|
Chilkat • HOME • .NET Core C# • Android™ • AutoIt • C • C# • C++ • Chilkat2-Python • CkPython • Classic ASP • DataFlex • Delphi ActiveX • Delphi DLL • Go • Java • Lianja • Mono C# • Node.js • Objective-C • PHP ActiveX • PHP Extension • Perl • PowerBuilder • PowerShell • PureBasic • Ruby • SQL Server • Swift 2 • Swift 3,4,5... • Tcl • Unicode C • Unicode C++ • VB.NET • VBScript • Visual Basic 6.0 • Visual FoxPro • Xojo Plugin
(Tcl) Validate a .pkpass ArchiveOpens a .pkpass archive (which is just a .zip renamed to .pkpass) and validates the contents. The hashes in the manifest are compared with the computed hash values for each individual file. If all computed hash values match, then the signature is verified.
load ./chilkat.dll # This example assumes the Chilkat API to have been previously unlocked. # See Global Unlock Sample for sample code. set crypt [new_CkCrypt2] set zip [new_CkZip] set success [CkZip_OpenZip $zip "qa_data/pkpass/invalid.pkpass"] if {$success == 0} then { puts [CkZip_lastErrorText $zip] delete_CkCrypt2 $crypt delete_CkZip $zip exit } # Get the contents of the manifest.json file, which contains something like this: # { # "icon.png" : "0296b01347b3173e98438a003b0e88986340b2d8", # "logo.png" : "25de09e2d3b01ce1fe00c2ca9a90a2be1aaa05cf", # "icon@2x.png" : "5afd9585b08c65fdf105a90c8bd643407cba2787", # "pass.json" : "145ea5a5db784fff485126c77ecf7a1fc2a88ee7", # "strip@2x.png" : "468fa7bc93e6b55342b56fda09bdce7c829d7d46", # "strip.png" : "736d01f84cb73d06e8a9932e43076d68f19461ff" # } # ent is a CkZipEntry set ent [CkZip_GetEntryByName $zip "manifest.json"] if {[CkZip_get_LastMethodSuccess $zip] == 0} then { puts "manifest.json entry not found." delete_CkCrypt2 $crypt delete_CkZip $zip exit } # Get the exact content of the manifest.json for later signature verification. set bdManifest [new_CkBinData] set success [CkZipEntry_UnzipToBd $ent $bdManifest] set json [new_CkJsonObject] CkJsonObject_put_EmitCompact $json 0 CkJsonObject_Load $json [CkZipEntry_unzipToString $ent 0 "utf-8"] puts [CkJsonObject_emit $json] delete_CkZipEntry $ent # For each file in the JSON, get the filename and hex hash value. CkCrypt2_put_EncodingMode $crypt "hexlower" CkCrypt2_put_HashAlgorithm $crypt "sha1" set someHashesFailed 0 set sbHashHex [new_CkStringBuilder] set bdFileData [new_CkBinData] set numMembers [CkJsonObject_get_Size $json] set i 0 while {$i < $numMembers} { set filename [CkJsonObject_nameAt $json $i] CkStringBuilder_Clear $sbHashHex CkStringBuilder_Append $sbHashHex [CkJsonObject_stringAt $json $i] set ent [CkZip_GetEntryByName $zip $filename] if {[CkZip_get_LastMethodSuccess $zip] == 0} then { puts "$filename not found in the pkpass file." delete_CkCrypt2 $crypt delete_CkZip $zip delete_CkBinData $bdManifest delete_CkJsonObject $json delete_CkStringBuilder $sbHashHex delete_CkBinData $bdFileData exit } # Get the data for this file. CkBinData_Clear $bdFileData set success [CkZipEntry_UnzipToBd $ent $bdFileData] set computedHashHex [CkCrypt2_hashBdENC $crypt $bdFileData] if {[CkStringBuilder_ContentsEqual $sbHashHex $computedHashHex 0] == 0} then { puts "Computed hash does not match stored hash for $filename" puts " computed: $computedHashHex" puts " stored: [CkStringBuilder_getAsString $sbHashHex]" set someHashesFailed 1 } else { puts "hash verified for $filename($computedHashHex)" } delete_CkZipEntry $ent set i [expr $i + 1] } if {$someHashesFailed == 1} then { puts "Some hashes failed." delete_CkCrypt2 $crypt delete_CkZip $zip delete_CkBinData $bdManifest delete_CkJsonObject $json delete_CkStringBuilder $sbHashHex delete_CkBinData $bdFileData exit } # Let's verify the signature.. # First get the signature. set ent [CkZip_GetEntryByName $zip "signature"] if {[CkZip_get_LastMethodSuccess $zip] == 0} then { puts "signature not found in the pkpass file." delete_CkCrypt2 $crypt delete_CkZip $zip delete_CkBinData $bdManifest delete_CkJsonObject $json delete_CkStringBuilder $sbHashHex delete_CkBinData $bdFileData exit } set bdSignature [new_CkBinData] set success [CkZipEntry_UnzipToBd $ent $bdSignature] delete_CkZipEntry $ent # Show the contents of the signature in base64 encoding. puts "Signature:" puts [CkBinData_getEncoded $bdSignature base64_mime] puts "----" # Verify the signature against the manifest.json CkCrypt2_put_EncodingMode $crypt "base64" set verified [CkCrypt2_VerifyBdENC $crypt $bdManifest [CkBinData_getEncoded $bdSignature "base64"]] if {$verified == 0} then { puts [CkCrypt2_lastErrorText $crypt] } puts "signature verified = $verified" delete_CkCrypt2 $crypt delete_CkZip $zip delete_CkBinData $bdManifest delete_CkJsonObject $json delete_CkStringBuilder $sbHashHex delete_CkBinData $bdFileData delete_CkBinData $bdSignature |
||||
© 2000-2024 Chilkat Software, Inc. All Rights Reserved.