mrsool · ec-ecss · Feb 12, 2024
diff --git a/hash.rb b/hash.rb
@@ -0,0 +1,25 @@
+require 'nokogiri'
+require 'digest'
+require 'base64'
+
+if ARGV.empty?
+  puts "Please specify ubl xml file path as argument"
+  exit
+end
+
+xml_file_path = ARGV[0]
+
+begin
+  doc = File.open(xml_file_path) { |f| Nokogiri::XML(f) }
+rescue => e
+  puts "Can't open file as xml: #{e.message}"
+  exit
+end
+
+canonicalized_content = doc.canonicalize(Nokogiri::XML::XML_C14N_1_1)
+sha256 = Digest::SHA256.digest(canonicalized_content)
+hash_base64 = Base64.strict_encode64(sha256)
+
+puts {
+            hash: hash_base64
+ }.to_json
diff --git a/sign.rb b/sign.rb
@@ -0,0 +1,83 @@
+require 'nokogiri'
+require 'digest'
+require 'base64'
+require 'zatca'
+require 'json'
+
+if ARGV.length < 3
+  puts "Usage: ruby script.rb ubl_xml_file private_key_path certificate_path"
+  exit
+end
+
+xml_file_path = ARGV[0]
+private_key_path = ARGV[1]
+certificate_path = ARGV[2]
+
+unless File.exist?(xml_file_path)
+  puts "Error: #{xml_file_path} does not exist."
+  exit
+end
+
+unless File.exist?(private_key_path)
+  puts "Error: #{private_key_path} does not exist."
+
+begin
+  doc = File.open(xml_file_path) { |f| Nokogiri::XML(f) }
+rescue => e
+  puts "Can't open file as xml: #{e.message}"
+  exit
+end
+
+canonicalized_content = doc.canonicalize(Nokogiri::XML::XML_C14N_1_1)
+
+sha256 = Digest::SHA256.digest(canonicalized_content)
+hexdigestHash = Digest::SHA256.hexdigest(canonicalized_content)
+hash_base64 = Base64.strict_encode64(sha256)
+
+signing_time = Time.now.utc.strftime("%Y-%m-%dT%H:%M:%S")
+signing_time = signing_time.delete_suffix("Z")
+
+signature = ZATCA::Signing::ECDSA.sign(
+      content: hexdigestHash,
+      private_key_path: private_key_path,
+      decode_from_base64: false
+    );
+
+signed_hash = signature[:base64]
+signed_hash_bytes = signature[:bytes]
+parsed_certificate = ZATCA::Signing::Certificate.read_certificate(certificate_path)
+public_key_bytes = parsed_certificate.public_key_bytes
+certificate_signature = parsed_certificate.signature
+
+signed_properties_hash = ZATCA::UBL::Signing::SignedProperties.new(
+      signing_time: signing_time,
+      cert_digest_value: parsed_certificate.hash,
+      cert_issuer_name: parsed_certificate.issuer_name,
+      cert_serial_number: parsed_certificate.serial_number
+    ).generate_hash
+
+valeurs = {
+  "{{invoice_digest}}" => parsed_certificate.hash,
+  "{{signed_properties_hash}}" => signed_properties_hash,
+  "{{signature_value}}" => signed_hash,
+  "{{certificate}}" => parsed_certificate.cert_content_without_headers,
+  "{{signing_time}}"=>signing_time,
+  "{{cert_digest_value}}"=>parsed_certificate.hash,
+  "{{cert_issuer_name}}"=>parsed_certificate.issuer_name,
+  "{{cert_serial_number}}"=>parsed_certificate.serial_number
+}
+
+contenu_template_signature = File.read(File.join(__dir__, 'signature_extensions_hack.xml.tpl'))
+valeurs.each do |placeholder, valeur|
+  contenu_template_signature.gsub!(placeholder, valeur)
+end
+
+final_content = canonicalized_content ;
+final_content.sub!("<cbc:ProfileID>", "#{contenu_template_signature}<cbc:ProfileID>")
+strXmlStaticElement = "<cac:Signature><cbc:ID>urn:oasis:names:specification:ubl:signature:Invoice</cbc:ID><cbc:SignatureMethod>urn:oasis:names:specification:ubl:dsig:enveloped:xades</cbc:SignatureMethod></cac:Signature>" ;
+final_content.sub!("<cac:AccountingSupplierParty>", "#{strXmlStaticElement}<cac:AccountingSupplierParty>")
+
+puts {
+       hash: hash_base64,
+       signedb64: Base64.strict_encode64(final_content)
+}.to_json
diff --git a/signature_extensions_hack.xml.tpl b/signature_extensions_hack.xml.tpl
@@ -0,0 +1,19 @@
+<ext:UBLExtensions><ext:UBLExtension><ext:ExtensionURI>urn:oasis:names:specification:ubl:dsig:enveloped:xades</ext:ExtensionURI><ext:ExtensionContent><sig:UBLDocumentSignatures xmlns:sac="urn:oasis:names:specification:ubl:schema:xsd:SignatureAggregateComponents-2" xmlns:sbc="urn:oasis:names:specification:ubl:schema:xsd:SignatureBasicComponents-2" xmlns:sig="urn:oasis:names:specification:ubl:schema:xsd:CommonSignatureComponents-2"><sac:SignatureInformation><cbc:ID>urn:oasis:names:specification:ubl:signature:1</cbc:ID><sbc:ReferencedSignatureID>urn:oasis:names:specification:ubl:signature:Invoice</sbc:ReferencedSignatureID><ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#" Id="signature"><ds:SignedInfo><ds:CanonicalizationMethod Algorithm="http://www.w3.org/2006/12/xml-c14n11"></ds:CanonicalizationMethod><ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha256"></ds:SignatureMethod><ds:Reference Id="invoiceSignedData" URI=""><ds:Transforms><ds:Transform Algorithm="http://www.w3.org/TR/1999/REC-xpath-19991116"><ds:XPath>not(//ancestor-or-self::ext:UBLExtensions)</ds:XPath></ds:Transform><ds:Transform Algorithm="http://www.w3.org/TR/1999/REC-xpath-19991116"><ds:XPath>not(//ancestor-or-self::cac:Signature)</ds:XPath></ds:Transform><ds:Transform Algorithm="http://www.w3.org/TR/1999/REC-xpath-19991116"><ds:XPath>not(//ancestor-or-self::cac:AdditionalDocumentReference[cbc:ID='QR'])</ds:XPath></ds:Transform><ds:Transform Algorithm="http://www.w3.org/2006/12/xml-c14n11"></ds:Transform></ds:Transforms><ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"></ds:DigestMethod><ds:DigestValue>{{invoice_digest}}</ds:DigestValue></ds:Reference><ds:Reference Type="http://www.w3.org/2000/09/xmldsig#SignatureProperties" URI="#xadesSignedProperties"><ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"></ds:DigestMethod><ds:DigestValue>{{signed_properties_hash}}</ds:DigestValue></ds:Reference></ds:SignedInfo><ds:SignatureValue>{{signature_value}}</ds:SignatureValue><ds:KeyInfo><ds:X509Data><ds:X509Certificate>{{certificate}}</ds:X509Certificate></ds:X509Data></ds:KeyInfo><ds:Object>                            <xades:QualifyingProperties xmlns:xades="http://uri.etsi.org/01903/v1.3.2#" Target="signature">
+                                <xades:SignedProperties Id="xadesSignedProperties">
+                                    <xades:SignedSignatureProperties>
+                                        <xades:SigningTime>{{signing_time}}</xades:SigningTime>
+                                        <xades:SigningCertificate>
+                                            <xades:Cert>
+                                                <xades:CertDigest>
+                                                    <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
+                                                    <ds:DigestValue>{{cert_digest_value}}</ds:DigestValue>
+                                                </xades:CertDigest>
+                                                <xades:IssuerSerial>
+                                                    <ds:X509IssuerName>{{cert_issuer_name}}</ds:X509IssuerName>
+                                                    <ds:X509SerialNumber>{{cert_serial_number}}</ds:X509SerialNumber>
+                                                </xades:IssuerSerial>
+                                            </xades:Cert>
+                                        </xades:SigningCertificate>
+                                    </xades:SignedSignatureProperties>
+                                </xades:SignedProperties>
+                            </xades:QualifyingProperties></ds:Object></ds:Signature></sac:SignatureInformation></sig:UBLDocumentSignatures></ext:ExtensionContent></ext:UBLExtension></ext:UBLExtensions>