SQL Server
SQL Server
Sign PDF with Timestamp from TSA (Timestamp Server Authority)
See more PDF Signatures Examples
This example demonstrates how to a sign a PDF that is both long-term validation (LTV) enabled and includes a validating timestamp from a TSA (Timestamp Server Authority).Chilkat SQL Server Downloads
-- Important: See this note about string length limitations for strings returned by sp_OAMethod calls.
--
CREATE PROCEDURE ChilkatSample
AS
BEGIN
DECLARE @hr int
-- Important: Do not use nvarchar(max). See the warning about using nvarchar(max).
DECLARE @sTmp0 nvarchar(4000)
DECLARE @success int
SELECT @success = 0
-- This example requires the Chilkat API to have been previously unlocked.
-- See Global Unlock Sample for sample code.
DECLARE @pdf int
EXEC @hr = sp_OACreate 'Chilkat.Pdf', @pdf OUT
IF @hr <> 0
BEGIN
PRINT 'Failed to create ActiveX component'
RETURN
END
-- Load a PDF to be signed.
-- The "hello.pdf" is available at https://chilkatsoft.com/hello.pdf
EXEC sp_OAMethod @pdf, 'LoadFile', @success OUT, 'qa_data/pdf/hello.pdf'
IF @success = 0
BEGIN
EXEC sp_OAGetProperty @pdf, 'LastErrorText', @sTmp0 OUT
PRINT @sTmp0
EXEC @hr = sp_OADestroy @pdf
RETURN
END
-- Options for signing are specified in JSON.
DECLARE @json int
EXEC @hr = sp_OACreate 'Chilkat.JsonObject', @json OUT
-- In most cases, the signingCertificateV2 and signingTime attributes are required.
EXEC sp_OAMethod @json, 'UpdateInt', @success OUT, 'signingCertificateV2', 1
EXEC sp_OAMethod @json, 'UpdateInt', @success OUT, 'signingTime', 1
-- Tell Chilkat to create an LTV-enabled (long term validation) signature.
-- See PDF Long-Term Validation (LTV) Signature Example for more detailed comments about "ltvOcsp".
EXEC sp_OAMethod @json, 'UpdateBool', @success OUT, 'ltvOcsp', 1
-- Tell Chilkat to request a timestamp from a TSA server and include the timestamp token (1.2.840.113549.1.9.16.2.14)
-- in the CMS signature's authentication attributes
EXEC sp_OAMethod @json, 'UpdateBool', @success OUT, 'timestampToken.enabled', 1
-- In this example, we'll use a free TSA server (timestamp.digicert.com), but you may want to use your own timestamp authority server.
EXEC sp_OAMethod @json, 'UpdateString', @success OUT, 'timestampToken.tsaUrl', 'http://timestamp.digicert.com'
-- If the timestamp server requires a username/password, do the following. Otherwise omit the following few lines of code.
EXEC sp_OAMethod @json, 'UpdateString', @success OUT, 'timestampToken.tsaUsername', 'the_tsa_username'
EXEC sp_OAMethod @json, 'UpdateString', @success OUT, 'timestampToken.tsaPassword', 'the_tsa_password'
-- When requesting the timestamp token, ask the server to include its certificate in the timestamp token response.
-- This allows for the timestamp server's certificate to be included in the LTV validation (i.e. if the timestamp server
-- has an OCSP URL, then Chilkat will also do the OCSP request for the timestamp server's certificate.)
EXEC sp_OAMethod @json, 'UpdateBool', @success OUT, 'timestampToken.requestTsaCert', 1
-- Define the appearance of the signature.
EXEC sp_OAMethod @json, 'UpdateInt', @success OUT, 'page', 1
EXEC sp_OAMethod @json, 'UpdateString', @success OUT, 'appearance.y', 'top'
EXEC sp_OAMethod @json, 'UpdateString', @success OUT, 'appearance.x', 'left'
EXEC sp_OAMethod @json, 'UpdateString', @success OUT, 'appearance.fontScale', '10.0'
EXEC sp_OAMethod @json, 'UpdateString', @success OUT, 'appearance.text[0]', 'Digitally signed by: cert_cn'
EXEC sp_OAMethod @json, 'UpdateString', @success OUT, 'appearance.text[1]', 'current_dt'
EXEC sp_OAMethod @json, 'UpdateString', @success OUT, 'appearance.text[2]', 'This is an LTV-enabled signature with a TSA timestamp.'
-- Load the signing certificate. (Use your own certificate.)
DECLARE @cert int
EXEC @hr = sp_OACreate 'Chilkat.Cert', @cert OUT
EXEC sp_OAMethod @cert, 'LoadPfxFile', @success OUT, 'qa_data/pfx/myPdfSigningCert.pfx', 'pfxPassword'
IF @success = 0
BEGIN
EXEC sp_OAGetProperty @cert, 'LastErrorText', @sTmp0 OUT
PRINT @sTmp0
EXEC @hr = sp_OADestroy @pdf
EXEC @hr = sp_OADestroy @json
EXEC @hr = sp_OADestroy @cert
RETURN
END
-- Tell the pdf object to use the certificate for signing.
EXEC sp_OAMethod @pdf, 'SetSigningCert', @success OUT, @cert
IF @success = 0
BEGIN
EXEC sp_OAGetProperty @pdf, 'LastErrorText', @sTmp0 OUT
PRINT @sTmp0
EXEC @hr = sp_OADestroy @pdf
EXEC @hr = sp_OADestroy @json
EXEC @hr = sp_OADestroy @cert
RETURN
END
EXEC sp_OAMethod @pdf, 'SignPdf', @success OUT, @json, 'qa_output/hello_ltv_signed_with_timestamp.pdf'
IF @success = 0
BEGIN
EXEC sp_OAGetProperty @pdf, 'LastErrorText', @sTmp0 OUT
PRINT @sTmp0
EXEC @hr = sp_OADestroy @pdf
EXEC @hr = sp_OADestroy @json
EXEC @hr = sp_OADestroy @cert
RETURN
END
PRINT 'The PDF has been successfully cryptographically signed with TSA timestamp and long-term validation.'
-- If you open the Signature Panel in Adobe Acrobat, it will indicate that the signature is LTV enabled
-- and contains an embedded timestamp:
-- (image:https://example-code.com/images/ltv_signature_with_timestamp.jpg/endImage)
EXEC @hr = sp_OADestroy @pdf
EXEC @hr = sp_OADestroy @json
EXEC @hr = sp_OADestroy @cert
END
GO