|
Chilkat • HOME • .NET Core C# • Android™ • AutoIt • C • C# • C++ • Chilkat2-Python • CkPython • Classic ASP • DataFlex • Delphi ActiveX • Delphi DLL • Go • Java • Lianja • Mono C# • Node.js • Objective-C • PHP ActiveX • PHP Extension • Perl • PowerBuilder • PowerShell • PureBasic • Ruby • SQL Server • Swift 2 • Swift 3,4,5... • Tcl • Unicode C • Unicode C++ • VB.NET • VBScript • Visual Basic 6.0 • Visual FoxPro • Xojo Plugin
(DataFlex) Validate CAdES-T Signature (.p7m)Validates a CAdES-T CMS signature and extracts the time-stamp token and gets information about it. Also validates the time-stamp token. Note: This example requires Chilkat v9.5.0.78 or greater.
Use ChilkatAx-win32.pkg Procedure Test Handle hoCrypt Boolean iSuccess Handle hoCmsOptions Variant vJson Handle hoJson Integer i Integer iCount_i String sStrVal String sCertSerialNumber String sCertIssuerCN String sCertIssuerDN String sCertDigestAlgOid String sCertDigestAlgName String sContentType Variant vSigningTime Handle hoSigningTime String sMessageDigest String sSigningAlgOid String sSigningAlgName String sAuthAttrContentTypeName String sAuthAttrContentTypeOid String sAuthAttrSigningTimeName Variant vAuthAttrSigningTimeUtctime Handle hoAuthAttrSigningTimeUtctime String sAuthAttrMessageDigestName String sAuthAttrMessageDigestDigest String sAuthAttrSigningCertificateV2Name String sAuthAttrSigningCertificateV2Der String sUnauthAttrTimestampTokenName String sUnauthAttrTimestampTokenDer Boolean iUnauthAttrTimestampTokenTimestampSignatureVerified String sUnauthAttrTimestampTokenTstInfoTsaPolicyId String sUnauthAttrTimestampTokenTstInfoMessageImprintHashAlg String sUnauthAttrTimestampTokenTstInfoMessageImprintDigest Boolean iUnauthAttrTimestampTokenTstInfoMessageImprintDigestMatches String sUnauthAttrTimestampTokenTstInfoSerialNumber Variant vUnauthAttrTimestampTokenTstInfoGenTime Handle hoUnauthAttrTimestampTokenTstInfoGenTime Integer j Integer iCount_j String sTemp1 Boolean bTemp1 // This example requires the Chilkat API to have been previously unlocked. // See Global Unlock Sample for sample code. Get Create (RefClass(cComChilkatCrypt2)) To hoCrypt If (Not(IsComObjectCreated(hoCrypt))) Begin Send CreateComObject of hoCrypt End // Indicate that the CAdES-T timestamp tokens must also pass validation for the signature to be validated. Get Create (RefClass(cComChilkatJsonObject)) To hoCmsOptions If (Not(IsComObjectCreated(hoCmsOptions))) Begin Send CreateComObject of hoCmsOptions End Get ComUpdateBool Of hoCmsOptions "ValidateTimestampTokens" True To iSuccess Get ComEmit Of hoCmsOptions To sTemp1 Set ComCmsOptions Of hoCrypt To sTemp1 // Validate the .p7m and extract the original signed data to an output file. // Note: The timestampToken is an unauthenticated attribute. See the code below that parses the LastJsonData // for details about examining timestampToken. Get ComVerifyP7M Of hoCrypt "qa_data/cades/CAdES-T/Signature-C-T-1.p7m" "qa_output/out.dat" To iSuccess // Get information about the CMS signature in the LastJsonData. // The detailed results of the signature validation are available in LastJsonData. // (If the non-success return status was caused by an error such as "file not found", then the // LastJsonData would be empty.) Get ComLastJsonData Of hoCrypt To vJson If (IsComObject(vJson)) Begin Get Create (RefClass(cComChilkatJsonObject)) To hoJson Set pvComObject Of hoJson To vJson End Set ComEmitCompact Of hoJson To False Get ComEmit Of hoJson To sTemp1 Showln sTemp1 // Here is a sample result: // See the parsing code below.. // Use this online tool to generate parsing code from sample JSON: // Generate Parsing Code from JSON // { // "pkcs7": { // "verify": { // "digestAlgorithms": [ // "sha256" // ], // "signerInfo": [ // { // "cert": { // "serialNumber": "00DCB814678CDB", // "issuerCN": "LevelBCAOK", // "issuerDN": "", // "digestAlgOid": "2.16.840.1.101.3.4.2.1", // "digestAlgName": "SHA256" // }, // "contentType": "1.2.840.113549.1.7.1", // "signingTime": "131203065741Z", // "messageDigest": "JJZt41Nt8VsYahP+Xti4rR3vBDkUfRd6gquItl6R5Os=", // "signingAlgOid": "1.2.840.113549.1.1.1", // "signingAlgName": "RSA-PKCSV-1_5", // "authAttr": { // "1.2.840.113549.1.9.3": { // "name": "contentType", // "oid": "1.2.840.113549.1.7.1" // }, // "1.2.840.113549.1.9.5": { // "name": "signingTime", // "utctime": "131203065741Z" // }, // "1.2.840.113549.1.9.4": { // "name": "messageDigest", // "digest": "JJZt41Nt8VsYahP+Xti4rR3vBDkUfRd6gquItl6R5Os=" // }, // "1.2.840.113549.1.9.16.2.47": { // "name": "signingCertificateV2", // "der": "MIGIMIGFMIGCBCBJrxOU0w0dWGsVovjLv9QDH3syB5mLVv3grSYA40x9IDBeMFOkUTBPMQswCQYDVQQGEwJGUjENMAsGA1UEChMERVRTSTEcMBoGA1UECwwTUGx1Z3Rlc3RzXzIwMTMtMjAxNDETMBEGA1UEAxMKTGV2ZWxCQ0FPSwIHANy4FGeM2w==" // } // }, // "unauthAttr": { // "1.2.840.113549.1.9.16.2.14": { // "name": "timestampToken", // "der": "MIIL+AYJKoZI...u7CfcjURNTY=", // "verify": { // "digestAlgorithms": [ // "sha256" // ], // "signerInfo": [ // { // "cert": { // "serialNumber": "01AA4592D36C61", // "issuerCN": "RootCAOK", // "issuerDN": "", // "digestAlgOid": "2.16.840.1.101.3.4.2.1", // "digestAlgName": "SHA256" // }, // "contentType": "1.2.840.113549.1.9.16.1.4", // "messageDigest": "NSsMUrfoyCQ0OszPE1YLx1j3EyyCiBmnE5Sua6ghu/Q=", // "signingAlgOid": "1.2.840.113549.1.1.1", // "signingAlgName": "RSA-PKCSV-1_5", // "authAttr": { // "1.2.840.113549.1.9.3": { // "name": "contentType", // "oid": "1.2.840.113549.1.9.16.1.4" // }, // "1.2.840.113549.1.9.4": { // "name": "messageDigest", // "digest": "NSsMUrfoyCQ0OszPE1YLx1j3EyyCiBmnE5Sua6ghu/Q=" // }, // "1.2.840.113549.1.9.16.2.47": { // "name": "signingCertificateV2", // "der": "MIGGMIGDMIGABCDB/np5UxvhcPnSxD2Kme+C88uXGCMWLAvFPHNvTApTWDBcMFGkTzBNMQswCQYDVQQGEwJGUjENMAsGA1UEChMERVRTSTEcMBoGA1UECwwTUGx1Z3Rlc3RzXzIwMTMtMjAxNDERMA8GA1UEAxMIUm9vdENBT0sCBwGqRZLTbGE=" // } // } // } // ] // }, // "timestampSignatureVerified": true, // "tstInfo": { // "tsaPolicyId": "1.3.6.1.4.1.2706.2.2.5.2.1.1.1", // "messageImprint": { // "hashAlg": "sha256", // "digest": "C8xEe9NA4X1cUyHGX9zG89ipmQ2byFs3aa+Xe4Fz2P0=", // "digestMatches": true // }, // "serialNumber": "313E162121D922", // "genTime": "20131203065742Z" // } // } // } // } // ] // } // } // } // Get Create (RefClass(cComChilkatDtObj)) To hoSigningTime If (Not(IsComObjectCreated(hoSigningTime))) Begin Send CreateComObject of hoSigningTime End Get Create (RefClass(cComChilkatDtObj)) To hoAuthAttrSigningTimeUtctime If (Not(IsComObjectCreated(hoAuthAttrSigningTimeUtctime))) Begin Send CreateComObject of hoAuthAttrSigningTimeUtctime End Get Create (RefClass(cComChilkatDtObj)) To hoUnauthAttrTimestampTokenTstInfoGenTime If (Not(IsComObjectCreated(hoUnauthAttrTimestampTokenTstInfoGenTime))) Begin Send CreateComObject of hoUnauthAttrTimestampTokenTstInfoGenTime End // Iterate over the hash algorithms used in the signature. Move 0 To i Get ComSizeOfArray Of hoJson "pkcs7.verify.digestAlgorithms" To iCount_i While (i < iCount_i) Set ComI Of hoJson To i Get ComStringOf Of hoJson "pkcs7.verify.digestAlgorithms[i]" To sStrVal Move (i + 1) To i Loop // For each signer... Move 0 To i Get ComSizeOfArray Of hoJson "pkcs7.verify.signerInfo" To iCount_i While (i < iCount_i) Set ComI Of hoJson To i // Get information about the certificate used by this signer. Get ComStringOf Of hoJson "pkcs7.verify.signerInfo[i].cert.serialNumber" To sCertSerialNumber Get ComStringOf Of hoJson "pkcs7.verify.signerInfo[i].cert.issuerCN" To sCertIssuerCN Get ComStringOf Of hoJson "pkcs7.verify.signerInfo[i].cert.issuerDN" To sCertIssuerDN Get ComStringOf Of hoJson "pkcs7.verify.signerInfo[i].cert.digestAlgOid" To sCertDigestAlgOid Get ComStringOf Of hoJson "pkcs7.verify.signerInfo[i].cert.digestAlgName" To sCertDigestAlgName // Get additional information for this signer, such as the signingTime, signature algorithm, etc. Get ComStringOf Of hoJson "pkcs7.verify.signerInfo[i].contentType" To sContentType Get pvComObject of hoSigningTime to vSigningTime Get ComDtOf Of hoJson "pkcs7.verify.signerInfo[i].signingTime" False vSigningTime To iSuccess Get ComStringOf Of hoJson "pkcs7.verify.signerInfo[i].messageDigest" To sMessageDigest Get ComStringOf Of hoJson "pkcs7.verify.signerInfo[i].signingAlgOid" To sSigningAlgOid Get ComStringOf Of hoJson "pkcs7.verify.signerInfo[i].signingAlgName" To sSigningAlgName // -------------------------------- // Examine authenticated attributes. // -------------------------------- // contentType Get ComHasMember Of hoJson 'pkcs7.verify.signerInfo[i].authAttr."1.2.840.113549.1.9.3"' To bTemp1 If (bTemp1 = True) Begin Get ComStringOf Of hoJson 'pkcs7.verify.signerInfo[i].authAttr."1.2.840.113549.1.9.3".name' To sAuthAttrContentTypeName Get ComStringOf Of hoJson 'pkcs7.verify.signerInfo[i].authAttr."1.2.840.113549.1.9.3".oid' To sAuthAttrContentTypeOid End // signingTime Get ComHasMember Of hoJson 'pkcs7.verify.signerInfo[i].authAttr."1.2.840.113549.1.9.5"' To bTemp1 If (bTemp1 = True) Begin Get ComStringOf Of hoJson 'pkcs7.verify.signerInfo[i].authAttr."1.2.840.113549.1.9.5".name' To sAuthAttrSigningTimeName Get pvComObject of hoAuthAttrSigningTimeUtctime to vAuthAttrSigningTimeUtctime Get ComDtOf Of hoJson 'pkcs7.verify.signerInfo[i].authAttr."1.2.840.113549.1.9.5".utctime' False vAuthAttrSigningTimeUtctime To iSuccess End // messageDigest Get ComHasMember Of hoJson 'pkcs7.verify.signerInfo[i].authAttr."1.2.840.113549.1.9.4"' To bTemp1 If (bTemp1 = True) Begin Get ComStringOf Of hoJson 'pkcs7.verify.signerInfo[i].authAttr."1.2.840.113549.1.9.4".name' To sAuthAttrMessageDigestName Get ComStringOf Of hoJson 'pkcs7.verify.signerInfo[i].authAttr."1.2.840.113549.1.9.4".digest' To sAuthAttrMessageDigestDigest End // signingCertificateV2 Get ComHasMember Of hoJson 'pkcs7.verify.signerInfo[i].authAttr."1.2.840.113549.1.9.16.2.47"' To bTemp1 If (bTemp1 = True) Begin Get ComStringOf Of hoJson 'pkcs7.verify.signerInfo[i].authAttr."1.2.840.113549.1.9.16.2.47".name' To sAuthAttrSigningCertificateV2Name Get ComStringOf Of hoJson 'pkcs7.verify.signerInfo[i].authAttr."1.2.840.113549.1.9.16.2.47".der' To sAuthAttrSigningCertificateV2Der End // -------------------------------- // Examine unauthenticated attributes. // -------------------------------- // timestampToken (the timestampToken is what makes this signature a CAdES-T) Get ComHasMember Of hoJson 'pkcs7.verify.signerInfo[i].unauthAttr."1.2.840.113549.1.9.16.2.14"' To bTemp1 If (bTemp1 = True) Begin Get ComStringOf Of hoJson 'pkcs7.verify.signerInfo[i].unauthAttr."1.2.840.113549.1.9.16.2.14".name' To sUnauthAttrTimestampTokenName Get ComStringOf Of hoJson 'pkcs7.verify.signerInfo[i].unauthAttr."1.2.840.113549.1.9.16.2.14".der' To sUnauthAttrTimestampTokenDer // This is where we find out if the timestampToken's signature is valid. Get ComBoolOf Of hoJson 'pkcs7.verify.signerInfo[i].unauthAttr."1.2.840.113549.1.9.16.2.14".timestampSignatureVerified' To iUnauthAttrTimestampTokenTimestampSignatureVerified Get ComStringOf Of hoJson 'pkcs7.verify.signerInfo[i].unauthAttr."1.2.840.113549.1.9.16.2.14".tstInfo.tsaPolicyId' To sUnauthAttrTimestampTokenTstInfoTsaPolicyId Get ComStringOf Of hoJson 'pkcs7.verify.signerInfo[i].unauthAttr."1.2.840.113549.1.9.16.2.14".tstInfo.messageImprint.hashAlg' To sUnauthAttrTimestampTokenTstInfoMessageImprintHashAlg Get ComStringOf Of hoJson 'pkcs7.verify.signerInfo[i].unauthAttr."1.2.840.113549.1.9.16.2.14".tstInfo.messageImprint.digest' To sUnauthAttrTimestampTokenTstInfoMessageImprintDigest // Here is where we check to see if the digest in the timestampToken's messageImprint matches the digest of the signature of this signerInfo Get ComBoolOf Of hoJson 'pkcs7.verify.signerInfo[i].unauthAttr."1.2.840.113549.1.9.16.2.14".tstInfo.messageImprint.digestMatches' To iUnauthAttrTimestampTokenTstInfoMessageImprintDigestMatches Get ComStringOf Of hoJson 'pkcs7.verify.signerInfo[i].unauthAttr."1.2.840.113549.1.9.16.2.14".tstInfo.serialNumber' To sUnauthAttrTimestampTokenTstInfoSerialNumber // Here is where we get the date/time of the timestampToken (i.e. when it was timestamped) Get pvComObject of hoUnauthAttrTimestampTokenTstInfoGenTime to vUnauthAttrTimestampTokenTstInfoGenTime Get ComDtOf Of hoJson 'pkcs7.verify.signerInfo[i].unauthAttr."1.2.840.113549.1.9.16.2.14".tstInfo.genTime' False vUnauthAttrTimestampTokenTstInfoGenTime To iSuccess // The following code gets details about the validity of the timestampToken's signature... Move 0 To j Get ComSizeOfArray Of hoJson 'pkcs7.verify.signerInfo[i].unauthAttr."1.2.840.113549.1.9.16.2.14".verify.digestAlgorithms' To iCount_j While (j < iCount_j) Set ComJ Of hoJson To j Get ComStringOf Of hoJson 'pkcs7.verify.signerInfo[i].unauthAttr."1.2.840.113549.1.9.16.2.14".verify.digestAlgorithms[j]' To sStrVal Move (j + 1) To j Loop Move 0 To j Get ComSizeOfArray Of hoJson 'pkcs7.verify.signerInfo[i].unauthAttr."1.2.840.113549.1.9.16.2.14".verify.signerInfo' To iCount_j While (j < iCount_j) Set ComJ Of hoJson To j Get ComStringOf Of hoJson 'pkcs7.verify.signerInfo[i].unauthAttr."1.2.840.113549.1.9.16.2.14".verify.signerInfo[j].cert.serialNumber' To sCertSerialNumber Get ComStringOf Of hoJson 'pkcs7.verify.signerInfo[i].unauthAttr."1.2.840.113549.1.9.16.2.14".verify.signerInfo[j].cert.issuerCN' To sCertIssuerCN Get ComStringOf Of hoJson 'pkcs7.verify.signerInfo[i].unauthAttr."1.2.840.113549.1.9.16.2.14".verify.signerInfo[j].cert.issuerDN' To sCertIssuerDN Get ComStringOf Of hoJson 'pkcs7.verify.signerInfo[i].unauthAttr."1.2.840.113549.1.9.16.2.14".verify.signerInfo[j].cert.digestAlgOid' To sCertDigestAlgOid Get ComStringOf Of hoJson 'pkcs7.verify.signerInfo[i].unauthAttr."1.2.840.113549.1.9.16.2.14".verify.signerInfo[j].cert.digestAlgName' To sCertDigestAlgName Get ComStringOf Of hoJson 'pkcs7.verify.signerInfo[i].unauthAttr."1.2.840.113549.1.9.16.2.14".verify.signerInfo[j].contentType' To sContentType Get ComStringOf Of hoJson 'pkcs7.verify.signerInfo[i].unauthAttr."1.2.840.113549.1.9.16.2.14".verify.signerInfo[j].messageDigest' To sMessageDigest Get ComStringOf Of hoJson 'pkcs7.verify.signerInfo[i].unauthAttr."1.2.840.113549.1.9.16.2.14".verify.signerInfo[j].signingAlgOid' To sSigningAlgOid Get ComStringOf Of hoJson 'pkcs7.verify.signerInfo[i].unauthAttr."1.2.840.113549.1.9.16.2.14".verify.signerInfo[j].signingAlgName' To sSigningAlgName Get ComStringOf Of hoJson 'pkcs7.verify.signerInfo[i].unauthAttr."1.2.840.113549.1.9.16.2.14".verify.signerInfo[j].authAttr."1.2.840.113549.1.9.3".name' To sAuthAttrContentTypeName Get ComStringOf Of hoJson 'pkcs7.verify.signerInfo[i].unauthAttr."1.2.840.113549.1.9.16.2.14".verify.signerInfo[j].authAttr."1.2.840.113549.1.9.3".oid' To sAuthAttrContentTypeOid Get ComStringOf Of hoJson 'pkcs7.verify.signerInfo[i].unauthAttr."1.2.840.113549.1.9.16.2.14".verify.signerInfo[j].authAttr."1.2.840.113549.1.9.4".name' To sAuthAttrMessageDigestName Get ComStringOf Of hoJson 'pkcs7.verify.signerInfo[i].unauthAttr."1.2.840.113549.1.9.16.2.14".verify.signerInfo[j].authAttr."1.2.840.113549.1.9.4".digest' To sAuthAttrMessageDigestDigest Get ComStringOf Of hoJson 'pkcs7.verify.signerInfo[i].unauthAttr."1.2.840.113549.1.9.16.2.14".verify.signerInfo[j].authAttr."1.2.840.113549.1.9.16.2.47".name' To sAuthAttrSigningCertificateV2Name Get ComStringOf Of hoJson 'pkcs7.verify.signerInfo[i].unauthAttr."1.2.840.113549.1.9.16.2.14".verify.signerInfo[j].authAttr."1.2.840.113549.1.9.16.2.47".der' To sAuthAttrSigningCertificateV2Der Move (j + 1) To j Loop End Move (i + 1) To i Loop If (iSuccess <> True) Begin Get ComLastErrorText Of hoCrypt To sTemp1 Showln sTemp1 Showln "CAdES-T verification failed." End Else Begin Showln "CAdES-T signature is valid." End Send Destroy of hoJson End_Procedure |
||||
© 2000-2024 Chilkat Software, Inc. All Rights Reserved.