Visual Basic 6.0
Visual Basic 6.0
XAdES using TSA Requiring Client Certificate
See more XML Digital Signatures Examples
Demonstrates how to create an XMLDSig (XAdES) signed document which includes an EncapsulatedTimestamp using a TSA (TimeStamp Authority) server requiring client certificate authentication. One such TSA is https://www3.postsignum.cz/TSS/TSS_crt/Chilkat Visual Basic 6.0 Downloads
Dim success As Long
success = 0
' This example requires the Chilkat API to have been previously unlocked.
' See Global Unlock Sample for sample code.
success = 1
' Load the XML to be signed. For example, the XML to be signed might contain something like this:
' <?xml version="1.0" encoding="utf-8"?>
' <TransakcniLogSystemu xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://nsess.public.cz/erms_trans/v_01_01" Id="Signature1">
' <TransLogInfo>
' <Identifikator>XYZ ABC</Identifikator>
' <DatumVzniku>2022-12-20T14:39:02.3625922+01:00</DatumVzniku>
' <DatumCasOd>2022-12-20T14:26:26.88</DatumCasOd>
' <DatumCasDo>2022-12-20T14:39:02.287</DatumCasDo>
' <Software>XYZ</Software>
' <VerzeSoftware>2.0.19.32</VerzeSoftware>
' </TransLogInfo>
' <Udalosti>
' <Udalost>
' <Poradi>1</Poradi>
' ...
' Load the XML to be signed from a file.
' (XML can be loaded from other source, such as a string variable.)
Dim sbXml As New ChilkatStringBuilder
success = sbXml.LoadFile("xmlToSign.xml","utf-8")
Dim gen As New ChilkatXmlDSigGen
gen.SigLocation = "TransakcniLogSystemu"
gen.SigLocationMod = 0
gen.SigId = "SignatureID-Signature1"
gen.SigNamespacePrefix = "ds"
gen.SigNamespaceUri = "http://www.w3.org/2000/09/xmldsig#"
gen.SignedInfoCanonAlg = "C14N"
gen.SignedInfoDigestMethod = "sha256"
' Set the KeyInfoId before adding references..
gen.KeyInfoId = "KeyInfoId-Signature-Signature1"
' Create an Object to be added to the Signature.
' Note: Chilkat will automatically fill in the values marked as "TO BE GENERATED BY CHILKAT" at the time of signing.
' The EncapsulatedTimestamp will be automatically generated.
Dim object1 As New ChilkatXml
object1.Tag = "xades:QualifyingProperties"
success = object1.AddAttribute("xmlns:xades","http://uri.etsi.org/01903/v1.3.2#")
success = object1.AddAttribute("Target","#Signature1")
success = object1.UpdateAttrAt("xades:SignedProperties",1,"Id","SignedProperties-Signature-Signature1")
object1.UpdateChildContent "xades:SignedProperties|xades:SignedSignatureProperties|xades:SigningTime","TO BE GENERATED BY CHILKAT"
success = object1.UpdateAttrAt("xades:SignedProperties|xades:SignedSignatureProperties|xades:SigningCertificateV2|xades:Cert|xades:CertDigest|ds:DigestMethod",1,"Algorithm","http://www.w3.org/2001/04/xmlenc#sha256")
object1.UpdateChildContent "xades:SignedProperties|xades:SignedSignatureProperties|xades:SigningCertificateV2|xades:Cert|xades:CertDigest|ds:DigestValue","TO BE GENERATED BY CHILKAT"
object1.UpdateChildContent "xades:SignedProperties|xades:SignedSignatureProperties|xades:SigningCertificateV2|xades:Cert|xades:IssuerSerialV2","TO BE GENERATED BY CHILKAT"
' The EncapsulatedTimestamp will be included in the unsigned properties.
success = object1.UpdateAttrAt("xades:UnsignedProperties|xades:UnsignedSignatureProperties|xades:SignatureTimeStamp",1,"Id","signature-timestamp-5561-8212-3316-5191")
success = object1.UpdateAttrAt("xades:UnsignedProperties|xades:UnsignedSignatureProperties|xades:SignatureTimeStamp|ds:CanonicalizationMethod",1,"Algorithm","http://www.w3.org/2001/10/xml-exc-c14n#")
success = object1.UpdateAttrAt("xades:UnsignedProperties|xades:UnsignedSignatureProperties|xades:SignatureTimeStamp|xades:EncapsulatedTimeStamp",1,"Encoding","http://uri.etsi.org/01903/v1.2.2#DER")
object1.UpdateChildContent "xades:UnsignedProperties|xades:UnsignedSignatureProperties|xades:SignatureTimeStamp|xades:EncapsulatedTimeStamp","TO BE GENERATED BY CHILKAT"
success = gen.AddObject("XadesObjectId-Signature1",object1.GetXml(),"","")
' -------- Reference 1 --------
success = gen.AddObjectRef("SignedProperties-Signature-Signature1","sha256","EXCL_C14N","","http://uri.etsi.org/01903#SignedProperties")
' -------- Reference 2 --------
success = gen.AddSameDocRef("KeyInfoId-Signature-Signature1","sha256","EXCL_C14N","","")
success = gen.SetRefIdAttr("KeyInfoId-Signature-Signature1","ReferenceKeyInfo")
' -------- Reference 3 --------
success = gen.AddSameDocRef("","sha256","EXCL_C14N","","")
success = gen.SetRefIdAttr("","Reference-Signature1")
' Provide a certificate + private key. (PFX password is test123)
Dim cert As New ChilkatCert
success = cert.LoadPfxFile("qa_data/pfx/cert_test123.pfx","test123")
If (success <> 1) Then
Debug.Print cert.LastErrorText
Exit Sub
End If
success = gen.SetX509Cert(cert,1)
gen.KeyInfoType = "X509Data"
gen.X509Type = "Certificate"
gen.Behaviors = "IndentedSignature"
' -------------------------------------------------------------------------------------------
' To have the EncapsulatedTimeStamp automatically added...
' 1) Add the <xades:EncapsulatedTimeStamp Encoding="http://uri.etsi.org/01903/v1.2.2#DER">TO BE GENERATED BY CHILKAT</xades:EncapsulatedTimeStamp>
' to the unsigned properties. (This was accomplished in the above code.)
' 2) Specify the TSA URL (Timestamping Authority URL).
' Here we specify the TSA URL:
' -------------------------------------------------------------------------------------------
Dim jsonTsa As New ChilkatJsonObject
success = jsonTsa.UpdateString("timestampToken.tsaUrl","https://www3.postsignum.cz/TSS/TSS_crt/")
success = jsonTsa.UpdateBool("timestampToken.requestTsaCert",1)
success = gen.SetTsa(jsonTsa)
' -------------------------------------------------------------------------------------------
' In this case, the TSA requires client certificate authentication.
' To provide your client certificate, the application will instantiate a Chilkat HTTP object,
' then set it up with a SSL/TLS client certificate, and then tell the XmlDSigGen object
' to use the HTTP object for connections to the TSA server.
' -------------------------------------------------------------------------------------------
Dim http As New ChilkatHttp
success = http.SetSslClientCertPfx("/home/bob/pfxFiles/myClientSideCertWithPrivateKey.pfx","pfxPassword")
If (success <> 1) Then
Debug.Print http.LastErrorText
Exit Sub
End If
' Tell the XmlDSigGen object to use the above HTTP object for TSA communications.
gen.SetHttpObj http
' Sign the XML...
success = gen.CreateXmlDSigSb(sbXml)
If (success <> 1) Then
Debug.Print gen.LastErrorText
Exit Sub
End If
' -----------------------------------------------
' Save the signed XML to a file.
success = sbXml.WriteFile("c:/temp/qa_output/signedXml.xml","utf-8",0)
Debug.Print sbXml.GetAsString()