(Chilkat2-Python) Verify a CAdES-BES Signature and Examine Signature Contents

Demonstrates how to validate a .p7m (.p7s) signature and examine the contents of the signature.

Chilkat2 Python Downloads install with pip pip3 install chilkat2 or download... Python Module for Windows, Linux, Alpine Linux, MacOS, Solaris

import sys
import chilkat2

# This example requires the Chilkat API to have been previously unlocked.
# See Global Unlock Sample for sample code.

crypt = chilkat2.Crypt2()

outputFile = "qa_output/original.xml"
inFile = "qa_data/p7m/fattura_signature.xml.p7m"

# Verify the signature and extract the contained file, which in this case is XML.
success = crypt.VerifyP7M(inFile,outputFile)
if (success == False):
    print(crypt.LastErrorText)
    sys.exit()

print("Signature validated.")

# Now let's examine the information about the signature.
# json is a CkJsonObject
json = crypt.LastJsonData()
if (crypt.LastMethodSuccess == False):
    # This should never be the case...
    print("No information available.")
    sys.exit()

json.EmitCompact = False
print(json.Emit())

# Here's an example of the information about the signature:
# {
#   "pkcs7": {
#     "verify": {
#       "certs": [
#         {
#           "issuerCN": "Xyz EU Qualified Certificates CA G1",
#           "serial": "99A28A51AC389999"
#         }
#       ],
#       "useConstructedOctets": true,
#       "digestAlgorithms": [
#         "sha256"
#       ],
#       "signerInfo": [
#         {
#           "cert": {
#             "subjectKeyIdentifier": "5VM4x8AWnXf07yzbXuLtbb0U3yY=",
#             "digestAlgOid": "2.16.840.1.101.3.4.2.1",
#             "digestAlgName": "SHA256"
#           },
#           "signingAlgOid": "1.2.840.113549.1.1.11",
#           "signingAlgName": "RSA-SHA256-PKCSV-1_5",
#           "authAttr": {
#             "1.2.840.113549.1.9.3": {
#               "name": "contentType",
#               "oid": "1.2.840.113549.1.7.1"
#             },
#             "1.2.840.113549.1.9.5": {
#               "name": "signingTime",
#               "utctime": "190901152340Z"
#             },
#             "1.2.840.113549.1.9.4": {
#               "name": "messageDigest",
#               "digest": "y+gd/zAQK33A//HInhaZba7w1fUJleV9AHbP1Ntx6U0="
#             },
#             "1.2.840.113549.1.9.16.2.47": {
#               "name": "signingCertificateV2",
#               "der": "MIH4MI..w4vv0="
#             }
#           }
#         }
#       ]
#     }
#   }
# }

# Use this online tool to generate parsing code from sample JSON: 
# Generate Parsing Code from JSON

authAttrSigningTimeUtctime = chilkat2.DtObj()

i = 0
count_i = json.SizeOfArray("pkcs7.verify.certs")
while i < count_i :
    json.I = i
    issuerCN = json.StringOf("pkcs7.verify.certs[i].issuerCN")
    serial = json.StringOf("pkcs7.verify.certs[i].serial")
    i = i + 1

i = 0
count_i = json.SizeOfArray("pkcs7.verify.digestAlgorithms")
while i < count_i :
    json.I = i
    strVal = json.StringOf("pkcs7.verify.digestAlgorithms[i]")
    i = i + 1

i = 0
count_i = json.SizeOfArray("pkcs7.verify.signerInfo")
while i < count_i :
    json.I = i
    certSubjectKeyIdentifier = json.StringOf("pkcs7.verify.signerInfo[i].cert.subjectKeyIdentifier")
    certDigestAlgOid = json.StringOf("pkcs7.verify.signerInfo[i].cert.digestAlgOid")
    certDigestAlgName = json.StringOf("pkcs7.verify.signerInfo[i].cert.digestAlgName")
    signingAlgOid = json.StringOf("pkcs7.verify.signerInfo[i].signingAlgOid")
    signingAlgName = json.StringOf("pkcs7.verify.signerInfo[i].signingAlgName")
    authAttrContentTypeName = json.StringOf("pkcs7.verify.signerInfo[i].authAttr.\"1.2.840.113549.1.9.3\".name")
    authAttrContentTypeOid = json.StringOf("pkcs7.verify.signerInfo[i].authAttr.\"1.2.840.113549.1.9.3\".oid")
    authAttrSigningTimeName = json.StringOf("pkcs7.verify.signerInfo[i].authAttr.\"1.2.840.113549.1.9.5\".name")
    json.DtOf("pkcs7.verify.signerInfo[i].authAttr.\"1.2.840.113549.1.9.5\".utctime",False,authAttrSigningTimeUtctime)
    authAttrMessageDigestName = json.StringOf("pkcs7.verify.signerInfo[i].authAttr.\"1.2.840.113549.1.9.4\".name")
    authAttrMessageDigestDigest = json.StringOf("pkcs7.verify.signerInfo[i].authAttr.\"1.2.840.113549.1.9.4\".digest")
    authAttrSigningCertificateV2Name = json.StringOf("pkcs7.verify.signerInfo[i].authAttr.\"1.2.840.113549.1.9.16.2.47\".name")
    authAttrSigningCertificateV2Der = json.StringOf("pkcs7.verify.signerInfo[i].authAttr.\"1.2.840.113549.1.9.16.2.47\".der")
    i = i + 1