Discuss this help topic in SecureBlackbox Forum

Add revocation information or timestamps to existing XML signature

To add revocation information or a timestamp to an existing signature you need to load the document and validate the XML digital signature first. Next you should use signature handler's XAdESProcessor property to get an instance of TElXAdESVerifier class, and use it to update XAdES information with the timestamp or revocation information.

After that you need to call handler's UpdateSignature() method, and finally close the document to flush changes.

The sample code below adds the archive timestamp to the OpenXML document:

C#:


void OpenXMLAddArchiveTimestamp(string sourceFilename, TElCustomTSPClient TSPClient)
{
    using (TElOfficeDocument Document = new TElOfficeDocument())
    {
        Document.Open(sourceFilename);
        if ((Document.DocumentFormat != TSBOfficeDocumentFormat.OpenXML) || !Document.IsSigned)
            throw new Exception("Cannot update signature");

        TElOfficeOpenXMLSignatureHandler OpenXMLSigHandler = Document.get_SignatureHandlers(0) as TElOfficeOpenXMLSignatureHandler;
        if (!(OpenXMLSigHandler.XAdESProcessor is TElXAdESVerifier))
            throw new Exception("No XAdES processor available");

        TElXAdESVerifier XAdESVerifier = (TElXAdESVerifier)OpenXMLSigHandler.XAdESProcessor;
        if (!XAdESVerifier.IsEnabled)
            throw new Exception("No XAdES info available");

        int k = XAdESVerifier.AddArchiveTimestamp(TSPClient);
        if (k != 0)
            throw new Exception("Failed to timestamp: " + k.ToString());

        OpenXMLSigHandler.UpdateSignature();
    }
}
Delphi:

procedure OpenXMLAddArchiveTimestamp(const SourceFilename : string; TSPClient : TElCustomTSPClient);
var
  Document : TElOfficeDocument;
  OpenXMLSigHandler : TElOfficeOpenXMLSignatureHandler;
  XAdESVerifier : TElXAdESVerifier;
  k : Integer;
begin
  Document := TElOfficeDocument.Create(nil);
  try
    Document.Open(SourceFilename);
    if (Document.DocumentFormat <> dfOpenXML) or not Document.IsSigned then
      raise Exception.Create('Cannot update signature');

    OpenXMLSigHandler := Document.SignatureHandlers[0] as TElOfficeOpenXMLSignatureHandler;
    if not (OpenXMLSigHandler.XAdESProcessor is TElXAdESVerifier) then
      raise Exception.Create('No XAdES processor available');

    XAdESVerifier := TElXAdESVerifier(OpenXMLSigHandler.XAdESProcessor);
    if not XAdESVerifier.IsEnabled then
      raise Exception.Create('No XAdES info available');

    k := XAdESVerifier.AddArchiveTimestamp(TSPClient);
    if k <> 0 then
      raise Exception.Create('Failed to timestamp: ' + IntToStr(k));

    OpenXMLSigHandler.UpdateSignature();
  finally
    FreeAndNil(Document);
  end;
end;

How To articles about XML-based signature handlers

Discuss this help topic in SecureBlackbox Forum