/TR/2001/REC-xml-c14n-20010315")
    xml1.updateAttrAt(tagPath: "ds:Transform[1]", autoCreate: true, attrName: "Algorithm", attrValue: "http://www.w3.org/2000/09/xmldsig#enveloped-signature")
    xml1.updateAttrAt(tagPath: "ds:Transform[2]", autoCreate: true, attrName: "Algorithm", attrValue: "http://www.w3.org/TR/1999/REC-xpath-19991116")
    xml1.updateAttrAt(tagPath: "ds:Transform[2]|ds:XPath", autoCreate: true, attrName: "xmlns:ds", attrValue: "http://www.w3.org/2000/09/xmldsig#")
    xml1.updateChildContent(tagPath: "ds:Transform[2]|ds:XPath", value: "not(ancestor-or-self::ds:Signature)")

    // This is the "Transforms" XML fragment passed to AddSameDocRef2.
    print("\(xml1.getXml()!)")

    gen.addSameDocRef2(id: "", digestMethod: "sha1", transforms: xml1, refType: "")

    gen.setRefIdAttr(uri_or_id: "", value: "Reference-24eb6003-d41c-442c-a731-d4c58f94790b")

    // -------- Reference 2 --------
    gen.addObjectRef(id: "Signature-78f29839-06af-448f-b479-ca46457fab1b-SignedProperties", digestMethod: "sha1", canonMethod: "", prefixList: "", refType: "http://uri.etsi.org/01903#SignedProperties")

    // -------- Reference 3 --------
    gen.addSameDocRef(id: "Signature-78f29839-06af-448f-b479-ca46457fab1b-KeyInfo", digestMethod: "sha1", canonMethod: "", prefixList: "", refType: "")

    // Provide a certificate + private key. (PFX password is test123)
    let cert = CkoCert()!
    success = cert.loadPfxFile(path: "qa_data/pfx/cert_test123.pfx", password: "test123")
    if success != true {
        print("\(cert.lastErrorText!)")
        return
    }

    gen.setX509Cert(cert: cert, usePrivateKey: true)

    gen.keyInfoType = "X509Data+KeyValue"
    gen.x509Type = "CertChain"

    // Load XML to be signed...
    let sbXml = CkoStringBuilder()!
    xmlToSign.getSb(sb: sbXml)

    gen.behaviors = "IndentedSignature"

    // Sign the XML...
    success = gen.createXmlDSigSb(sbXml: sbXml)
    if success != true {
        print("\(gen.lastErrorText!)")
        return
    }

    // -----------------------------------------------

    // Save the signed XML to a file.
    success = sbXml.writeFile(path: "qa_output/signedXml.xml", charset: "utf-8", emitBom: false)

    print("\(sbXml.getAsString()!)")

    // ----------------------------------------
    // Verify the signatures we just produced...
    let verifier = CkoXmlDSig()!
    success = verifier.loadSignatureSb(sbXmlSig: sbXml)
    if success != true {
        print("\(verifier.lastErrorText!)")
        return
    }

    var numSigs: Int = verifier.numSignatures.intValue
    var verifyIdx: Int = 0
    while verifyIdx < numSigs {
        verifier.selector = verifyIdx
        var verified: Bool = verifier.verifySignature(verifyReferenceDigests: true)
        if verified != true {
            print("\(verifier.lastErrorText!)")
            return
        }

        verifyIdx = verifyIdx + 1
    }

    print("All signatures were successfully verified.")

}