(SQL Server) Verify a CAdES-BES Signature and Examine Signature Contents

Demonstrates how to validate a .p7m (.p7s) signature and examine the contents of the signature.

Chilkat ActiveX Downloads ActiveX for 32-bit and 64-bit Windows

// Important: See this note about string length limitations for strings returned by sp_OAMethod calls.
//
CREATE PROCEDURE ChilkatSample
AS
BEGIN
    DECLARE @hr int
    DECLARE @iTmp0 int
    DECLARE @sTmp0 nvarchar(4000)
    -- This example requires the Chilkat API to have been previously unlocked.
    -- See Global Unlock Sample for sample code.

    DECLARE @crypt int
    EXEC @hr = sp_OACreate 'Chilkat_9_5_0.Crypt2', @crypt OUT
    IF @hr <> 0
    BEGIN
        PRINT 'Failed to create ActiveX component'
        RETURN
    END

    DECLARE @outputFile nvarchar(4000)
    SELECT @outputFile = 'qa_output/original.xml'
    DECLARE @inFile nvarchar(4000)
    SELECT @inFile = 'qa_data/p7m/fattura_signature.xml.p7m'

    -- Verify the signature and extract the contained file, which in this case is XML.
    DECLARE @success int
    EXEC sp_OAMethod @crypt, 'VerifyP7M', @success OUT, @inFile, @outputFile
    IF @success = 0
      BEGIN
        EXEC sp_OAGetProperty @crypt, 'LastErrorText', @sTmp0 OUT
        PRINT @sTmp0
        EXEC @hr = sp_OADestroy @crypt
        RETURN
      END


    PRINT 'Signature validated.'

    -- Now let's examine the information about the signature.
    DECLARE @json int
    EXEC sp_OAMethod @crypt, 'LastJsonData', @json OUT
    EXEC sp_OAGetProperty @crypt, 'LastMethodSuccess', @iTmp0 OUT
    IF @iTmp0 = 0
      BEGIN
        -- This should never be the case...

        PRINT 'No information available.'
        EXEC @hr = sp_OADestroy @crypt
        RETURN
      END

    EXEC sp_OASetProperty @json, 'EmitCompact', 0
    EXEC sp_OAMethod @json, 'Emit', @sTmp0 OUT
    PRINT @sTmp0

    -- Here's an example of the information about the signature:
    -- {
    --   "pkcs7": {
    --     "verify": {
    --       "certs": [
    --         {
    --           "issuerCN": "Xyz EU Qualified Certificates CA G1",
    --           "serial": "99A28A51AC389999"
    --         }
    --       ],
    --       "useConstructedOctets": true,
    --       "digestAlgorithms": [
    --         "sha256"
    --       ],
    --       "signerInfo": [
    --         {
    --           "cert": {
    --             "subjectKeyIdentifier": "5VM4x8AWnXf07yzbXuLtbb0U3yY=",
    --             "digestAlgOid": "2.16.840.1.101.3.4.2.1",
    --             "digestAlgName": "SHA256"
    --           },
    --           "signingAlgOid": "1.2.840.113549.1.1.11",
    --           "signingAlgName": "RSA-SHA256-PKCSV-1_5",
    --           "authAttr": {
    --             "1.2.840.113549.1.9.3": {
    --               "name": "contentType",
    --               "oid": "1.2.840.113549.1.7.1"
    --             },
    --             "1.2.840.113549.1.9.5": {
    --               "name": "signingTime",
    --               "utctime": "190901152340Z"
    --             },
    --             "1.2.840.113549.1.9.4": {
    --               "name": "messageDigest",
    --               "digest": "y+gd/zAQK33A//HInhaZba7w1fUJleV9AHbP1Ntx6U0="
    --             },
    --             "1.2.840.113549.1.9.16.2.47": {
    --               "name": "signingCertificateV2",
    --               "der": "MIH4MI..w4vv0="
    --             }
    --           }
    --         }
    --       ]
    --     }
    --   }
    -- }

    -- Use this online tool to generate parsing code from sample JSON: 
    -- Generate Parsing Code from JSON

    DECLARE @authAttrSigningTimeUtctime int
    EXEC @hr = sp_OACreate 'Chilkat_9_5_0.DtObj', @authAttrSigningTimeUtctime OUT

    DECLARE @issuerCN nvarchar(4000)

    DECLARE @serial nvarchar(4000)

    DECLARE @strVal nvarchar(4000)

    DECLARE @certSubjectKeyIdentifier nvarchar(4000)

    DECLARE @certDigestAlgOid nvarchar(4000)

    DECLARE @certDigestAlgName nvarchar(4000)

    DECLARE @signingAlgOid nvarchar(4000)

    DECLARE @signingAlgName nvarchar(4000)

    DECLARE @authAttrContentTypeName nvarchar(4000)

    DECLARE @authAttrContentTypeOid nvarchar(4000)

    DECLARE @authAttrSigningTimeName nvarchar(4000)

    DECLARE @authAttrMessageDigestName nvarchar(4000)

    DECLARE @authAttrMessageDigestDigest nvarchar(4000)

    DECLARE @authAttrSigningCertificateV2Name nvarchar(4000)

    DECLARE @authAttrSigningCertificateV2Der nvarchar(4000)

    DECLARE @i int
    SELECT @i = 0
    DECLARE @count_i int
    EXEC sp_OAMethod @json, 'SizeOfArray', @count_i OUT, 'pkcs7.verify.certs'
    WHILE @i < @count_i
      BEGIN
        EXEC sp_OASetProperty @json, 'I', @i
        EXEC sp_OAMethod @json, 'StringOf', @issuerCN OUT, 'pkcs7.verify.certs[i].issuerCN'
        EXEC sp_OAMethod @json, 'StringOf', @serial OUT, 'pkcs7.verify.certs[i].serial'
        SELECT @i = @i + 1
      END
    SELECT @i = 0
    EXEC sp_OAMethod @json, 'SizeOfArray', @count_i OUT, 'pkcs7.verify.digestAlgorithms'
    WHILE @i < @count_i
      BEGIN
        EXEC sp_OASetProperty @json, 'I', @i
        EXEC sp_OAMethod @json, 'StringOf', @strVal OUT, 'pkcs7.verify.digestAlgorithms[i]'
        SELECT @i = @i + 1
      END
    SELECT @i = 0
    EXEC sp_OAMethod @json, 'SizeOfArray', @count_i OUT, 'pkcs7.verify.signerInfo'
    WHILE @i < @count_i
      BEGIN
        EXEC sp_OASetProperty @json, 'I', @i
        EXEC sp_OAMethod @json, 'StringOf', @certSubjectKeyIdentifier OUT, 'pkcs7.verify.signerInfo[i].cert.subjectKeyIdentifier'
        EXEC sp_OAMethod @json, 'StringOf', @certDigestAlgOid OUT, 'pkcs7.verify.signerInfo[i].cert.digestAlgOid'
        EXEC sp_OAMethod @json, 'StringOf', @certDigestAlgName OUT, 'pkcs7.verify.signerInfo[i].cert.digestAlgName'
        EXEC sp_OAMethod @json, 'StringOf', @signingAlgOid OUT, 'pkcs7.verify.signerInfo[i].signingAlgOid'
        EXEC sp_OAMethod @json, 'StringOf', @signingAlgName OUT, 'pkcs7.verify.signerInfo[i].signingAlgName'
        EXEC sp_OAMethod @json, 'StringOf', @authAttrContentTypeName OUT, 'pkcs7.verify.signerInfo[i].authAttr."1.2.840.113549.1.9.3".name'
        EXEC sp_OAMethod @json, 'StringOf', @authAttrContentTypeOid OUT, 'pkcs7.verify.signerInfo[i].authAttr."1.2.840.113549.1.9.3".oid'
        EXEC sp_OAMethod @json, 'StringOf', @authAttrSigningTimeName OUT, 'pkcs7.verify.signerInfo[i].authAttr."1.2.840.113549.1.9.5".name'
        EXEC sp_OAMethod @json, 'DtOf', @success OUT, 'pkcs7.verify.signerInfo[i].authAttr."1.2.840.113549.1.9.5".utctime', 0, @authAttrSigningTimeUtctime
        EXEC sp_OAMethod @json, 'StringOf', @authAttrMessageDigestName OUT, 'pkcs7.verify.signerInfo[i].authAttr."1.2.840.113549.1.9.4".name'
        EXEC sp_OAMethod @json, 'StringOf', @authAttrMessageDigestDigest OUT, 'pkcs7.verify.signerInfo[i].authAttr."1.2.840.113549.1.9.4".digest'
        EXEC sp_OAMethod @json, 'StringOf', @authAttrSigningCertificateV2Name OUT, 'pkcs7.verify.signerInfo[i].authAttr."1.2.840.113549.1.9.16.2.47".name'
        EXEC sp_OAMethod @json, 'StringOf', @authAttrSigningCertificateV2Der OUT, 'pkcs7.verify.signerInfo[i].authAttr."1.2.840.113549.1.9.16.2.47".der'
        SELECT @i = @i + 1
      END

    EXEC @hr = sp_OADestroy @json


    EXEC @hr = sp_OADestroy @crypt
    EXEC @hr = sp_OADestroy @authAttrSigningTimeUtctime


END
GO