(DataFlex) Verify a CAdES-BES Signature and Examine Signature Contents

Demonstrates how to validate a .p7m (.p7s) signature and examine the contents of the signature.

Chilkat ActiveX Downloads ActiveX for 32-bit and 64-bit Windows

Use ChilkatAx-win32.pkg

Procedure Test
    Handle hoCrypt
    String sOutputFile
    String sInFile
    Boolean iSuccess
    Variant vJson
    Handle hoJson
    Variant vAuthAttrSigningTimeUtctime
    Handle hoAuthAttrSigningTimeUtctime
    String sIssuerCN
    String sSerial
    String sStrVal
    String sCertSubjectKeyIdentifier
    String sCertDigestAlgOid
    String sCertDigestAlgName
    String sSigningAlgOid
    String sSigningAlgName
    String sAuthAttrContentTypeName
    String sAuthAttrContentTypeOid
    String sAuthAttrSigningTimeName
    String sAuthAttrMessageDigestName
    String sAuthAttrMessageDigestDigest
    String sAuthAttrSigningCertificateV2Name
    String sAuthAttrSigningCertificateV2Der
    Integer i
    Integer iCount_i
    String sTemp1
    Boolean bTemp1

    // This example requires the Chilkat API to have been previously unlocked.
    // See Global Unlock Sample for sample code.

    Get Create (RefClass(cComChilkatCrypt2)) To hoCrypt
    If (Not(IsComObjectCreated(hoCrypt))) Begin
        Send CreateComObject of hoCrypt
    End

    Move "qa_output/original.xml" To sOutputFile
    Move "qa_data/p7m/fattura_signature.xml.p7m" To sInFile

    // Verify the signature and extract the contained file, which in this case is XML.
    Get ComVerifyP7M Of hoCrypt sInFile sOutputFile To iSuccess
    If (iSuccess = False) Begin
        Get ComLastErrorText Of hoCrypt To sTemp1
        Showln sTemp1
        Procedure_Return
    End

    Showln "Signature validated."

    // Now let's examine the information about the signature.
    Get ComLastJsonData Of hoCrypt To vJson
    If (IsComObject(vJson)) Begin
        Get Create (RefClass(cComChilkatJsonObject)) To hoJson
        Set pvComObject Of hoJson To vJson
    End
    Get ComLastMethodSuccess Of hoCrypt To bTemp1
    If (bTemp1 = False) Begin
        // This should never be the case...
        Showln "No information available."
        Procedure_Return
    End

    Set ComEmitCompact Of hoJson To False
    Get ComEmit Of hoJson To sTemp1
    Showln sTemp1

    // Here's an example of the information about the signature:
    // {
    //   "pkcs7": {
    //     "verify": {
    //       "certs": [
    //         {
    //           "issuerCN": "Xyz EU Qualified Certificates CA G1",
    //           "serial": "99A28A51AC389999"
    //         }
    //       ],
    //       "useConstructedOctets": true,
    //       "digestAlgorithms": [
    //         "sha256"
    //       ],
    //       "signerInfo": [
    //         {
    //           "cert": {
    //             "subjectKeyIdentifier": "5VM4x8AWnXf07yzbXuLtbb0U3yY=",
    //             "digestAlgOid": "2.16.840.1.101.3.4.2.1",
    //             "digestAlgName": "SHA256"
    //           },
    //           "signingAlgOid": "1.2.840.113549.1.1.11",
    //           "signingAlgName": "RSA-SHA256-PKCSV-1_5",
    //           "authAttr": {
    //             "1.2.840.113549.1.9.3": {
    //               "name": "contentType",
    //               "oid": "1.2.840.113549.1.7.1"
    //             },
    //             "1.2.840.113549.1.9.5": {
    //               "name": "signingTime",
    //               "utctime": "190901152340Z"
    //             },
    //             "1.2.840.113549.1.9.4": {
    //               "name": "messageDigest",
    //               "digest": "y+gd/zAQK33A//HInhaZba7w1fUJleV9AHbP1Ntx6U0="
    //             },
    //             "1.2.840.113549.1.9.16.2.47": {
    //               "name": "signingCertificateV2",
    //               "der": "MIH4MI..w4vv0="
    //             }
    //           }
    //         }
    //       ]
    //     }
    //   }
    // }

    // Use this online tool to generate parsing code from sample JSON: 
    // Generate Parsing Code from JSON

    Get Create (RefClass(cComChilkatDtObj)) To hoAuthAttrSigningTimeUtctime
    If (Not(IsComObjectCreated(hoAuthAttrSigningTimeUtctime))) Begin
        Send CreateComObject of hoAuthAttrSigningTimeUtctime
    End

    Move 0 To i
    Get ComSizeOfArray Of hoJson "pkcs7.verify.certs" To iCount_i
    While (i < iCount_i)
        Set ComI Of hoJson To i
        Get ComStringOf Of hoJson "pkcs7.verify.certs[i].issuerCN" To sIssuerCN
        Get ComStringOf Of hoJson "pkcs7.verify.certs[i].serial" To sSerial
        Move (i + 1) To i
    Loop

    Move 0 To i
    Get ComSizeOfArray Of hoJson "pkcs7.verify.digestAlgorithms" To iCount_i
    While (i < iCount_i)
        Set ComI Of hoJson To i
        Get ComStringOf Of hoJson "pkcs7.verify.digestAlgorithms[i]" To sStrVal
        Move (i + 1) To i
    Loop

    Move 0 To i
    Get ComSizeOfArray Of hoJson "pkcs7.verify.signerInfo" To iCount_i
    While (i < iCount_i)
        Set ComI Of hoJson To i
        Get ComStringOf Of hoJson "pkcs7.verify.signerInfo[i].cert.subjectKeyIdentifier" To sCertSubjectKeyIdentifier
        Get ComStringOf Of hoJson "pkcs7.verify.signerInfo[i].cert.digestAlgOid" To sCertDigestAlgOid
        Get ComStringOf Of hoJson "pkcs7.verify.signerInfo[i].cert.digestAlgName" To sCertDigestAlgName
        Get ComStringOf Of hoJson "pkcs7.verify.signerInfo[i].signingAlgOid" To sSigningAlgOid
        Get ComStringOf Of hoJson "pkcs7.verify.signerInfo[i].signingAlgName" To sSigningAlgName
        Get ComStringOf Of hoJson 'pkcs7.verify.signerInfo[i].authAttr."1.2.840.113549.1.9.3".name' To sAuthAttrContentTypeName
        Get ComStringOf Of hoJson 'pkcs7.verify.signerInfo[i].authAttr."1.2.840.113549.1.9.3".oid' To sAuthAttrContentTypeOid
        Get ComStringOf Of hoJson 'pkcs7.verify.signerInfo[i].authAttr."1.2.840.113549.1.9.5".name' To sAuthAttrSigningTimeName
        Get pvComObject of hoAuthAttrSigningTimeUtctime to vAuthAttrSigningTimeUtctime
        Get ComDtOf Of hoJson 'pkcs7.verify.signerInfo[i].authAttr."1.2.840.113549.1.9.5".utctime' False vAuthAttrSigningTimeUtctime To iSuccess
        Get ComStringOf Of hoJson 'pkcs7.verify.signerInfo[i].authAttr."1.2.840.113549.1.9.4".name' To sAuthAttrMessageDigestName
        Get ComStringOf Of hoJson 'pkcs7.verify.signerInfo[i].authAttr."1.2.840.113549.1.9.4".digest' To sAuthAttrMessageDigestDigest
        Get ComStringOf Of hoJson 'pkcs7.verify.signerInfo[i].authAttr."1.2.840.113549.1.9.16.2.47".name' To sAuthAttrSigningCertificateV2Name
        Get ComStringOf Of hoJson 'pkcs7.verify.signerInfo[i].authAttr."1.2.840.113549.1.9.16.2.47".der' To sAuthAttrSigningCertificateV2Der
        Move (i + 1) To i
    Loop

    Send Destroy of hoJson


End_Procedure