(Delphi ActiveX) Verify a CAdES-BES Signature and Examine Signature Contents

Demonstrates how to validate a .p7m (.p7s) signature and examine the contents of the signature.

Chilkat for Delphi Downloads Chilkat ActiveX DLL for Delphi Chilkat non-ActiveX DLL for Delphi * The examples here use the ActiveX DLL.

uses
    Winapi.Windows, Winapi.Messages, System.SysUtils, System.Variants, System.Classes, Vcl.Graphics,
    Vcl.Controls, Vcl.Forms, Vcl.Dialogs, Vcl.StdCtrls, Chilkat_TLB;

...

procedure TForm1.Button1Click(Sender: TObject);
var
crypt: TChilkatCrypt2;
outputFile: WideString;
inFile: WideString;
success: Integer;
json: IChilkatJsonObject;
authAttrSigningTimeUtctime: TDtObj;
issuerCN: WideString;
serial: WideString;
strVal: WideString;
certSubjectKeyIdentifier: WideString;
certDigestAlgOid: WideString;
certDigestAlgName: WideString;
signingAlgOid: WideString;
signingAlgName: WideString;
authAttrContentTypeName: WideString;
authAttrContentTypeOid: WideString;
authAttrSigningTimeName: WideString;
authAttrMessageDigestName: WideString;
authAttrMessageDigestDigest: WideString;
authAttrSigningCertificateV2Name: WideString;
authAttrSigningCertificateV2Der: WideString;
i: Integer;
count_i: Integer;

begin
// This example requires the Chilkat API to have been previously unlocked.
// See Global Unlock Sample for sample code.

crypt := TChilkatCrypt2.Create(Self);

outputFile := 'qa_output/original.xml';
inFile := 'qa_data/p7m/fattura_signature.xml.p7m';

// Verify the signature and extract the contained file, which in this case is XML.
success := crypt.VerifyP7M(inFile,outputFile);
if (success = 0) then
  begin
    Memo1.Lines.Add(crypt.LastErrorText);
    Exit;
  end;

Memo1.Lines.Add('Signature validated.');

// Now let's examine the information about the signature.
json := crypt.LastJsonData();
if (crypt.LastMethodSuccess = 0) then
  begin
    // This should never be the case...
    Memo1.Lines.Add('No information available.');
    Exit;
  end;

json.EmitCompact := 0;
Memo1.Lines.Add(json.Emit());

// Here's an example of the information about the signature:
// {
//   "pkcs7": {
//     "verify": {
//       "certs": [
//         {
//           "issuerCN": "Xyz EU Qualified Certificates CA G1",
//           "serial": "99A28A51AC389999"
//         }
//       ],
//       "useConstructedOctets": true,
//       "digestAlgorithms": [
//         "sha256"
//       ],
//       "signerInfo": [
//         {
//           "cert": {
//             "subjectKeyIdentifier": "5VM4x8AWnXf07yzbXuLtbb0U3yY=",
//             "digestAlgOid": "2.16.840.1.101.3.4.2.1",
//             "digestAlgName": "SHA256"
//           },
//           "signingAlgOid": "1.2.840.113549.1.1.11",
//           "signingAlgName": "RSA-SHA256-PKCSV-1_5",
//           "authAttr": {
//             "1.2.840.113549.1.9.3": {
//               "name": "contentType",
//               "oid": "1.2.840.113549.1.7.1"
//             },
//             "1.2.840.113549.1.9.5": {
//               "name": "signingTime",
//               "utctime": "190901152340Z"
//             },
//             "1.2.840.113549.1.9.4": {
//               "name": "messageDigest",
//               "digest": "y+gd/zAQK33A//HInhaZba7w1fUJleV9AHbP1Ntx6U0="
//             },
//             "1.2.840.113549.1.9.16.2.47": {
//               "name": "signingCertificateV2",
//               "der": "MIH4MI..w4vv0="
//             }
//           }
//         }
//       ]
//     }
//   }
// }

// Use this online tool to generate parsing code from sample JSON: 
// Generate Parsing Code from JSON

authAttrSigningTimeUtctime := TDtObj.Create(Self);

i := 0;
count_i := json.SizeOfArray('pkcs7.verify.certs');
while i < count_i do
  begin
    json.I := i;
    issuerCN := json.StringOf('pkcs7.verify.certs[i].issuerCN');
    serial := json.StringOf('pkcs7.verify.certs[i].serial');
    i := i + 1;
  end;

i := 0;
count_i := json.SizeOfArray('pkcs7.verify.digestAlgorithms');
while i < count_i do
  begin
    json.I := i;
    strVal := json.StringOf('pkcs7.verify.digestAlgorithms[i]');
    i := i + 1;
  end;

i := 0;
count_i := json.SizeOfArray('pkcs7.verify.signerInfo');
while i < count_i do
  begin
    json.I := i;
    certSubjectKeyIdentifier := json.StringOf('pkcs7.verify.signerInfo[i].cert.subjectKeyIdentifier');
    certDigestAlgOid := json.StringOf('pkcs7.verify.signerInfo[i].cert.digestAlgOid');
    certDigestAlgName := json.StringOf('pkcs7.verify.signerInfo[i].cert.digestAlgName');
    signingAlgOid := json.StringOf('pkcs7.verify.signerInfo[i].signingAlgOid');
    signingAlgName := json.StringOf('pkcs7.verify.signerInfo[i].signingAlgName');
    authAttrContentTypeName := json.StringOf('pkcs7.verify.signerInfo[i].authAttr."1.2.840.113549.1.9.3".name');
    authAttrContentTypeOid := json.StringOf('pkcs7.verify.signerInfo[i].authAttr."1.2.840.113549.1.9.3".oid');
    authAttrSigningTimeName := json.StringOf('pkcs7.verify.signerInfo[i].authAttr."1.2.840.113549.1.9.5".name');
    json.DtOf('pkcs7.verify.signerInfo[i].authAttr."1.2.840.113549.1.9.5".utctime',0,authAttrSigningTimeUtctime.ControlInterface);
    authAttrMessageDigestName := json.StringOf('pkcs7.verify.signerInfo[i].authAttr."1.2.840.113549.1.9.4".name');
    authAttrMessageDigestDigest := json.StringOf('pkcs7.verify.signerInfo[i].authAttr."1.2.840.113549.1.9.4".digest');
    authAttrSigningCertificateV2Name := json.StringOf('pkcs7.verify.signerInfo[i].authAttr."1.2.840.113549.1.9.16.2.47".name');
    authAttrSigningCertificateV2Der := json.StringOf('pkcs7.verify.signerInfo[i].authAttr."1.2.840.113549.1.9.16.2.47".der');
    i := i + 1;
  end;
end;