SQL Server
SQL Server
Get a .pfx/.p12 Safe Bag Attribute
See more PFX/P12 Examples
Demonstrates how to get the value of a private key or certificate safe bag attribute. Safe bag attributes are associated with a key or certificate. They are attributes stored in the .p12/.pfx alongside a key or certificate.Chilkat SQL Server Downloads
-- Important: See this note about string length limitations for strings returned by sp_OAMethod calls.
--
CREATE PROCEDURE ChilkatSample
AS
BEGIN
DECLARE @hr int
-- Important: Do not use nvarchar(max). See the warning about using nvarchar(max).
DECLARE @sTmp0 nvarchar(4000)
DECLARE @success int
SELECT @success = 0
DECLARE @pfx int
EXEC @hr = sp_OACreate 'Chilkat.Pfx', @pfx OUT
IF @hr <> 0
BEGIN
PRINT 'Failed to create ActiveX component'
RETURN
END
EXEC sp_OAMethod @pfx, 'LoadPfxFile', @success OUT, 'qa_data/pfx/test_ecdsa_secret.pfx', 'secret'
IF @success = 0
BEGIN
EXEC sp_OAGetProperty @pfx, 'LastErrorText', @sTmp0 OUT
PRINT @sTmp0
EXEC @hr = sp_OADestroy @pfx
RETURN
END
DECLARE @json int
EXEC @hr = sp_OACreate 'Chilkat.JsonObject', @json OUT
EXEC sp_OAMethod @pfx, 'GetLastJsonData', NULL, @json
EXEC sp_OASetProperty @json, 'EmitCompact', 0
EXEC sp_OAMethod @json, 'Emit', @sTmp0 OUT
PRINT @sTmp0
-- The last JSON data provides information about the what is contained in the PFX. It was collected in the call to LoadPfxFile.
-- For example:
-- {
-- "authenticatedSafe": {
-- "contentInfo": [
-- {
-- "type": "Data",
-- "safeBag": [
-- {
-- "type": "pkcs8ShroudedKeyBag",
-- "attrs": {
-- "localKeyId": "16777216",
-- "keyContainerName": "{B99EB9E7-6AF7-42AF-A43A-D4B2225B7605}",
-- "msStorageProvider": "Microsoft Software Key Storage Provider"
-- }
-- }
-- ]
-- },
-- {
-- "type": "EncryptedData",
-- "safeBag": [
-- {
-- "type": "certBag",
-- "attrs": {
-- "localKeyId": "16777216"
-- },
-- "subject": "EE",
-- "serialNumber": "1a9da86df17ad411bb413b2aa724fe56fc71242d"
-- },
-- {
-- "type": "certBag",
-- "subject": "CA",
-- "serialNumber": "02742228acbf3dd2e71f403abd8281ab6d70d490"
-- }
-- ]
-- }
-- ]
-- }
-- }
-- Use this online tool to generate parsing code from sample JSON:
-- Generate Parsing Code from JSON
-- In the above JSON, we can see the .pfx contains one private key (a pkcs8ShroudedKeyBag) and two certificates (each in a certBag).
-- The certificates in a .pfx/.p12 are typicaly a single certificate with associated private key, along with the other certificates
-- in the chain of authentication.
-- We can see that the private key has 3 safebag attributes: localKeyId, keyContainerName, and msStorageProvider.
-- The certificate associated with the private key contains one safebag attribute: localKeyId.
-- Notice the localKeyId is the same. The localKeyId helps associate the private key that corresponds to the given certificate.
-- Let's demonstrate the GetSafeBagAttr method:
-- Get each of the private key safebag attributes:
DECLARE @getPrivateKeyAttr int
SELECT @getPrivateKeyAttr = 1
DECLARE @privateKeyIdx int
SELECT @privateKeyIdx = 0
PRINT '---- private key safebag attributes ----'
EXEC sp_OAMethod @pfx, 'GetSafeBagAttr', @sTmp0 OUT, @getPrivateKeyAttr, @privateKeyIdx, 'localKeyId'
PRINT @sTmp0
EXEC sp_OAMethod @pfx, 'GetSafeBagAttr', @sTmp0 OUT, @getPrivateKeyAttr, @privateKeyIdx, 'keyContainerName'
PRINT @sTmp0
EXEC sp_OAMethod @pfx, 'GetSafeBagAttr', @sTmp0 OUT, @getPrivateKeyAttr, @privateKeyIdx, 'storageProvider'
PRINT @sTmp0
-- Get the localKeyId attribute for the 1st certificate.
SELECT @getPrivateKeyAttr = 0
PRINT '---- cert safebag attributes ----'
EXEC sp_OAMethod @pfx, 'GetSafeBagAttr', @sTmp0 OUT, @getPrivateKeyAttr, 0, 'localKeyId'
PRINT @sTmp0
EXEC @hr = sp_OADestroy @pfx
EXEC @hr = sp_OADestroy @json
END
GO