(Visual FoxPro) Verify a CAdES-BES Signature and Examine Signature Contents

Demonstrates how to validate a .p7m (.p7s) signature and examine the contents of the signature.

Chilkat ActiveX Downloads ActiveX for 32-bit and 64-bit Windows

LOCAL loCrypt
LOCAL lcOutputFile
LOCAL lcInFile
LOCAL lnSuccess
LOCAL loJson
LOCAL loAuthAttrSigningTimeUtctime
LOCAL lcIssuerCN
LOCAL lcSerial
LOCAL lcStrVal
LOCAL lcCertSubjectKeyIdentifier
LOCAL lcCertDigestAlgOid
LOCAL lcCertDigestAlgName
LOCAL lcSigningAlgOid
LOCAL lcSigningAlgName
LOCAL lcAuthAttrContentTypeName
LOCAL lcAuthAttrContentTypeOid
LOCAL lcAuthAttrSigningTimeName
LOCAL lcAuthAttrMessageDigestName
LOCAL lcAuthAttrMessageDigestDigest
LOCAL lcAuthAttrSigningCertificateV2Name
LOCAL lcAuthAttrSigningCertificateV2Der
LOCAL i
LOCAL lnCount_i

* This example requires the Chilkat API to have been previously unlocked.
* See Global Unlock Sample for sample code.

* For versions of Chilkat < 10.0.0, use CreateObject('Chilkat_9_5_0.Crypt2')
loCrypt = CreateObject('Chilkat.Crypt2')

lcOutputFile = "qa_output/original.xml"
lcInFile = "qa_data/p7m/fattura_signature.xml.p7m"

* Verify the signature and extract the contained file, which in this case is XML.
lnSuccess = loCrypt.VerifyP7M(lcInFile,lcOutputFile)
IF (lnSuccess = 0) THEN
    ? loCrypt.LastErrorText
    RELEASE loCrypt
    CANCEL
ENDIF

? "Signature validated."

* Now let's examine the information about the signature.
loJson = loCrypt.LastJsonData()
IF (loCrypt.LastMethodSuccess = 0) THEN
    * This should never be the case...
    ? "No information available."
    RELEASE loCrypt
    CANCEL
ENDIF

loJson.EmitCompact = 0
? loJson.Emit()

* Here's an example of the information about the signature:
* {
*   "pkcs7": {
*     "verify": {
*       "certs": [
*         {
*           "issuerCN": "Xyz EU Qualified Certificates CA G1",
*           "serial": "99A28A51AC389999"
*         }
*       ],
*       "useConstructedOctets": true,
*       "digestAlgorithms": [
*         "sha256"
*       ],
*       "signerInfo": [
*         {
*           "cert": {
*             "subjectKeyIdentifier": "5VM4x8AWnXf07yzbXuLtbb0U3yY=",
*             "digestAlgOid": "2.16.840.1.101.3.4.2.1",
*             "digestAlgName": "SHA256"
*           },
*           "signingAlgOid": "1.2.840.113549.1.1.11",
*           "signingAlgName": "RSA-SHA256-PKCSV-1_5",
*           "authAttr": {
*             "1.2.840.113549.1.9.3": {
*               "name": "contentType",
*               "oid": "1.2.840.113549.1.7.1"
*             },
*             "1.2.840.113549.1.9.5": {
*               "name": "signingTime",
*               "utctime": "190901152340Z"
*             },
*             "1.2.840.113549.1.9.4": {
*               "name": "messageDigest",
*               "digest": "y+gd/zAQK33A//HInhaZba7w1fUJleV9AHbP1Ntx6U0="
*             },
*             "1.2.840.113549.1.9.16.2.47": {
*               "name": "signingCertificateV2",
*               "der": "MIH4MI..w4vv0="
*             }
*           }
*         }
*       ]
*     }
*   }
* }

* Use this online tool to generate parsing code from sample JSON: 
* Generate Parsing Code from JSON

* For versions of Chilkat < 10.0.0, use CreateObject('Chilkat_9_5_0.DtObj')
loAuthAttrSigningTimeUtctime = CreateObject('Chilkat.DtObj')

i = 0
lnCount_i = loJson.SizeOfArray("pkcs7.verify.certs")
DO WHILE i < lnCount_i
    loJson.I = i
    lcIssuerCN = loJson.StringOf("pkcs7.verify.certs[i].issuerCN")
    lcSerial = loJson.StringOf("pkcs7.verify.certs[i].serial")
    i = i + 1
ENDDO
i = 0
lnCount_i = loJson.SizeOfArray("pkcs7.verify.digestAlgorithms")
DO WHILE i < lnCount_i
    loJson.I = i
    lcStrVal = loJson.StringOf("pkcs7.verify.digestAlgorithms[i]")
    i = i + 1
ENDDO
i = 0
lnCount_i = loJson.SizeOfArray("pkcs7.verify.signerInfo")
DO WHILE i < lnCount_i
    loJson.I = i
    lcCertSubjectKeyIdentifier = loJson.StringOf("pkcs7.verify.signerInfo[i].cert.subjectKeyIdentifier")
    lcCertDigestAlgOid = loJson.StringOf("pkcs7.verify.signerInfo[i].cert.digestAlgOid")
    lcCertDigestAlgName = loJson.StringOf("pkcs7.verify.signerInfo[i].cert.digestAlgName")
    lcSigningAlgOid = loJson.StringOf("pkcs7.verify.signerInfo[i].signingAlgOid")
    lcSigningAlgName = loJson.StringOf("pkcs7.verify.signerInfo[i].signingAlgName")
    lcAuthAttrContentTypeName = loJson.StringOf('pkcs7.verify.signerInfo[i].authAttr."1.2.840.113549.1.9.3".name')
    lcAuthAttrContentTypeOid = loJson.StringOf('pkcs7.verify.signerInfo[i].authAttr."1.2.840.113549.1.9.3".oid')
    lcAuthAttrSigningTimeName = loJson.StringOf('pkcs7.verify.signerInfo[i].authAttr."1.2.840.113549.1.9.5".name')
    loJson.DtOf('pkcs7.verify.signerInfo[i].authAttr."1.2.840.113549.1.9.5".utctime',0,loAuthAttrSigningTimeUtctime)
    lcAuthAttrMessageDigestName = loJson.StringOf('pkcs7.verify.signerInfo[i].authAttr."1.2.840.113549.1.9.4".name')
    lcAuthAttrMessageDigestDigest = loJson.StringOf('pkcs7.verify.signerInfo[i].authAttr."1.2.840.113549.1.9.4".digest')
    lcAuthAttrSigningCertificateV2Name = loJson.StringOf('pkcs7.verify.signerInfo[i].authAttr."1.2.840.113549.1.9.16.2.47".name')
    lcAuthAttrSigningCertificateV2Der = loJson.StringOf('pkcs7.verify.signerInfo[i].authAttr."1.2.840.113549.1.9.16.2.47".der')
    i = i + 1
ENDDO

RELEASE loJson

RELEASE loCrypt
RELEASE loAuthAttrSigningTimeUtctime