(SQL Server) Verify a .p7m and get Algorithm Information

Demonstrates how to verify a .p7m and then examine the algorithms used by the signature.

Chilkat ActiveX Downloads ActiveX for 32-bit and 64-bit Windows

// Important: See this note about string length limitations for strings returned by sp_OAMethod calls.
//
CREATE PROCEDURE ChilkatSample
AS
BEGIN
    DECLARE @hr int
    DECLARE @sTmp0 nvarchar(4000)
    -- This example requires the Chilkat API to have been previously unlocked.
    -- See Global Unlock Sample for sample code.

    DECLARE @crypt int
    EXEC @hr = sp_OACreate 'Chilkat_9_5_0.Crypt2', @crypt OUT
    IF @hr <> 0
    BEGIN
        PRINT 'Failed to create ActiveX component'
        RETURN
    END

    DECLARE @inFile nvarchar(4000)
    SELECT @inFile = 'qa_data/p7m/brainpoolP256r1.p7m'
    DECLARE @outFile nvarchar(4000)
    SELECT @outFile = 'qa_output/something.dat'

    -- Verify and extract the signed data.
    DECLARE @success int
    EXEC sp_OAMethod @crypt, 'VerifyP7M', @success OUT, @inFile, @outFile
    IF @success = 0
      BEGIN
        EXEC sp_OAGetProperty @crypt, 'LastErrorText', @sTmp0 OUT
        PRINT @sTmp0
        EXEC @hr = sp_OADestroy @crypt
        RETURN
      END

    -- Examine details about the signature(s)
    DECLARE @json int
    EXEC sp_OAMethod @crypt, 'LastJsonData', @json OUT
    EXEC sp_OASetProperty @json, 'EmitCompact', 0
    EXEC sp_OAMethod @json, 'Emit', @sTmp0 OUT
    PRINT @sTmp0

    -- Sample output

    -- {
    --   "pkcs7": {
    --     "verify": {
    --       "digestAlgorithms": [
    --         "sha256"
    --       ],
    --       "signerInfo": [
    --         {
    --           "cert": {
    --             "serialNumber": "FFFFE552B302FFFFFF1E34C3ACEB2FFFF",
    --             "issuerCN": "The common name of the cert...",
    --             "issuerDN": "",
    --             "digestAlgOid": "2.16.840.1.101.3.4.2.1",
    --             "digestAlgName": "SHA256"
    --           },
    --           "contentType": "1.2.840.113549.1.7.1",
    --           "signingTime": "190409140500Z",
    --           "messageDigest": "lQe9If7vZKFf/NlSYu5Esmlw3phVK/RFsbbb1uH73t8=",
    --           "signingAlgOid": "1.2.840.10045.4.3.2",
    --           "signerDigest": "lQe9If7vZKFf/NlSYu5Esmlw3phVK/RFsbbb1uH73t8=",
    --           "authAttr": [
    --             {
    --               "oid": "1.2.840.113549.1.9.3",
    --               "oidName": "contentType"
    --             },
    --             {
    --               "oid": "1.2.840.113549.1.9.5",
    --               "oidName": "signingTime"
    --             },
    --             {
    --               "oid": "1.2.840.113549.1.9.52",
    --               "oidName": "1.2.840.113549.1.9.52",
    --               "der": "MBs ... AwI="
    --             },
    --             {
    --               "oid": "1.2.840.113549.1.9.4",
    --               "oidName": "messageDigest"
    --             },
    --             {
    --               "oid": "1.2.840.113549.1.9.16.2.47",
    --               "oidName": "signingCertificateV2",
    --               "der": "MCYw .. 7PlQ=="
    --             },
    --             {
    --               "oid": "1.2.840.113549.1.9.20",
    --               "oidName": "1.2.840.113549.1.9.20"
    --             }
    --           ]
    --         }
    --       ]
    --     }
    --   }
    -- }

    -- Code for parsing the above JSON...
    DECLARE @i int

    DECLARE @count_i int

    DECLARE @strVal nvarchar(4000)

    DECLARE @certSerialNumber nvarchar(4000)

    DECLARE @certIssuerCN nvarchar(4000)

    DECLARE @certIssuerDN nvarchar(4000)

    DECLARE @certDigestAlgOid nvarchar(4000)

    DECLARE @certDigestAlgName nvarchar(4000)

    DECLARE @contentType nvarchar(4000)

    DECLARE @signingTime nvarchar(4000)

    DECLARE @messageDigest nvarchar(4000)

    DECLARE @signingAlgOid nvarchar(4000)

    DECLARE @signerDigest nvarchar(4000)

    DECLARE @j int

    DECLARE @count_j int

    DECLARE @oid nvarchar(4000)

    DECLARE @oidName nvarchar(4000)

    DECLARE @der nvarchar(4000)

    SELECT @i = 0
    EXEC sp_OAMethod @json, 'SizeOfArray', @count_i OUT, 'pkcs7.verify.digestAlgorithms'
    WHILE @i < @count_i
      BEGIN
        EXEC sp_OASetProperty @json, 'I', @i
        EXEC sp_OAMethod @json, 'StringOf', @strVal OUT, 'pkcs7.verify.digestAlgorithms[i]'
        SELECT @i = @i + 1
      END
    SELECT @i = 0
    EXEC sp_OAMethod @json, 'SizeOfArray', @count_i OUT, 'pkcs7.verify.signerInfo'
    WHILE @i < @count_i
      BEGIN
        EXEC sp_OASetProperty @json, 'I', @i
        EXEC sp_OAMethod @json, 'StringOf', @certSerialNumber OUT, 'pkcs7.verify.signerInfo[i].cert.serialNumber'
        EXEC sp_OAMethod @json, 'StringOf', @certIssuerCN OUT, 'pkcs7.verify.signerInfo[i].cert.issuerCN'
        EXEC sp_OAMethod @json, 'StringOf', @certIssuerDN OUT, 'pkcs7.verify.signerInfo[i].cert.issuerDN'
        EXEC sp_OAMethod @json, 'StringOf', @certDigestAlgOid OUT, 'pkcs7.verify.signerInfo[i].cert.digestAlgOid'
        EXEC sp_OAMethod @json, 'StringOf', @certDigestAlgName OUT, 'pkcs7.verify.signerInfo[i].cert.digestAlgName'
        EXEC sp_OAMethod @json, 'StringOf', @contentType OUT, 'pkcs7.verify.signerInfo[i].contentType'
        EXEC sp_OAMethod @json, 'StringOf', @signingTime OUT, 'pkcs7.verify.signerInfo[i].signingTime'
        EXEC sp_OAMethod @json, 'StringOf', @messageDigest OUT, 'pkcs7.verify.signerInfo[i].messageDigest'
        EXEC sp_OAMethod @json, 'StringOf', @signingAlgOid OUT, 'pkcs7.verify.signerInfo[i].signingAlgOid'
        EXEC sp_OAMethod @json, 'StringOf', @signerDigest OUT, 'pkcs7.verify.signerInfo[i].signerDigest'
        SELECT @j = 0
        EXEC sp_OAMethod @json, 'SizeOfArray', @count_j OUT, 'pkcs7.verify.signerInfo[i].authAttr'
        WHILE @j < @count_j
          BEGIN
            EXEC sp_OASetProperty @json, 'J', @j
            EXEC sp_OAMethod @json, 'StringOf', @oid OUT, 'pkcs7.verify.signerInfo[i].authAttr[j].oid'
            EXEC sp_OAMethod @json, 'StringOf', @oidName OUT, 'pkcs7.verify.signerInfo[i].authAttr[j].oidName'
            EXEC sp_OAMethod @json, 'StringOf', @der OUT, 'pkcs7.verify.signerInfo[i].authAttr[j].der'
            SELECT @j = @j + 1
          END
        SELECT @i = @i + 1
      END

    EXEC @hr = sp_OADestroy @json


    PRINT 'Success!'

    EXEC @hr = sp_OADestroy @crypt


END
GO