|
Chilkat • HOME • .NET Core C# • Android™ • AutoIt • C • C# • C++ • Chilkat2-Python • CkPython • Classic ASP • DataFlex • Delphi ActiveX • Delphi DLL • Go • Java • Lianja • Mono C# • Node.js • Objective-C • PHP ActiveX • PHP Extension • Perl • PowerBuilder • PowerShell • PureBasic • Ruby • SQL Server • Swift 2 • Swift 3,4,5... • Tcl • Unicode C • Unicode C++ • VB.NET • VBScript • Visual Basic 6.0 • Visual FoxPro • Xojo Plugin
(Classic ASP) Validate a .pkpass ArchiveOpens a .pkpass archive (which is just a .zip renamed to .pkpass) and validates the contents. The hashes in the manifest are compared with the computed hash values for each individual file. If all computed hash values match, then the signature is verified.
<html> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8"> </head> <body> <% ' This example assumes the Chilkat API to have been previously unlocked. ' See Global Unlock Sample for sample code. ' For versions of Chilkat < 10.0.0, use CreateObject("Chilkat_9_5_0.Crypt2") set crypt = Server.CreateObject("Chilkat.Crypt2") ' For versions of Chilkat < 10.0.0, use CreateObject("Chilkat_9_5_0.Zip") set zip = Server.CreateObject("Chilkat.Zip") success = zip.OpenZip("qa_data/pkpass/invalid.pkpass") If (success = 0) Then Response.Write "<pre>" & Server.HTMLEncode( zip.LastErrorText) & "</pre>" Response.End End If ' Get the contents of the manifest.json file, which contains something like this: ' { ' "icon.png" : "0296b01347b3173e98438a003b0e88986340b2d8", ' "logo.png" : "25de09e2d3b01ce1fe00c2ca9a90a2be1aaa05cf", ' "icon@2x.png" : "5afd9585b08c65fdf105a90c8bd643407cba2787", ' "pass.json" : "145ea5a5db784fff485126c77ecf7a1fc2a88ee7", ' "strip@2x.png" : "468fa7bc93e6b55342b56fda09bdce7c829d7d46", ' "strip.png" : "736d01f84cb73d06e8a9932e43076d68f19461ff" ' } ' ent is a Chilkat.ZipEntry Set ent = zip.GetEntryByName("manifest.json") If (zip.LastMethodSuccess = 0) Then Response.Write "<pre>" & Server.HTMLEncode( "manifest.json entry not found.") & "</pre>" Response.End End If ' Get the exact content of the manifest.json for later signature verification. ' For versions of Chilkat < 10.0.0, use CreateObject("Chilkat_9_5_0.BinData") set bdManifest = Server.CreateObject("Chilkat.BinData") success = ent.UnzipToBd(bdManifest) ' For versions of Chilkat < 10.0.0, use CreateObject("Chilkat_9_5_0.JsonObject") set json = Server.CreateObject("Chilkat.JsonObject") json.EmitCompact = 0 success = json.Load(ent.UnzipToString(0,"utf-8")) Response.Write "<pre>" & Server.HTMLEncode( json.Emit()) & "</pre>" ' For each file in the JSON, get the filename and hex hash value. crypt.EncodingMode = "hexlower" crypt.HashAlgorithm = "sha1" someHashesFailed = 0 ' For versions of Chilkat < 10.0.0, use CreateObject("Chilkat_9_5_0.StringBuilder") set sbHashHex = Server.CreateObject("Chilkat.StringBuilder") ' For versions of Chilkat < 10.0.0, use CreateObject("Chilkat_9_5_0.BinData") set bdFileData = Server.CreateObject("Chilkat.BinData") numMembers = json.Size i = 0 Do While i < numMembers filename = json.NameAt(i) sbHashHex.Clear success = sbHashHex.Append(json.StringAt(i)) ' ent is a Chilkat.ZipEntry Set ent = zip.GetEntryByName(filename) If (zip.LastMethodSuccess = 0) Then Response.Write "<pre>" & Server.HTMLEncode( filename & " not found in the pkpass file.") & "</pre>" Response.End End If ' Get the data for this file. success = bdFileData.Clear() success = ent.UnzipToBd(bdFileData) computedHashHex = crypt.HashBdENC(bdFileData) If (sbHashHex.ContentsEqual(computedHashHex,0) = 0) Then Response.Write "<pre>" & Server.HTMLEncode( "Computed hash does not match stored hash for " & filename) & "</pre>" Response.Write "<pre>" & Server.HTMLEncode( " computed: " & computedHashHex) & "</pre>" Response.Write "<pre>" & Server.HTMLEncode( " stored: " & sbHashHex.GetAsString()) & "</pre>" someHashesFailed = 1 Else Response.Write "<pre>" & Server.HTMLEncode( "hash verified for " & filename & "(" & computedHashHex & ")") & "</pre>" End If i = i + 1 Loop If (someHashesFailed = 1) Then Response.Write "<pre>" & Server.HTMLEncode( "Some hashes failed.") & "</pre>" Response.End End If ' Let's verify the signature.. ' First get the signature. ' ent is a Chilkat.ZipEntry Set ent = zip.GetEntryByName("signature") If (zip.LastMethodSuccess = 0) Then Response.Write "<pre>" & Server.HTMLEncode( "signature not found in the pkpass file.") & "</pre>" Response.End End If ' For versions of Chilkat < 10.0.0, use CreateObject("Chilkat_9_5_0.BinData") set bdSignature = Server.CreateObject("Chilkat.BinData") success = ent.UnzipToBd(bdSignature) ' Show the contents of the signature in base64 encoding. Response.Write "<pre>" & Server.HTMLEncode( "Signature:") & "</pre>" Response.Write "<pre>" & Server.HTMLEncode( bdSignature.GetEncoded("base64_mime")) & "</pre>" Response.Write "<pre>" & Server.HTMLEncode( "----") & "</pre>" ' Verify the signature against the manifest.json crypt.EncodingMode = "base64" verified = crypt.VerifyBdENC(bdManifest,bdSignature.GetEncoded("base64")) If (verified = 0) Then Response.Write "<pre>" & Server.HTMLEncode( crypt.LastErrorText) & "</pre>" End If Response.Write "<pre>" & Server.HTMLEncode( "signature verified = " & verified) & "</pre>" %> </body> </html> |
||||
© 2000-2024 Chilkat Software, Inc. All Rights Reserved.