|
Chilkat • HOME • Android™ • Classic ASP • C • C++ • C# • Mono C# • .NET Core C# • C# UWP/WinRT • DataFlex • Delphi ActiveX • Delphi DLL • Visual FoxPro • Java • Lianja • MFC • Objective-C • Perl • PHP ActiveX • PHP Extension • PowerBuilder • PowerShell • PureBasic • CkPython • Chilkat2-Python • Ruby • SQL Server • Swift 2 • Swift 3,4,5... • Tcl • Unicode C • Unicode C++ • Visual Basic 6.0 • VB.NET • VB.NET UWP/WinRT • VBScript • Xojo Plugin • Node.js • Excel • Go
(VB.NET UWP/WinRT) Validate CAdES-T Signature (.p7m)Validates a CAdES-T CMS signature and extracts the time-stamp token and gets information about it. Also validates the time-stamp token. Note: This example requires Chilkat v9.5.0.78 or greater.
' This example requires the Chilkat API to have been previously unlocked. ' See Global Unlock Sample for sample code. Dim crypt As New Chilkat.Crypt2 Dim success As Boolean ' Indicate that the CAdES-T timestamp tokens must also pass validation for the signature to be validated. Dim cmsOptions As New Chilkat.JsonObject cmsOptions.UpdateBool("ValidateTimestampTokens",True) crypt.CmsOptions = cmsOptions.Emit() ' Validate the .p7m and extract the original signed data to an output file. ' Note: The timestampToken is an unauthenticated attribute. See the code below that parses the LastJsonData ' for details about examining timestampToken. success = crypt.VerifyP7M("qa_data/cades/CAdES-T/Signature-C-T-1.p7m","qa_output/out.dat") ' Get information about the CMS signature in the LastJsonData. ' The detailed results of the signature validation are available in LastJsonData. ' (If the non-success return status was caused by an error such as "file not found", then the ' LastJsonData would be empty.) Dim json As Chilkat.JsonObject = crypt.LastJsonData() json.EmitCompact = False Debug.WriteLine(json.Emit()) ' Here is a sample result: ' See the parsing code below.. ' Use this online tool to generate parsing code from sample JSON: ' Generate Parsing Code from JSON ' { ' "pkcs7": { ' "verify": { ' "digestAlgorithms": [ ' "sha256" ' ], ' "signerInfo": [ ' { ' "cert": { ' "serialNumber": "00DCB814678CDB", ' "issuerCN": "LevelBCAOK", ' "issuerDN": "", ' "digestAlgOid": "2.16.840.1.101.3.4.2.1", ' "digestAlgName": "SHA256" ' }, ' "contentType": "1.2.840.113549.1.7.1", ' "signingTime": "131203065741Z", ' "messageDigest": "JJZt41Nt8VsYahP+Xti4rR3vBDkUfRd6gquItl6R5Os=", ' "signingAlgOid": "1.2.840.113549.1.1.1", ' "signingAlgName": "RSA-PKCSV-1_5", ' "authAttr": { ' "1.2.840.113549.1.9.3": { ' "name": "contentType", ' "oid": "1.2.840.113549.1.7.1" ' }, ' "1.2.840.113549.1.9.5": { ' "name": "signingTime", ' "utctime": "131203065741Z" ' }, ' "1.2.840.113549.1.9.4": { ' "name": "messageDigest", ' "digest": "JJZt41Nt8VsYahP+Xti4rR3vBDkUfRd6gquItl6R5Os=" ' }, ' "1.2.840.113549.1.9.16.2.47": { ' "name": "signingCertificateV2", ' "der": "MIGIMIGFMIGCBCBJrxOU0w0dWGsVovjLv9QDH3syB5mLVv3grSYA40x9IDBeMFOkUTBPMQswCQYDVQQGEwJGUjENMAsGA1UEChMERVRTSTEcMBoGA1UECwwTUGx1Z3Rlc3RzXzIwMTMtMjAxNDETMBEGA1UEAxMKTGV2ZWxCQ0FPSwIHANy4FGeM2w==" ' } ' }, ' "unauthAttr": { ' "1.2.840.113549.1.9.16.2.14": { ' "name": "timestampToken", ' "der": "MIIL+AYJKoZI...u7CfcjURNTY=", ' "verify": { ' "digestAlgorithms": [ ' "sha256" ' ], ' "signerInfo": [ ' { ' "cert": { ' "serialNumber": "01AA4592D36C61", ' "issuerCN": "RootCAOK", ' "issuerDN": "", ' "digestAlgOid": "2.16.840.1.101.3.4.2.1", ' "digestAlgName": "SHA256" ' }, ' "contentType": "1.2.840.113549.1.9.16.1.4", ' "messageDigest": "NSsMUrfoyCQ0OszPE1YLx1j3EyyCiBmnE5Sua6ghu/Q=", ' "signingAlgOid": "1.2.840.113549.1.1.1", ' "signingAlgName": "RSA-PKCSV-1_5", ' "authAttr": { ' "1.2.840.113549.1.9.3": { ' "name": "contentType", ' "oid": "1.2.840.113549.1.9.16.1.4" ' }, ' "1.2.840.113549.1.9.4": { ' "name": "messageDigest", ' "digest": "NSsMUrfoyCQ0OszPE1YLx1j3EyyCiBmnE5Sua6ghu/Q=" ' }, ' "1.2.840.113549.1.9.16.2.47": { ' "name": "signingCertificateV2", ' "der": "MIGGMIGDMIGABCDB/np5UxvhcPnSxD2Kme+C88uXGCMWLAvFPHNvTApTWDBcMFGkTzBNMQswCQYDVQQGEwJGUjENMAsGA1UEChMERVRTSTEcMBoGA1UECwwTUGx1Z3Rlc3RzXzIwMTMtMjAxNDERMA8GA1UEAxMIUm9vdENBT0sCBwGqRZLTbGE=" ' } ' } ' } ' ] ' }, ' "timestampSignatureVerified": true, ' "tstInfo": { ' "tsaPolicyId": "1.3.6.1.4.1.2706.2.2.5.2.1.1.1", ' "messageImprint": { ' "hashAlg": "sha256", ' "digest": "C8xEe9NA4X1cUyHGX9zG89ipmQ2byFs3aa+Xe4Fz2P0=", ' "digestMatches": true ' }, ' "serialNumber": "313E162121D922", ' "genTime": "20131203065742Z" ' } ' } ' } ' } ' ] ' } ' } ' } ' Dim i As Integer Dim count_i As Integer Dim strVal As String Dim certSerialNumber As String Dim certIssuerCN As String Dim certIssuerDN As String Dim certDigestAlgOid As String Dim certDigestAlgName As String Dim contentType As String Dim signingTime As New Chilkat.DtObj Dim messageDigest As String Dim signingAlgOid As String Dim signingAlgName As String Dim authAttrContentTypeName As String Dim authAttrContentTypeOid As String Dim authAttrSigningTimeName As String Dim authAttrSigningTimeUtctime As New Chilkat.DtObj Dim authAttrMessageDigestName As String Dim authAttrMessageDigestDigest As String Dim authAttrSigningCertificateV2Name As String Dim authAttrSigningCertificateV2Der As String Dim unauthAttrTimestampTokenName As String Dim unauthAttrTimestampTokenDer As String Dim unauthAttrTimestampTokenTimestampSignatureVerified As Boolean Dim unauthAttrTimestampTokenTstInfoTsaPolicyId As String Dim unauthAttrTimestampTokenTstInfoMessageImprintHashAlg As String Dim unauthAttrTimestampTokenTstInfoMessageImprintDigest As String Dim unauthAttrTimestampTokenTstInfoMessageImprintDigestMatches As Boolean Dim unauthAttrTimestampTokenTstInfoSerialNumber As String Dim unauthAttrTimestampTokenTstInfoGenTime As New Chilkat.DtObj Dim j As Integer Dim count_j As Integer ' Iterate over the hash algorithms used in the signature. i = 0 count_i = json.SizeOfArray("pkcs7.verify.digestAlgorithms") While i < count_i json.I = i strVal = json.StringOf("pkcs7.verify.digestAlgorithms[i]") i = i + 1 End While ' For each signer... i = 0 count_i = json.SizeOfArray("pkcs7.verify.signerInfo") While i < count_i json.I = i ' Get information about the certificate used by this signer. certSerialNumber = json.StringOf("pkcs7.verify.signerInfo[i].cert.serialNumber") certIssuerCN = json.StringOf("pkcs7.verify.signerInfo[i].cert.issuerCN") certIssuerDN = json.StringOf("pkcs7.verify.signerInfo[i].cert.issuerDN") certDigestAlgOid = json.StringOf("pkcs7.verify.signerInfo[i].cert.digestAlgOid") certDigestAlgName = json.StringOf("pkcs7.verify.signerInfo[i].cert.digestAlgName") ' Get additional information for this signer, such as the signingTime, signature algorithm, etc. contentType = json.StringOf("pkcs7.verify.signerInfo[i].contentType") json.DtOf("pkcs7.verify.signerInfo[i].signingTime",False,signingTime) messageDigest = json.StringOf("pkcs7.verify.signerInfo[i].messageDigest") signingAlgOid = json.StringOf("pkcs7.verify.signerInfo[i].signingAlgOid") signingAlgName = json.StringOf("pkcs7.verify.signerInfo[i].signingAlgName") ' -------------------------------- ' Examine authenticated attributes. ' -------------------------------- ' contentType If (json.HasMember("pkcs7.verify.signerInfo[i].authAttr.""1.2.840.113549.1.9.3""") = True) Then authAttrContentTypeName = json.StringOf("pkcs7.verify.signerInfo[i].authAttr.""1.2.840.113549.1.9.3"".name") authAttrContentTypeOid = json.StringOf("pkcs7.verify.signerInfo[i].authAttr.""1.2.840.113549.1.9.3"".oid") End If ' signingTime If (json.HasMember("pkcs7.verify.signerInfo[i].authAttr.""1.2.840.113549.1.9.5""") = True) Then authAttrSigningTimeName = json.StringOf("pkcs7.verify.signerInfo[i].authAttr.""1.2.840.113549.1.9.5"".name") json.DtOf("pkcs7.verify.signerInfo[i].authAttr.""1.2.840.113549.1.9.5"".utctime",False,authAttrSigningTimeUtctime) End If ' messageDigest If (json.HasMember("pkcs7.verify.signerInfo[i].authAttr.""1.2.840.113549.1.9.4""") = True) Then authAttrMessageDigestName = json.StringOf("pkcs7.verify.signerInfo[i].authAttr.""1.2.840.113549.1.9.4"".name") authAttrMessageDigestDigest = json.StringOf("pkcs7.verify.signerInfo[i].authAttr.""1.2.840.113549.1.9.4"".digest") End If ' signingCertificateV2 If (json.HasMember("pkcs7.verify.signerInfo[i].authAttr.""1.2.840.113549.1.9.16.2.47""") = True) Then authAttrSigningCertificateV2Name = json.StringOf("pkcs7.verify.signerInfo[i].authAttr.""1.2.840.113549.1.9.16.2.47"".name") authAttrSigningCertificateV2Der = json.StringOf("pkcs7.verify.signerInfo[i].authAttr.""1.2.840.113549.1.9.16.2.47"".der") End If ' -------------------------------- ' Examine unauthenticated attributes. ' -------------------------------- ' timestampToken (the timestampToken is what makes this signature a CAdES-T) If (json.HasMember("pkcs7.verify.signerInfo[i].unauthAttr.""1.2.840.113549.1.9.16.2.14""") = True) Then unauthAttrTimestampTokenName = json.StringOf("pkcs7.verify.signerInfo[i].unauthAttr.""1.2.840.113549.1.9.16.2.14"".name") unauthAttrTimestampTokenDer = json.StringOf("pkcs7.verify.signerInfo[i].unauthAttr.""1.2.840.113549.1.9.16.2.14"".der") ' This is where we find out if the timestampToken's signature is valid. unauthAttrTimestampTokenTimestampSignatureVerified = json.BoolOf("pkcs7.verify.signerInfo[i].unauthAttr.""1.2.840.113549.1.9.16.2.14"".timestampSignatureVerified") unauthAttrTimestampTokenTstInfoTsaPolicyId = json.StringOf("pkcs7.verify.signerInfo[i].unauthAttr.""1.2.840.113549.1.9.16.2.14"".tstInfo.tsaPolicyId") unauthAttrTimestampTokenTstInfoMessageImprintHashAlg = json.StringOf("pkcs7.verify.signerInfo[i].unauthAttr.""1.2.840.113549.1.9.16.2.14"".tstInfo.messageImprint.hashAlg") unauthAttrTimestampTokenTstInfoMessageImprintDigest = json.StringOf("pkcs7.verify.signerInfo[i].unauthAttr.""1.2.840.113549.1.9.16.2.14"".tstInfo.messageImprint.digest") ' Here is where we check to see if the digest in the timestampToken's messageImprint matches the digest of the signature of this signerInfo unauthAttrTimestampTokenTstInfoMessageImprintDigestMatches = json.BoolOf("pkcs7.verify.signerInfo[i].unauthAttr.""1.2.840.113549.1.9.16.2.14"".tstInfo.messageImprint.digestMatches") unauthAttrTimestampTokenTstInfoSerialNumber = json.StringOf("pkcs7.verify.signerInfo[i].unauthAttr.""1.2.840.113549.1.9.16.2.14"".tstInfo.serialNumber") ' Here is where we get the date/time of the timestampToken (i.e. when it was timestamped) json.DtOf("pkcs7.verify.signerInfo[i].unauthAttr.""1.2.840.113549.1.9.16.2.14"".tstInfo.genTime",False,unauthAttrTimestampTokenTstInfoGenTime) ' The following code gets details about the validity of the timestampToken's signature... j = 0 count_j = json.SizeOfArray("pkcs7.verify.signerInfo[i].unauthAttr.""1.2.840.113549.1.9.16.2.14"".verify.digestAlgorithms") While j < count_j json.J = j strVal = json.StringOf("pkcs7.verify.signerInfo[i].unauthAttr.""1.2.840.113549.1.9.16.2.14"".verify.digestAlgorithms[j]") j = j + 1 End While j = 0 count_j = json.SizeOfArray("pkcs7.verify.signerInfo[i].unauthAttr.""1.2.840.113549.1.9.16.2.14"".verify.signerInfo") While j < count_j json.J = j certSerialNumber = json.StringOf("pkcs7.verify.signerInfo[i].unauthAttr.""1.2.840.113549.1.9.16.2.14"".verify.signerInfo[j].cert.serialNumber") certIssuerCN = json.StringOf("pkcs7.verify.signerInfo[i].unauthAttr.""1.2.840.113549.1.9.16.2.14"".verify.signerInfo[j].cert.issuerCN") certIssuerDN = json.StringOf("pkcs7.verify.signerInfo[i].unauthAttr.""1.2.840.113549.1.9.16.2.14"".verify.signerInfo[j].cert.issuerDN") certDigestAlgOid = json.StringOf("pkcs7.verify.signerInfo[i].unauthAttr.""1.2.840.113549.1.9.16.2.14"".verify.signerInfo[j].cert.digestAlgOid") certDigestAlgName = json.StringOf("pkcs7.verify.signerInfo[i].unauthAttr.""1.2.840.113549.1.9.16.2.14"".verify.signerInfo[j].cert.digestAlgName") contentType = json.StringOf("pkcs7.verify.signerInfo[i].unauthAttr.""1.2.840.113549.1.9.16.2.14"".verify.signerInfo[j].contentType") messageDigest = json.StringOf("pkcs7.verify.signerInfo[i].unauthAttr.""1.2.840.113549.1.9.16.2.14"".verify.signerInfo[j].messageDigest") signingAlgOid = json.StringOf("pkcs7.verify.signerInfo[i].unauthAttr.""1.2.840.113549.1.9.16.2.14"".verify.signerInfo[j].signingAlgOid") signingAlgName = json.StringOf("pkcs7.verify.signerInfo[i].unauthAttr.""1.2.840.113549.1.9.16.2.14"".verify.signerInfo[j].signingAlgName") authAttrContentTypeName = json.StringOf("pkcs7.verify.signerInfo[i].unauthAttr.""1.2.840.113549.1.9.16.2.14"".verify.signerInfo[j].authAttr.""1.2.840.113549.1.9.3"".name") authAttrContentTypeOid = json.StringOf("pkcs7.verify.signerInfo[i].unauthAttr.""1.2.840.113549.1.9.16.2.14"".verify.signerInfo[j].authAttr.""1.2.840.113549.1.9.3"".oid") authAttrMessageDigestName = json.StringOf("pkcs7.verify.signerInfo[i].unauthAttr.""1.2.840.113549.1.9.16.2.14"".verify.signerInfo[j].authAttr.""1.2.840.113549.1.9.4"".name") authAttrMessageDigestDigest = json.StringOf("pkcs7.verify.signerInfo[i].unauthAttr.""1.2.840.113549.1.9.16.2.14"".verify.signerInfo[j].authAttr.""1.2.840.113549.1.9.4"".digest") authAttrSigningCertificateV2Name = json.StringOf("pkcs7.verify.signerInfo[i].unauthAttr.""1.2.840.113549.1.9.16.2.14"".verify.signerInfo[j].authAttr.""1.2.840.113549.1.9.16.2.47"".name") authAttrSigningCertificateV2Der = json.StringOf("pkcs7.verify.signerInfo[i].unauthAttr.""1.2.840.113549.1.9.16.2.14"".verify.signerInfo[j].authAttr.""1.2.840.113549.1.9.16.2.47"".der") j = j + 1 End While End If i = i + 1 End While If (success <> True) Then Debug.WriteLine(crypt.LastErrorText) Debug.WriteLine("CAdES-T verification failed.") Else Debug.WriteLine("CAdES-T signature is valid.") End If |
||||
© 2000-2022 Chilkat Software, Inc. All Rights Reserved.