|
Chilkat • HOME • .NET Core C# • Android™ • AutoIt • C • C# • C++ • Chilkat2-Python • CkPython • Classic ASP • DataFlex • Delphi ActiveX • Delphi DLL • Go • Java • Lianja • Mono C# • Node.js • Objective-C • PHP ActiveX • PHP Extension • Perl • PowerBuilder • PowerShell • PureBasic • Ruby • SQL Server • Swift 2 • Swift 3,4,5... • Tcl • Unicode C • Unicode C++ • VB.NET • VBScript • Visual Basic 6.0 • Visual FoxPro • Xojo Plugin
(AutoIt) Validate PDF SignaturesSee more PDF Signatures ExamplesThis example demonstrates how to validate the signatures in a PDF and also shows how to get information from each signature. Note: This example requires Chilkat v9.5.0.85 or greater.
; This example requires the Chilkat API to have been previously unlocked. ; See Global Unlock Sample for sample code. $oPdf = ObjCreate("Chilkat.Pdf") ; Load a PDF that has cryptographic signatures to be validated Local $bSuccess = $oPdf.LoadFile("qa_data/pdf/sign_testing_1/helloSigned2.pdf") If ($bSuccess = False) Then ConsoleWrite($oPdf.LastErrorText & @CRLF) Exit EndIf ; Each time we verify a signature, information about the signature is written into ; sigInfo (replacing whatever sigInfo previously contained). $oSigInfo = ObjCreate("Chilkat.JsonObject") $oSigInfo.EmitCompact = False ; Iterate over each signature and validate each. Local $iNumSignatures = $oPdf.NumSignatures Local $bValidated = False Local $i = 0 While $i < $iNumSignatures $bValidated = $oPdf.VerifySignature($i,$oSigInfo) ConsoleWrite("Signature " & $i & " validated: " & $bValidated & @CRLF) ConsoleWrite($oSigInfo.Emit() & @CRLF) $i = $i + 1 Wend ConsoleWrite("Finished." & @CRLF) ; When VerifySignature validates a signature, a lot of information is deposited into the JSON sigInfo object. ; The information can vary depending on what was included in the signature (for example, various authenticated attributes ; and unauthenticated attributes may or may not be included). ; Here is a sample of the information you'll see. ; ; The following online tool can be used to generate code to parse any given JSON. ; Generate Parsing Code from JSON ; { ; "validated": true, ; "signatureDictionary": { <--- This is the contents of the PDF Signature Dictionary for this signature. ; "/ByteRange": [ ; 0, ; 154682, ; 170512, ; 3233 ; ], ; "/Contents": "<hex_data>", ; "/Filter": "/Adobe.PPKLite", <--- The meaning of the Signature Dictionary entries are defined in the PDF format specification document. ; "/M": "D:20201006110216-05'00'", ; "/Name": "yubikey rsa 1024 authentication", ; "/Prop_Build": { ; "/App": { ; "/Name": "/Adobe#20Acrobat#20Pro#20DC", ; "/OS": [ ; "/Win" ; ], ; "/R": 1313792, ; "/REx": "2020.012.20048", ; "/TrustedMode": true ; }, ; "/Filter": { ; "/Date": "Sep 11 2020 16:30:54", ; "/Name": "/Adobe.PPKLite", ; "/R": 131104, ; "/V": 2 ; }, ; "/PubSec": { ; "/Date": "Sep 11 2020 16:30:54", ; "/NonEFontNoWarn": true, ; "/R": 131105 ; } ; }, ; "/SubFilter": "/adbe.pkcs7.detached", ; "/Type": "/Sig" ; }, ; "pkcs7": { <--- This is the content of the CMS signature. ; "verify": { ; "certs": [ <--- Each signing certificate is listed here (by issuer common name and signing cert's serail number (in hex)) ; { ; "issuerCN": "yubikey rsa 1024 authentication", ; "serial": "66BE58138D761E92BC594A722932657BE26D421F" ; } ; ], ; "digestAlgorithms": [ ; "sha256" ; ], ; "signerInfo": [ <--- contains data from each SignerInfo ; { ; "cert": { ; "serialNumber": "66BE58138D761E92BC594A722932657BE26D421F", ; "issuerCN": "yubikey rsa 1024 authentication", ; "digestAlgOid": "2.16.840.1.101.3.4.2.1", ; "digestAlgName": "SHA256" ; }, ; "contentType": "1.2.840.113549.1.7.1", ; "messageDigest": "btQOuSEvC31mdRFHtyEUPw8R9NuKfk0XPcQ6Lcmn6pk=", ; "signingAlgOid": "1.2.840.113549.1.1.11", ; "signingAlgName": "RSA-SHA256-PKCSV-1_5", ; "authAttr": { <--- CMS authenticated attributes are contained here. ; "1.2.840.113583.1.1.8": { ; "der": "MAA=" ; }, ; "1.2.840.113549.1.9.3": { ; "name": "contentType", ; "oid": "1.2.840.113549.1.7.1" ; }, ; "1.2.840.113549.1.9.4": { ; "name": "messageDigest", ; "digest": "btQOuSEvC31mdRFHtyEUPw8R9NuKfk0XPcQ6Lcmn6pk=" ; } ; }, ; "unauthAttr": { <--- CMS unauthenticated attributes are contained here. ; "1.2.840.113549.1.9.16.2.14": { ; "name": "timestampToken", ; "der": "MIIOvAYJKo ... Es/70g=", ; "verify": { ; "digestAlgorithms": [ ; "sha256" ; ], ; "signerInfo": [ ; { ; "cert": { ; "serialNumber": "04CD3F8568AE76C61BB0FE7160CCA76D", ; "issuerCN": "DigiCert SHA2 Assured ID Timestamping CA", ; "digestAlgOid": "2.16.840.1.101.3.4.2.1", ; "digestAlgName": "SHA256" ; }, ; "contentType": "1.2.840.113549.1.9.16.1.4", ; "signingTime": "201006160423Z", ; "messageDigest": "Atv5Rj3kidB8IR6CplYiX3o6De/k8SC6JJ6uUPAGO0g=", ; "signingAlgOid": "1.2.840.113549.1.1.1", ; "signingAlgName": "RSA-PKCSV-1_5", ; "authAttr": { ; "1.2.840.113549.1.9.3": { ; "name": "contentType", ; "oid": "1.2.840.113549.1.9.16.1.4" ; }, ; "1.2.840.113549.1.9.5": { ; "name": "signingTime", ; "utctime": "201006160423Z" ; }, ; "1.2.840.113549.1.9.16.2.12": { ; "name": "signingCertificate", ; "der": "MBowGDAWBBQDJb1QXtqWMC3CL0+gHkwovig0xQ==" ; }, ; "1.2.840.113549.1.9.4": { ; "name": "messageDigest", ; "digest": "Atv5Rj3kidB8IR6CplYiX3o6De/k8SC6JJ6uUPAGO0g=" ; } ; } ; } ; ] ; }, ; "timestampSignatureVerified": true, ; "tstInfo": { ; "tsaPolicyId": "2.16.840.1.114412.7.1", ; "messageImprint": { ; "hashAlg": "sha256", ; "digest": "gLJtrRWUSDfjzDkF1MfWG1wyHA6FrUJLkWMGRG+eMlA=", ; "digestMatches": true ; }, ; "serialNumber": "00CE57E1113970607EF63B1D1160545321", ; "genTime": "20201006160423Z" ; } ; } ; } ; } ; ], ; "pkcs7": { ; "verify": { ; "certs": [ ; { ; "issuerCN": "DigiCert SHA2 Assured ID Timestamping CA", ; "serial": "04CD3F8568AE76C61BB0FE7160CCA76D" ; }, ; { ; "issuerCN": "DigiCert Assured ID Root CA", ; "serial": "0AA125D6D6321B7E41E405DA3697C215" ; } ; ] ; } ; } ; } ; } ; } ; **** The point of this code is to show how to get at each desired piece of information contained in the signature. ; **** If your signature contains additional information not shown here, then you can use the online tool to generate the parse code. ; **** It is likely you're only interested in a few items of information, and therefore you wouldn't copy all of this code, but might ; **** choose to use bits and pieces to get the information you find important. $oJson = ObjCreate("Chilkat.JsonObject") ; Imagine that the "json" object contains the information obtained by validating a signature... ; The code below was generated using the online tool: Generate Parsing Code from JSON $oUnauthAttrTimestampTokenTstInfoGenTime = ObjCreate("Chilkat.DtObj") $oSigningTime = ObjCreate("Chilkat.DtObj") $oAuthAttrSigningTimeUtctime = ObjCreate("Chilkat.DtObj") Local $intVal Local $strVal Local $sIssuerCN Local $serial Local $sCertSerialNumber Local $sCertIssuerCN Local $sCertDigestAlgOid Local $sCertDigestAlgName Local $sContentType Local $sMessageDigest Local $signingAlgOid Local $signingAlgName Local $sAuthAttr1_2_840_113583_1_1_8Der Local $sAuthAttrContentTypeName Local $sAuthAttrContentTypeOid Local $sAuthAttrMessageDigestName Local $sAuthAttrMessageDigestDigest Local $sUnauthAttrTimestampTokenName Local $sUnauthAttrTimestampTokenDer Local $bUnauthAttrTimestampTokenTimestampSignatureVerified Local $sUnauthAttrTimestampTokenTstInfoTsaPolicyId Local $sUnauthAttrTimestampTokenTstInfoMessageImprintHashAlg Local $sUnauthAttrTimestampTokenTstInfoMessageImprintDigest Local $bUnauthAttrTimestampTokenTstInfoMessageImprintDigestMatches Local $sUnauthAttrTimestampTokenTstInfoSerialNumber Local $iJ Local $iCount_j Local $sAuthAttrSigningTimeName Local $sAuthAttrSigningCertificateName Local $sAuthAttrSigningCertificateDer $bValidated = $oJson.BoolOf("validated") Local $signatureDictionary_Contents = $oJson.StringOf("signatureDictionary./Contents") Local $signatureDictionary_Filter = $oJson.StringOf("signatureDictionary./Filter") Local $signatureDictionary_M = $oJson.StringOf("signatureDictionary./M") Local $signatureDictionary_Name = $oJson.StringOf("signatureDictionary./Name") Local $signatureDictionary_Prop_Build_App_Name = $oJson.StringOf("signatureDictionary./Prop_Build./App./Name") Local $iSignatureDictionary_Prop_Build_App_R = $oJson.IntOf("signatureDictionary./Prop_Build./App./R") Local $signatureDictionary_Prop_Build_App_REx = $oJson.StringOf("signatureDictionary./Prop_Build./App./REx") Local $bSignatureDictionary_Prop_Build_App_TrustedMode = $oJson.BoolOf("signatureDictionary./Prop_Build./App./TrustedMode") Local $signatureDictionary_Prop_Build_Filter_Date = $oJson.StringOf("signatureDictionary./Prop_Build./Filter./Date") Local $signatureDictionary_Prop_Build_Filter_Name = $oJson.StringOf("signatureDictionary./Prop_Build./Filter./Name") Local $iSignatureDictionary_Prop_Build_Filter_R = $oJson.IntOf("signatureDictionary./Prop_Build./Filter./R") Local $iSignatureDictionary_Prop_Build_Filter_V = $oJson.IntOf("signatureDictionary./Prop_Build./Filter./V") Local $signatureDictionary_Prop_Build_PubSec_Date = $oJson.StringOf("signatureDictionary./Prop_Build./PubSec./Date") Local $bSignatureDictionary_Prop_Build_PubSec_NonEFontNoWarn = $oJson.BoolOf("signatureDictionary./Prop_Build./PubSec./NonEFontNoWarn") Local $iSignatureDictionary_Prop_Build_PubSec_R = $oJson.IntOf("signatureDictionary./Prop_Build./PubSec./R") Local $signatureDictionary_SubFilter = $oJson.StringOf("signatureDictionary./SubFilter") Local $signatureDictionary_Type = $oJson.StringOf("signatureDictionary./Type") $i = 0 Local $iCount_i = $oJson.SizeOfArray("signatureDictionary./ByteRange") While $i < $iCount_i $oJson.I = $i $intVal = $oJson.IntOf("signatureDictionary./ByteRange[i]") $i = $i + 1 Wend $i = 0 $iCount_i = $oJson.SizeOfArray("signatureDictionary./Prop_Build./App./OS") While $i < $iCount_i $oJson.I = $i $strVal = $oJson.StringOf("signatureDictionary./Prop_Build./App./OS[i]") $i = $i + 1 Wend $i = 0 $iCount_i = $oJson.SizeOfArray("pkcs7.verify.certs") While $i < $iCount_i $oJson.I = $i $sIssuerCN = $oJson.StringOf("pkcs7.verify.certs[i].issuerCN") $serial = $oJson.StringOf("pkcs7.verify.certs[i].serial") $i = $i + 1 Wend $i = 0 $iCount_i = $oJson.SizeOfArray("pkcs7.verify.digestAlgorithms") While $i < $iCount_i $oJson.I = $i $strVal = $oJson.StringOf("pkcs7.verify.digestAlgorithms[i]") $i = $i + 1 Wend $i = 0 $iCount_i = $oJson.SizeOfArray("pkcs7.verify.signerInfo") While $i < $iCount_i $oJson.I = $i $sCertSerialNumber = $oJson.StringOf("pkcs7.verify.signerInfo[i].cert.serialNumber") $sCertIssuerCN = $oJson.StringOf("pkcs7.verify.signerInfo[i].cert.issuerCN") $sCertDigestAlgOid = $oJson.StringOf("pkcs7.verify.signerInfo[i].cert.digestAlgOid") $sCertDigestAlgName = $oJson.StringOf("pkcs7.verify.signerInfo[i].cert.digestAlgName") $sContentType = $oJson.StringOf("pkcs7.verify.signerInfo[i].contentType") $sMessageDigest = $oJson.StringOf("pkcs7.verify.signerInfo[i].messageDigest") $signingAlgOid = $oJson.StringOf("pkcs7.verify.signerInfo[i].signingAlgOid") $signingAlgName = $oJson.StringOf("pkcs7.verify.signerInfo[i].signingAlgName") $sAuthAttr1_2_840_113583_1_1_8Der = $oJson.StringOf("pkcs7.verify.signerInfo[i].authAttr.""1.2.840.113583.1.1.8"".der") $sAuthAttrContentTypeName = $oJson.StringOf("pkcs7.verify.signerInfo[i].authAttr.""1.2.840.113549.1.9.3"".name") $sAuthAttrContentTypeOid = $oJson.StringOf("pkcs7.verify.signerInfo[i].authAttr.""1.2.840.113549.1.9.3"".oid") $sAuthAttrMessageDigestName = $oJson.StringOf("pkcs7.verify.signerInfo[i].authAttr.""1.2.840.113549.1.9.4"".name") $sAuthAttrMessageDigestDigest = $oJson.StringOf("pkcs7.verify.signerInfo[i].authAttr.""1.2.840.113549.1.9.4"".digest") $sUnauthAttrTimestampTokenName = $oJson.StringOf("pkcs7.verify.signerInfo[i].unauthAttr.""1.2.840.113549.1.9.16.2.14"".name") $sUnauthAttrTimestampTokenDer = $oJson.StringOf("pkcs7.verify.signerInfo[i].unauthAttr.""1.2.840.113549.1.9.16.2.14"".der") $bUnauthAttrTimestampTokenTimestampSignatureVerified = $oJson.BoolOf("pkcs7.verify.signerInfo[i].unauthAttr.""1.2.840.113549.1.9.16.2.14"".timestampSignatureVerified") $sUnauthAttrTimestampTokenTstInfoTsaPolicyId = $oJson.StringOf("pkcs7.verify.signerInfo[i].unauthAttr.""1.2.840.113549.1.9.16.2.14"".tstInfo.tsaPolicyId") $sUnauthAttrTimestampTokenTstInfoMessageImprintHashAlg = $oJson.StringOf("pkcs7.verify.signerInfo[i].unauthAttr.""1.2.840.113549.1.9.16.2.14"".tstInfo.messageImprint.hashAlg") $sUnauthAttrTimestampTokenTstInfoMessageImprintDigest = $oJson.StringOf("pkcs7.verify.signerInfo[i].unauthAttr.""1.2.840.113549.1.9.16.2.14"".tstInfo.messageImprint.digest") $bUnauthAttrTimestampTokenTstInfoMessageImprintDigestMatches = $oJson.BoolOf("pkcs7.verify.signerInfo[i].unauthAttr.""1.2.840.113549.1.9.16.2.14"".tstInfo.messageImprint.digestMatches") $sUnauthAttrTimestampTokenTstInfoSerialNumber = $oJson.StringOf("pkcs7.verify.signerInfo[i].unauthAttr.""1.2.840.113549.1.9.16.2.14"".tstInfo.serialNumber") $oJson.DtOf("pkcs7.verify.signerInfo[i].unauthAttr.""1.2.840.113549.1.9.16.2.14"".tstInfo.genTime",False,$oUnauthAttrTimestampTokenTstInfoGenTime) $iJ = 0 $iCount_j = $oJson.SizeOfArray("pkcs7.verify.signerInfo[i].unauthAttr.""1.2.840.113549.1.9.16.2.14"".verify.digestAlgorithms") While $iJ < $iCount_j $oJson.J = $iJ $strVal = $oJson.StringOf("pkcs7.verify.signerInfo[i].unauthAttr.""1.2.840.113549.1.9.16.2.14"".verify.digestAlgorithms[j]") $iJ = $iJ + 1 Wend $iJ = 0 $iCount_j = $oJson.SizeOfArray("pkcs7.verify.signerInfo[i].unauthAttr.""1.2.840.113549.1.9.16.2.14"".verify.signerInfo") While $iJ < $iCount_j $oJson.J = $iJ $sCertSerialNumber = $oJson.StringOf("pkcs7.verify.signerInfo[i].unauthAttr.""1.2.840.113549.1.9.16.2.14"".verify.signerInfo[j].cert.serialNumber") $sCertIssuerCN = $oJson.StringOf("pkcs7.verify.signerInfo[i].unauthAttr.""1.2.840.113549.1.9.16.2.14"".verify.signerInfo[j].cert.issuerCN") $sCertDigestAlgOid = $oJson.StringOf("pkcs7.verify.signerInfo[i].unauthAttr.""1.2.840.113549.1.9.16.2.14"".verify.signerInfo[j].cert.digestAlgOid") $sCertDigestAlgName = $oJson.StringOf("pkcs7.verify.signerInfo[i].unauthAttr.""1.2.840.113549.1.9.16.2.14"".verify.signerInfo[j].cert.digestAlgName") $sContentType = $oJson.StringOf("pkcs7.verify.signerInfo[i].unauthAttr.""1.2.840.113549.1.9.16.2.14"".verify.signerInfo[j].contentType") $oJson.DtOf("pkcs7.verify.signerInfo[i].unauthAttr.""1.2.840.113549.1.9.16.2.14"".verify.signerInfo[j].signingTime",False,$oSigningTime) $sMessageDigest = $oJson.StringOf("pkcs7.verify.signerInfo[i].unauthAttr.""1.2.840.113549.1.9.16.2.14"".verify.signerInfo[j].messageDigest") $signingAlgOid = $oJson.StringOf("pkcs7.verify.signerInfo[i].unauthAttr.""1.2.840.113549.1.9.16.2.14"".verify.signerInfo[j].signingAlgOid") $signingAlgName = $oJson.StringOf("pkcs7.verify.signerInfo[i].unauthAttr.""1.2.840.113549.1.9.16.2.14"".verify.signerInfo[j].signingAlgName") $sAuthAttrContentTypeName = $oJson.StringOf("pkcs7.verify.signerInfo[i].unauthAttr.""1.2.840.113549.1.9.16.2.14"".verify.signerInfo[j].authAttr.""1.2.840.113549.1.9.3"".name") $sAuthAttrContentTypeOid = $oJson.StringOf("pkcs7.verify.signerInfo[i].unauthAttr.""1.2.840.113549.1.9.16.2.14"".verify.signerInfo[j].authAttr.""1.2.840.113549.1.9.3"".oid") $sAuthAttrSigningTimeName = $oJson.StringOf("pkcs7.verify.signerInfo[i].unauthAttr.""1.2.840.113549.1.9.16.2.14"".verify.signerInfo[j].authAttr.""1.2.840.113549.1.9.5"".name") $oJson.DtOf("pkcs7.verify.signerInfo[i].unauthAttr.""1.2.840.113549.1.9.16.2.14"".verify.signerInfo[j].authAttr.""1.2.840.113549.1.9.5"".utctime",False,$oAuthAttrSigningTimeUtctime) $sAuthAttrSigningCertificateName = $oJson.StringOf("pkcs7.verify.signerInfo[i].unauthAttr.""1.2.840.113549.1.9.16.2.14"".verify.signerInfo[j].authAttr.""1.2.840.113549.1.9.16.2.12"".name") $sAuthAttrSigningCertificateDer = $oJson.StringOf("pkcs7.verify.signerInfo[i].unauthAttr.""1.2.840.113549.1.9.16.2.14"".verify.signerInfo[j].authAttr.""1.2.840.113549.1.9.16.2.12"".der") $sAuthAttrMessageDigestName = $oJson.StringOf("pkcs7.verify.signerInfo[i].unauthAttr.""1.2.840.113549.1.9.16.2.14"".verify.signerInfo[j].authAttr.""1.2.840.113549.1.9.4"".name") $sAuthAttrMessageDigestDigest = $oJson.StringOf("pkcs7.verify.signerInfo[i].unauthAttr.""1.2.840.113549.1.9.16.2.14"".verify.signerInfo[j].authAttr.""1.2.840.113549.1.9.4"".digest") $iJ = $iJ + 1 Wend $i = $i + 1 Wend $i = 0 $iCount_i = $oJson.SizeOfArray("pkcs7.verify.pkcs7.verify.certs") While $i < $iCount_i $oJson.I = $i $sIssuerCN = $oJson.StringOf("pkcs7.verify.pkcs7.verify.certs[i].issuerCN") $serial = $oJson.StringOf("pkcs7.verify.pkcs7.verify.certs[i].serial") $i = $i + 1 Wend |
||||
© 2000-2024 Chilkat Software, Inc. All Rights Reserved.