(Delphi DLL) Verify a CAdES-BES Signature and Examine Signature Contents

Demonstrates how to validate a .p7m (.p7s) signature and examine the contents of the signature.

Chilkat for Delphi Downloads Chilkat non-ActiveX DLL for Delphi Chilkat ActiveX DLL for Delphi * The examples here use the non-ActiveX DLL.

uses
    Winapi.Windows, Winapi.Messages, System.SysUtils, System.Variants, System.Classes, Vcl.Graphics,
    Vcl.Controls, Vcl.Forms, Vcl.Dialogs, Vcl.StdCtrls, DtObj, JsonObject, Crypt2;

...

procedure TForm1.Button1Click(Sender: TObject);
var
crypt: HCkCrypt2;
outputFile: PWideChar;
inFile: PWideChar;
success: Boolean;
json: HCkJsonObject;
authAttrSigningTimeUtctime: HCkDtObj;
issuerCN: PWideChar;
serial: PWideChar;
strVal: PWideChar;
certSubjectKeyIdentifier: PWideChar;
certDigestAlgOid: PWideChar;
certDigestAlgName: PWideChar;
signingAlgOid: PWideChar;
signingAlgName: PWideChar;
authAttrContentTypeName: PWideChar;
authAttrContentTypeOid: PWideChar;
authAttrSigningTimeName: PWideChar;
authAttrMessageDigestName: PWideChar;
authAttrMessageDigestDigest: PWideChar;
authAttrSigningCertificateV2Name: PWideChar;
authAttrSigningCertificateV2Der: PWideChar;
i: Integer;
count_i: Integer;

begin
// This example requires the Chilkat API to have been previously unlocked.
// See Global Unlock Sample for sample code.

crypt := CkCrypt2_Create();

outputFile := 'qa_output/original.xml';
inFile := 'qa_data/p7m/fattura_signature.xml.p7m';

// Verify the signature and extract the contained file, which in this case is XML.
success := CkCrypt2_VerifyP7M(crypt,inFile,outputFile);
if (success = False) then
  begin
    Memo1.Lines.Add(CkCrypt2__lastErrorText(crypt));
    Exit;
  end;

Memo1.Lines.Add('Signature validated.');

// Now let's examine the information about the signature.
json := CkCrypt2_LastJsonData(crypt);
if (CkCrypt2_getLastMethodSuccess(crypt) = False) then
  begin
    // This should never be the case...
    Memo1.Lines.Add('No information available.');
    Exit;
  end;

CkJsonObject_putEmitCompact(json,False);
Memo1.Lines.Add(CkJsonObject__emit(json));

// Here's an example of the information about the signature:
// {
//   "pkcs7": {
//     "verify": {
//       "certs": [
//         {
//           "issuerCN": "Xyz EU Qualified Certificates CA G1",
//           "serial": "99A28A51AC389999"
//         }
//       ],
//       "useConstructedOctets": true,
//       "digestAlgorithms": [
//         "sha256"
//       ],
//       "signerInfo": [
//         {
//           "cert": {
//             "subjectKeyIdentifier": "5VM4x8AWnXf07yzbXuLtbb0U3yY=",
//             "digestAlgOid": "2.16.840.1.101.3.4.2.1",
//             "digestAlgName": "SHA256"
//           },
//           "signingAlgOid": "1.2.840.113549.1.1.11",
//           "signingAlgName": "RSA-SHA256-PKCSV-1_5",
//           "authAttr": {
//             "1.2.840.113549.1.9.3": {
//               "name": "contentType",
//               "oid": "1.2.840.113549.1.7.1"
//             },
//             "1.2.840.113549.1.9.5": {
//               "name": "signingTime",
//               "utctime": "190901152340Z"
//             },
//             "1.2.840.113549.1.9.4": {
//               "name": "messageDigest",
//               "digest": "y+gd/zAQK33A//HInhaZba7w1fUJleV9AHbP1Ntx6U0="
//             },
//             "1.2.840.113549.1.9.16.2.47": {
//               "name": "signingCertificateV2",
//               "der": "MIH4MI..w4vv0="
//             }
//           }
//         }
//       ]
//     }
//   }
// }

// Use this online tool to generate parsing code from sample JSON: 
// Generate Parsing Code from JSON

authAttrSigningTimeUtctime := CkDtObj_Create();

i := 0;
count_i := CkJsonObject_SizeOfArray(json,'pkcs7.verify.certs');
while i < count_i do
  begin
    CkJsonObject_putI(json,i);
    issuerCN := CkJsonObject__stringOf(json,'pkcs7.verify.certs[i].issuerCN');
    serial := CkJsonObject__stringOf(json,'pkcs7.verify.certs[i].serial');
    i := i + 1;
  end;

i := 0;
count_i := CkJsonObject_SizeOfArray(json,'pkcs7.verify.digestAlgorithms');
while i < count_i do
  begin
    CkJsonObject_putI(json,i);
    strVal := CkJsonObject__stringOf(json,'pkcs7.verify.digestAlgorithms[i]');
    i := i + 1;
  end;

i := 0;
count_i := CkJsonObject_SizeOfArray(json,'pkcs7.verify.signerInfo');
while i < count_i do
  begin
    CkJsonObject_putI(json,i);
    certSubjectKeyIdentifier := CkJsonObject__stringOf(json,'pkcs7.verify.signerInfo[i].cert.subjectKeyIdentifier');
    certDigestAlgOid := CkJsonObject__stringOf(json,'pkcs7.verify.signerInfo[i].cert.digestAlgOid');
    certDigestAlgName := CkJsonObject__stringOf(json,'pkcs7.verify.signerInfo[i].cert.digestAlgName');
    signingAlgOid := CkJsonObject__stringOf(json,'pkcs7.verify.signerInfo[i].signingAlgOid');
    signingAlgName := CkJsonObject__stringOf(json,'pkcs7.verify.signerInfo[i].signingAlgName');
    authAttrContentTypeName := CkJsonObject__stringOf(json,'pkcs7.verify.signerInfo[i].authAttr."1.2.840.113549.1.9.3".name');
    authAttrContentTypeOid := CkJsonObject__stringOf(json,'pkcs7.verify.signerInfo[i].authAttr."1.2.840.113549.1.9.3".oid');
    authAttrSigningTimeName := CkJsonObject__stringOf(json,'pkcs7.verify.signerInfo[i].authAttr."1.2.840.113549.1.9.5".name');
    CkJsonObject_DtOf(json,'pkcs7.verify.signerInfo[i].authAttr."1.2.840.113549.1.9.5".utctime',False,authAttrSigningTimeUtctime);
    authAttrMessageDigestName := CkJsonObject__stringOf(json,'pkcs7.verify.signerInfo[i].authAttr."1.2.840.113549.1.9.4".name');
    authAttrMessageDigestDigest := CkJsonObject__stringOf(json,'pkcs7.verify.signerInfo[i].authAttr."1.2.840.113549.1.9.4".digest');
    authAttrSigningCertificateV2Name := CkJsonObject__stringOf(json,'pkcs7.verify.signerInfo[i].authAttr."1.2.840.113549.1.9.16.2.47".name');
    authAttrSigningCertificateV2Der := CkJsonObject__stringOf(json,'pkcs7.verify.signerInfo[i].authAttr."1.2.840.113549.1.9.16.2.47".der');
    i := i + 1;
  end;

CkJsonObject_Dispose(json);

CkCrypt2_Dispose(crypt);
CkDtObj_Dispose(authAttrSigningTimeUtctime);

end;