Tcl
Tcl
Create XAdES using Smart Card or USB Token
See more XAdES Examples
Demonstrates how to create an XAdES signed XML document using a certificate located on a smartcard or USB token.Chilkat Tcl Downloads
load ./chilkat.dll
set success 0
# Load the XML to be signed.
set xmlToSign [new_CkXml]
set success [CkXml_LoadXmlFile $xmlToSign "qa_data/fattura_electronica/docToSign.xml"]
if {$success == 0} then {
puts [CkXml_lastErrorText $xmlToSign]
delete_CkXml $xmlToSign
exit
}
set gen [new_CkXmlDSigGen]
CkXmlDSigGen_put_SigLocation $gen "p:FatturaElettronica"
CkXmlDSigGen_put_SigId $gen "xmldsig-6f4b994a-7191-4bb1-ab3c-17549515b504"
CkXmlDSigGen_put_SigNamespacePrefix $gen "ds"
CkXmlDSigGen_put_SigNamespaceUri $gen "http://www.w3.org/2000/09/xmldsig#"
CkXmlDSigGen_put_SigValueId $gen "xmldsig-6f4b994a-7191-4bb1-ab3c-17549515b504-sigvalue"
CkXmlDSigGen_put_SignedInfoCanonAlg $gen "C14N"
CkXmlDSigGen_put_SignedInfoDigestMethod $gen "sha256"
# Create an Object to be added to the Signature.
# Note: Chilkat will automatically populate the strings indicated by "TO BE GENERATED BY CHILKAT" with actual/correct values
# when the XML is signed.
set object1 [new_CkXml]
CkXml_put_Tag $object1 "xades:QualifyingProperties"
CkXml_AddAttribute $object1 "xmlns:xades" "http://uri.etsi.org/01903/v1.3.2#"
CkXml_AddAttribute $object1 "xmlns:xades141" "http://uri.etsi.org/01903/v1.4.1#"
CkXml_AddAttribute $object1 "Target" "#xmldsig-6f4b994a-7191-4bb1-ab3c-17549515b504"
CkXml_UpdateAttrAt $object1 "xades:SignedProperties" 1 "Id" "xmldsig-6f4b994a-7191-4bb1-ab3c-17549515b504-signedprops"
CkXml_UpdateChildContent $object1 "xades:SignedProperties|xades:SignedSignatureProperties|xades:SigningTime" "TO BE GENERATED BY CHILKAT"
CkXml_UpdateAttrAt $object1 "xades:SignedProperties|xades:SignedSignatureProperties|xades:SigningCertificateV2|xades:Cert|xades:CertDigest|ds:DigestMethod" 1 "Algorithm" "http://www.w3.org/2001/04/xmlenc#sha256"
CkXml_UpdateChildContent $object1 "xades:SignedProperties|xades:SignedSignatureProperties|xades:SigningCertificateV2|xades:Cert|xades:CertDigest|ds:DigestValue" "TO BE GENERATED BY CHILKAT"
CkXml_UpdateChildContent $object1 "xades:SignedProperties|xades:SignedSignatureProperties|xades:SigningCertificateV2|xades:Cert|xades:IssuerSerialV2" "TO BE GENERATED BY CHILKAT"
CkXmlDSigGen_AddObject $gen "" [CkXml_getXml $object1] "" ""
# -------- Reference 1 --------
CkXmlDSigGen_put_KeyInfoId $gen "xmldsig-6f4b994a-7191-4bb1-ab3c-17549515b504-keyinfo"
CkXmlDSigGen_AddSameDocRef $gen "xmldsig-6f4b994a-7191-4bb1-ab3c-17549515b504-keyinfo" "sha256" "" "" ""
# -------- Reference 2 --------
CkXmlDSigGen_AddSameDocRef $gen "" "sha256" "" "" ""
CkXmlDSigGen_SetRefIdAttr $gen "" "xmldsig-6f4b994a-7191-4bb1-ab3c-17549515b504-ref0"
# -------- Reference 3 --------
CkXmlDSigGen_AddObjectRef $gen "xmldsig-6f4b994a-7191-4bb1-ab3c-17549515b504-signedprops" "sha256" "" "" "http://uri.etsi.org/01903#SignedProperties"
# ----------------------------------------------------------------
# Load a certificate that has been pre-installed on the Windows system
# This includes certificates on smartcards and USB tokens
set cert [new_CkCert]
# You may provide the PIN here..
CkCert_put_SmartCardPin $cert "000000"
# Load the certificate on the smartcard currently in the reader (or on the USB token).
# Pass an empty string to allow Chilkat to automatically choose the CSP (Cryptographi Service Provider).
# See Load Certificate on Smartcard for information about explicitly selecting a particular CSP.
set success [CkCert_LoadFromSmartcard $cert ""]
if {$success == 0} then {
puts [CkCert_lastErrorText $cert]
delete_CkXml $xmlToSign
delete_CkXmlDSigGen $gen
delete_CkXml $object1
delete_CkCert $cert
exit
}
CkXmlDSigGen_SetX509Cert $gen $cert 1
CkXmlDSigGen_put_KeyInfoType $gen "X509Data"
CkXmlDSigGen_put_X509Type $gen "Certificate"
# Load XML to be signed...
set sbXml [new_CkStringBuilder]
CkXml_GetXmlSb $xmlToSign $sbXml
CkXmlDSigGen_put_Behaviors $gen "IndentedSignature,ForceAddEnvelopedSignatureTransform"
# Sign the XML...
set success [CkXmlDSigGen_CreateXmlDSigSb $gen $sbXml]
if {$success == 0} then {
puts [CkXmlDSigGen_lastErrorText $gen]
delete_CkXml $xmlToSign
delete_CkXmlDSigGen $gen
delete_CkXml $object1
delete_CkCert $cert
delete_CkStringBuilder $sbXml
exit
}
# Save the signed XMl to a file.
set success [CkStringBuilder_WriteFile $sbXml "qa_output/signedXml.xml" "utf-8" 0]
puts [CkStringBuilder_getAsString $sbXml]
# ----------------------------------------
# Verify the signature we just produced...
set verifier [new_CkXmlDSig]
set success [CkXmlDSig_LoadSignatureSb $verifier $sbXml]
if {$success == 0} then {
puts [CkXmlDSig_lastErrorText $verifier]
delete_CkXml $xmlToSign
delete_CkXmlDSigGen $gen
delete_CkXml $object1
delete_CkCert $cert
delete_CkStringBuilder $sbXml
delete_CkXmlDSig $verifier
exit
}
set verified [CkXmlDSig_VerifySignature $verifier 1]
if {$verified != 1} then {
puts [CkXmlDSig_lastErrorText $verifier]
delete_CkXml $xmlToSign
delete_CkXmlDSigGen $gen
delete_CkXml $object1
delete_CkCert $cert
delete_CkStringBuilder $sbXml
delete_CkXmlDSig $verifier
exit
}
puts "This signature was successfully verified."
delete_CkXml $xmlToSign
delete_CkXmlDSigGen $gen
delete_CkXml $object1
delete_CkCert $cert
delete_CkStringBuilder $sbXml
delete_CkXmlDSig $verifier