SQL Server
SQL Server
Validate a JWS Using ECDSA P-256 SHA-256
See more JSON Web Signatures (JWS) Examples
Validates a JSON Web Signature (JWS) that uses ECDSA P-256 SHA-256Chilkat SQL Server Downloads
-- Important: See this note about string length limitations for strings returned by sp_OAMethod calls.
--
CREATE PROCEDURE ChilkatSample
AS
BEGIN
DECLARE @hr int
-- Important: Do not use nvarchar(max). See the warning about using nvarchar(max).
DECLARE @sTmp0 nvarchar(4000)
DECLARE @success int
SELECT @success = 0
-- This requires the Chilkat API to have been previously unlocked.
-- See Global Unlock Sample for sample code.
-- This example takes a JSON signature in compact serialization format,
-- and uses an ECDSA public key to validate and recover the protected header and payload.
-- We only need a public key for signature validation. This is the ECDSA public key
-- that is used:
-- {"kty":"EC",
-- "crv":"P-256",
-- "x":"f83OJ3D2xF1Bg8vub9tLe1gHMzV76e8Tus9uPHvRVEU",
-- "y":"x_FEzRu9m36HLN_tue659LNpXW6pCyStikYjKIWI5a0"
-- }
DECLARE @sbPubKey int
EXEC @hr = sp_OACreate 'Chilkat.StringBuilder', @sbPubKey OUT
IF @hr <> 0
BEGIN
PRINT 'Failed to create ActiveX component'
RETURN
END
EXEC sp_OAMethod @sbPubKey, 'Append', @success OUT, '{"kty":"EC",'
EXEC sp_OAMethod @sbPubKey, 'Append', @success OUT, '"crv":"P-256",'
EXEC sp_OAMethod @sbPubKey, 'Append', @success OUT, '"x":"f83OJ3D2xF1Bg8vub9tLe1gHMzV76e8Tus9uPHvRVEU",'
EXEC sp_OAMethod @sbPubKey, 'Append', @success OUT, '"y":"x_FEzRu9m36HLN_tue659LNpXW6pCyStikYjKIWI5a0"'
EXEC sp_OAMethod @sbPubKey, 'Append', @success OUT, '}'
DECLARE @pubKey int
EXEC @hr = sp_OACreate 'Chilkat.PublicKey', @pubKey OUT
EXEC sp_OAMethod @sbPubKey, 'GetAsString', @sTmp0 OUT
EXEC sp_OAMethod @pubKey, 'LoadFromString', @success OUT, @sTmp0
IF @success = 0
BEGIN
EXEC sp_OAGetProperty @pubKey, 'LastErrorText', @sTmp0 OUT
PRINT @sTmp0
EXEC @hr = sp_OADestroy @sbPubKey
EXEC @hr = sp_OADestroy @pubKey
RETURN
END
DECLARE @jws int
EXEC @hr = sp_OACreate 'Chilkat.Jws', @jws OUT
-- Set the ECC public key:
DECLARE @signatureIndex int
SELECT @signatureIndex = 0
EXEC sp_OAMethod @jws, 'SetPublicKey', @success OUT, @signatureIndex, @pubKey
-- Load the JWS.
DECLARE @sbJws int
EXEC @hr = sp_OACreate 'Chilkat.StringBuilder', @sbJws OUT
EXEC sp_OAMethod @sbJws, 'Append', @success OUT, 'eyJhbGciOiJFUzI1NiJ9'
EXEC sp_OAMethod @sbJws, 'Append', @success OUT, '.'
EXEC sp_OAMethod @sbJws, 'Append', @success OUT, 'eyJpc3MiOiJqb2UiLA0KICJleHAiOjEzMDA4MTkzODAsDQogImh0dHA6Ly9leGFt'
EXEC sp_OAMethod @sbJws, 'Append', @success OUT, 'cGxlLmNvbS9pc19yb290Ijp0cnVlfQ'
EXEC sp_OAMethod @sbJws, 'Append', @success OUT, '.'
EXEC sp_OAMethod @sbJws, 'Append', @success OUT, 'DtEhU3ljbEg8L38VWAfUAqOyKAM6-Xx-F4GawxaepmXFCgfTjDxw5djxLa8ISlSA'
EXEC sp_OAMethod @sbJws, 'Append', @success OUT, 'pmWQxfKTUJqPP3-Kg6NU1Q'
EXEC sp_OAMethod @jws, 'LoadJwsSb', @success OUT, @sbJws
IF @success = 0
BEGIN
EXEC sp_OAGetProperty @jws, 'LastErrorText', @sTmp0 OUT
PRINT @sTmp0
EXEC @hr = sp_OADestroy @sbPubKey
EXEC @hr = sp_OADestroy @pubKey
EXEC @hr = sp_OADestroy @jws
EXEC @hr = sp_OADestroy @sbJws
RETURN
END
-- Validate the 1st (and only) signature at index 0..
DECLARE @v int
EXEC sp_OAMethod @jws, 'Validate', @v OUT, @signatureIndex
IF @v < 0
BEGIN
-- Perhaps Chilkat was not unlocked or the trial expired..
PRINT 'Method call failed for some other reason.'
EXEC sp_OAGetProperty @jws, 'LastErrorText', @sTmp0 OUT
PRINT @sTmp0
EXEC @hr = sp_OADestroy @sbPubKey
EXEC @hr = sp_OADestroy @pubKey
EXEC @hr = sp_OADestroy @jws
EXEC @hr = sp_OADestroy @sbJws
RETURN
END
IF @v = 0
BEGIN
PRINT 'Invalid signature. The ECC key was incorrect, the JWS was invalid, or both.'
EXEC @hr = sp_OADestroy @sbPubKey
EXEC @hr = sp_OADestroy @pubKey
EXEC @hr = sp_OADestroy @jws
EXEC @hr = sp_OADestroy @sbJws
RETURN
END
-- If we get here, the signature was validated..
PRINT 'Signature validated.'
PRINT '--'
-- Recover the original content:
PRINT 'Recovered content:'
EXEC sp_OAMethod @jws, 'GetPayload', @sTmp0 OUT, 'utf-8'
PRINT @sTmp0
PRINT '--'
-- Examine the protected header:
DECLARE @joseHeader int
EXEC @hr = sp_OACreate 'Chilkat.JsonObject', @joseHeader OUT
EXEC sp_OAMethod @jws, 'GetProtectedH', @success OUT, @signatureIndex, @joseHeader
IF @success = 0
BEGIN
EXEC sp_OAGetProperty @jws, 'LastErrorText', @sTmp0 OUT
PRINT @sTmp0
EXEC @hr = sp_OADestroy @sbPubKey
EXEC @hr = sp_OADestroy @pubKey
EXEC @hr = sp_OADestroy @jws
EXEC @hr = sp_OADestroy @sbJws
EXEC @hr = sp_OADestroy @joseHeader
RETURN
END
EXEC sp_OASetProperty @joseHeader, 'EmitCompact', 0
PRINT 'Protected (JOSE) header:'
EXEC sp_OAMethod @joseHeader, 'Emit', @sTmp0 OUT
PRINT @sTmp0
-- Output:
-- Signature validated.
-- --
-- Recovered content:
-- {"iss":"joe",
-- "exp":1300819380,
-- "http://example.com/is_root":true}
-- --
-- Protected (JOSE) header:
-- {
-- "alg": "ES256"
-- }
EXEC @hr = sp_OADestroy @sbPubKey
EXEC @hr = sp_OADestroy @pubKey
EXEC @hr = sp_OADestroy @jws
EXEC @hr = sp_OADestroy @sbJws
EXEC @hr = sp_OADestroy @joseHeader
END
GO