SQL Server
SQL Server
Verify Opaque Signature and Retrieve Signing Certificates
See more Digital Signatures Examples
Demonstrates how to verify a PCKS7 opaque digital signature (signed data), extract the original file/data, and then extract the certificate(s) that were used to sign.Chilkat SQL Server Downloads
-- Important: See this note about string length limitations for strings returned by sp_OAMethod calls.
--
CREATE PROCEDURE ChilkatSample
AS
BEGIN
DECLARE @hr int
-- Important: Do not use nvarchar(max). See the warning about using nvarchar(max).
DECLARE @sTmp0 nvarchar(4000)
DECLARE @success int
SELECT @success = 0
-- This example assumes the Chilkat API to have been previously unlocked.
-- See Global Unlock Sample for sample code.
DECLARE @crypt int
EXEC @hr = sp_OACreate 'Chilkat.Crypt2', @crypt OUT
IF @hr <> 0
BEGIN
PRINT 'Failed to create ActiveX component'
RETURN
END
-- Verify a PKCS7 signed-data (opaque signature) file and extract the original content to a file.
EXEC sp_OAMethod @crypt, 'VerifyP7M', @success OUT, 'qa_data/p7m/opaqueSig.p7', 'qa_output/originalData.dat'
IF @success = 0
BEGIN
EXEC sp_OAGetProperty @crypt, 'LastErrorText', @sTmp0 OUT
PRINT @sTmp0
EXEC @hr = sp_OADestroy @crypt
RETURN
END
-- Alternatively, we can do it in memory...
DECLARE @binData int
EXEC @hr = sp_OACreate 'Chilkat.BinData', @binData OUT
EXEC sp_OAMethod @binData, 'LoadFile', @success OUT, 'qa_data/p7m/opaqueSig.p7'
-- Your app should check for success, but we'll skip the check for brevity..
-- If verified, the signature is unwrapped and binData is replaced with the original data that was signed.
EXEC sp_OAMethod @crypt, 'OpaqueVerifyBd', @success OUT, @binData
IF @success = 0
BEGIN
EXEC sp_OAGetProperty @crypt, 'LastErrorText', @sTmp0 OUT
PRINT @sTmp0
EXEC @hr = sp_OADestroy @crypt
EXEC @hr = sp_OADestroy @binData
RETURN
END
-- For our testing, we signed some text, so we can get it from the binData..
PRINT 'Original Data:'
EXEC sp_OAMethod @binData, 'GetString', @sTmp0 OUT, 'utf-8'
PRINT @sTmp0
-- After any method call that verifies a signature, the crypt object will contain the certificate(s)
-- that were used for signing (assuming the X.509 certs were available in the signature, which is typically the case).
-- Get each signing certificate, and build the certificate chain for each.
DECLARE @cert int
EXEC @hr = sp_OACreate 'Chilkat.Cert', @cert OUT
DECLARE @certChain int
EXEC @hr = sp_OACreate 'Chilkat.CertChain', @certChain OUT
DECLARE @numCerts int
EXEC sp_OAGetProperty @crypt, 'NumSignerCerts', @numCerts OUT
DECLARE @i int
SELECT @i = 0
WHILE @i < @numCerts
BEGIN
EXEC sp_OAMethod @crypt, 'LastSignerCert', @success OUT, @i, @cert
EXEC sp_OAGetProperty @cert, 'SubjectDN', @sTmp0 OUT
PRINT @sTmp0
EXEC sp_OAMethod @cert, 'BuildCertChain', @success OUT, @certChain
IF @success = 0
BEGIN
EXEC sp_OAGetProperty @cert, 'LastErrorText', @sTmp0 OUT
PRINT @sTmp0
EXEC @hr = sp_OADestroy @crypt
EXEC @hr = sp_OADestroy @binData
EXEC @hr = sp_OADestroy @cert
EXEC @hr = sp_OADestroy @certChain
RETURN
END
SELECT @i = @i + 1
END
EXEC @hr = sp_OADestroy @crypt
EXEC @hr = sp_OADestroy @binData
EXEC @hr = sp_OADestroy @cert
EXEC @hr = sp_OADestroy @certChain
END
GO