(Swift 3,4,5...) Verify a CAdES-BES Signature and Examine Signature Contents

Demonstrates how to validate a .p7m (.p7s) signature and examine the contents of the signature.

Chilkat Downloads for the Swift Programming Language MAC OS X (Cocoa) Objective-C/Swift Libs iOS Objective-C/Swift Libs

func chilkatTest() {
    // This example requires the Chilkat API to have been previously unlocked.
    // See Global Unlock Sample for sample code.

    let crypt = CkoCrypt2()!

    var outputFile: String? = "qa_output/original.xml"
    var inFile: String? = "qa_data/p7m/fattura_signature.xml.p7m"

    // Verify the signature and extract the contained file, which in this case is XML.
    var success: Bool = crypt.verifyP7M(inFile, destPath: outputFile)
    if success == false {
        print("\(crypt.lastErrorText!)")
        return
    }

    print("Signature validated.")

    // Now let's examine the information about the signature.
    var json: CkoJsonObject? = crypt.lastJsonData()
    if crypt.lastMethodSuccess == false {
        // This should never be the case...
        print("No information available.")
        return
    }

    json.emitCompact = false
    print("\(json!.emit()!)")

    // Here's an example of the information about the signature:
    // {
    //   "pkcs7": {
    //     "verify": {
    //       "certs": [
    //         {
    //           "issuerCN": "Xyz EU Qualified Certificates CA G1",
    //           "serial": "99A28A51AC389999"
    //         }
    //       ],
    //       "useConstructedOctets": true,
    //       "digestAlgorithms": [
    //         "sha256"
    //       ],
    //       "signerInfo": [
    //         {
    //           "cert": {
    //             "subjectKeyIdentifier": "5VM4x8AWnXf07yzbXuLtbb0U3yY=",
    //             "digestAlgOid": "2.16.840.1.101.3.4.2.1",
    //             "digestAlgName": "SHA256"
    //           },
    //           "signingAlgOid": "1.2.840.113549.1.1.11",
    //           "signingAlgName": "RSA-SHA256-PKCSV-1_5",
    //           "authAttr": {
    //             "1.2.840.113549.1.9.3": {
    //               "name": "contentType",
    //               "oid": "1.2.840.113549.1.7.1"
    //             },
    //             "1.2.840.113549.1.9.5": {
    //               "name": "signingTime",
    //               "utctime": "190901152340Z"
    //             },
    //             "1.2.840.113549.1.9.4": {
    //               "name": "messageDigest",
    //               "digest": "y+gd/zAQK33A//HInhaZba7w1fUJleV9AHbP1Ntx6U0="
    //             },
    //             "1.2.840.113549.1.9.16.2.47": {
    //               "name": "signingCertificateV2",
    //               "der": "MIH4MI..w4vv0="
    //             }
    //           }
    //         }
    //       ]
    //     }
    //   }
    // }

    // Use this online tool to generate parsing code from sample JSON: 
    // Generate Parsing Code from JSON

    let authAttrSigningTimeUtctime = CkoDtObj()!
    var issuerCN: String?
    var serial: String?
    var strVal: String?
    var certSubjectKeyIdentifier: String?
    var certDigestAlgOid: String?
    var certDigestAlgName: String?
    var signingAlgOid: String?
    var signingAlgName: String?
    var authAttrContentTypeName: String?
    var authAttrContentTypeOid: String?
    var authAttrSigningTimeName: String?
    var authAttrMessageDigestName: String?
    var authAttrMessageDigestDigest: String?
    var authAttrSigningCertificateV2Name: String?
    var authAttrSigningCertificateV2Der: String?

    var i: Int = 0
    var count_i: Int = json!.size(ofArray: "pkcs7.verify.certs").intValue
    while i < count_i {
        json.i = i
        issuerCN = json!.string(of: "pkcs7.verify.certs[i].issuerCN")
        serial = json!.string(of: "pkcs7.verify.certs[i].serial")
        i = i + 1
    }

    i = 0
    count_i = json!.size(ofArray: "pkcs7.verify.digestAlgorithms").intValue
    while i < count_i {
        json.i = i
        strVal = json!.string(of: "pkcs7.verify.digestAlgorithms[i]")
        i = i + 1
    }

    i = 0
    count_i = json!.size(ofArray: "pkcs7.verify.signerInfo").intValue
    while i < count_i {
        json.i = i
        certSubjectKeyIdentifier = json!.string(of: "pkcs7.verify.signerInfo[i].cert.subjectKeyIdentifier")
        certDigestAlgOid = json!.string(of: "pkcs7.verify.signerInfo[i].cert.digestAlgOid")
        certDigestAlgName = json!.string(of: "pkcs7.verify.signerInfo[i].cert.digestAlgName")
        signingAlgOid = json!.string(of: "pkcs7.verify.signerInfo[i].signingAlgOid")
        signingAlgName = json!.string(of: "pkcs7.verify.signerInfo[i].signingAlgName")
        authAttrContentTypeName = json!.string(of: "pkcs7.verify.signerInfo[i].authAttr.\"1.2.840.113549.1.9.3\".name")
        authAttrContentTypeOid = json!.string(of: "pkcs7.verify.signerInfo[i].authAttr.\"1.2.840.113549.1.9.3\".oid")
        authAttrSigningTimeName = json!.string(of: "pkcs7.verify.signerInfo[i].authAttr.\"1.2.840.113549.1.9.5\".name")
        json!.dt(of: "pkcs7.verify.signerInfo[i].authAttr.\"1.2.840.113549.1.9.5\".utctime", bLocal: false, dt: authAttrSigningTimeUtctime)
        authAttrMessageDigestName = json!.string(of: "pkcs7.verify.signerInfo[i].authAttr.\"1.2.840.113549.1.9.4\".name")
        authAttrMessageDigestDigest = json!.string(of: "pkcs7.verify.signerInfo[i].authAttr.\"1.2.840.113549.1.9.4\".digest")
        authAttrSigningCertificateV2Name = json!.string(of: "pkcs7.verify.signerInfo[i].authAttr.\"1.2.840.113549.1.9.16.2.47\".name")
        authAttrSigningCertificateV2Der = json!.string(of: "pkcs7.verify.signerInfo[i].authAttr.\"1.2.840.113549.1.9.16.2.47\".der")
        i = i + 1
    }

    json = nil

}