Chilkat HOME .NET Core C# Android™ AutoIt C C# C++ Chilkat2-Python CkPython Classic ASP DataFlex Delphi ActiveX Delphi DLL Go Java Lianja Mono C# Node.js Objective-C PHP ActiveX PHP Extension Perl PowerBuilder PowerShell PureBasic Ruby SQL Server Swift 2 Swift 3,4,5... Tcl Unicode C Unicode C++ VB.NET VBScript Visual Basic 6.0 Visual FoxPro Xojo Plugin
(VBScript) Validate CAdES-T Signature (.p7m)Validates a CAdES-T CMS signature and extracts the time-stamp token and gets information about it. Also validates the time-stamp token. Note: This example requires Chilkat v9.5.0.78 or greater.
Dim fso, outFile Set fso = CreateObject("Scripting.FileSystemObject") 'Create a Unicode (utf-16) output text file. Set outFile = fso.CreateTextFile("output.txt", True, True) ' This example requires the Chilkat API to have been previously unlocked. ' See Global Unlock Sample for sample code. ' For versions of Chilkat < 10.0.0, use CreateObject("Chilkat_9_5_0.Crypt2") set crypt = CreateObject("Chilkat.Crypt2") ' Indicate that the CAdES-T timestamp tokens must also pass validation for the signature to be validated. ' For versions of Chilkat < 10.0.0, use CreateObject("Chilkat_9_5_0.JsonObject") set cmsOptions = CreateObject("Chilkat.JsonObject") success = cmsOptions.UpdateBool("ValidateTimestampTokens",1) crypt.CmsOptions = cmsOptions.Emit() ' Validate the .p7m and extract the original signed data to an output file. ' Note: The timestampToken is an unauthenticated attribute. See the code below that parses the LastJsonData ' for details about examining timestampToken. success = crypt.VerifyP7M("qa_data/cades/CAdES-T/Signature-C-T-1.p7m","qa_output/out.dat") ' Get information about the CMS signature in the LastJsonData. ' The detailed results of the signature validation are available in LastJsonData. ' (If the non-success return status was caused by an error such as "file not found", then the ' LastJsonData would be empty.) ' json is a Chilkat.JsonObject Set json = crypt.LastJsonData() json.EmitCompact = 0 outFile.WriteLine(json.Emit()) ' Here is a sample result: ' See the parsing code below.. ' Use this online tool to generate parsing code from sample JSON: ' Generate Parsing Code from JSON ' { ' "pkcs7": { ' "verify": { ' "digestAlgorithms": [ ' "sha256" ' ], ' "signerInfo": [ ' { ' "cert": { ' "serialNumber": "00DCB814678CDB", ' "issuerCN": "LevelBCAOK", ' "issuerDN": "", ' "digestAlgOid": "2.16.840.1.101.3.4.2.1", ' "digestAlgName": "SHA256" ' }, ' "contentType": "1.2.840.113549.1.7.1", ' "signingTime": "131203065741Z", ' "messageDigest": "JJZt41Nt8VsYahP+Xti4rR3vBDkUfRd6gquItl6R5Os=", ' "signingAlgOid": "1.2.840.113549.1.1.1", ' "signingAlgName": "RSA-PKCSV-1_5", ' "authAttr": { ' "1.2.840.113549.1.9.3": { ' "name": "contentType", ' "oid": "1.2.840.113549.1.7.1" ' }, ' "1.2.840.113549.1.9.5": { ' "name": "signingTime", ' "utctime": "131203065741Z" ' }, ' "1.2.840.113549.1.9.4": { ' "name": "messageDigest", ' "digest": "JJZt41Nt8VsYahP+Xti4rR3vBDkUfRd6gquItl6R5Os=" ' }, ' "1.2.840.113549.1.9.16.2.47": { ' "name": "signingCertificateV2", ' "der": "MIGIMIGFMIGCBCBJrxOU0w0dWGsVovjLv9QDH3syB5mLVv3grSYA40x9IDBeMFOkUTBPMQswCQYDVQQGEwJGUjENMAsGA1UEChMERVRTSTEcMBoGA1UECwwTUGx1Z3Rlc3RzXzIwMTMtMjAxNDETMBEGA1UEAxMKTGV2ZWxCQ0FPSwIHANy4FGeM2w==" ' } ' }, ' "unauthAttr": { ' "1.2.840.113549.1.9.16.2.14": { ' "name": "timestampToken", ' "der": "MIIL+AYJKoZI...u7CfcjURNTY=", ' "verify": { ' "digestAlgorithms": [ ' "sha256" ' ], ' "signerInfo": [ ' { ' "cert": { ' "serialNumber": "01AA4592D36C61", ' "issuerCN": "RootCAOK", ' "issuerDN": "", ' "digestAlgOid": "2.16.840.1.101.3.4.2.1", ' "digestAlgName": "SHA256" ' }, ' "contentType": "1.2.840.113549.1.9.16.1.4", ' "messageDigest": "NSsMUrfoyCQ0OszPE1YLx1j3EyyCiBmnE5Sua6ghu/Q=", ' "signingAlgOid": "1.2.840.113549.1.1.1", ' "signingAlgName": "RSA-PKCSV-1_5", ' "authAttr": { ' "1.2.840.113549.1.9.3": { ' "name": "contentType", ' "oid": "1.2.840.113549.1.9.16.1.4" ' }, ' "1.2.840.113549.1.9.4": { ' "name": "messageDigest", ' "digest": "NSsMUrfoyCQ0OszPE1YLx1j3EyyCiBmnE5Sua6ghu/Q=" ' }, ' "1.2.840.113549.1.9.16.2.47": { ' "name": "signingCertificateV2", ' "der": "MIGGMIGDMIGABCDB/np5UxvhcPnSxD2Kme+C88uXGCMWLAvFPHNvTApTWDBcMFGkTzBNMQswCQYDVQQGEwJGUjENMAsGA1UEChMERVRTSTEcMBoGA1UECwwTUGx1Z3Rlc3RzXzIwMTMtMjAxNDERMA8GA1UEAxMIUm9vdENBT0sCBwGqRZLTbGE=" ' } ' } ' } ' ] ' }, ' "timestampSignatureVerified": true, ' "tstInfo": { ' "tsaPolicyId": "1.3.6.1.4.1.2706.2.2.5.2.1.1.1", ' "messageImprint": { ' "hashAlg": "sha256", ' "digest": "C8xEe9NA4X1cUyHGX9zG89ipmQ2byFs3aa+Xe4Fz2P0=", ' "digestMatches": true ' }, ' "serialNumber": "313E162121D922", ' "genTime": "20131203065742Z" ' } ' } ' } ' } ' ] ' } ' } ' } ' ' For versions of Chilkat < 10.0.0, use CreateObject("Chilkat_9_5_0.DtObj") set signingTime = CreateObject("Chilkat.DtObj") ' For versions of Chilkat < 10.0.0, use CreateObject("Chilkat_9_5_0.DtObj") set authAttrSigningTimeUtctime = CreateObject("Chilkat.DtObj") ' For versions of Chilkat < 10.0.0, use CreateObject("Chilkat_9_5_0.DtObj") set unauthAttrTimestampTokenTstInfoGenTime = CreateObject("Chilkat.DtObj") ' Iterate over the hash algorithms used in the signature. i = 0 count_i = json.SizeOfArray("pkcs7.verify.digestAlgorithms") Do While i < count_i json.I = i strVal = json.StringOf("pkcs7.verify.digestAlgorithms[i]") i = i + 1 Loop ' For each signer... i = 0 count_i = json.SizeOfArray("pkcs7.verify.signerInfo") Do While i < count_i json.I = i ' Get information about the certificate used by this signer. certSerialNumber = json.StringOf("pkcs7.verify.signerInfo[i].cert.serialNumber") certIssuerCN = json.StringOf("pkcs7.verify.signerInfo[i].cert.issuerCN") certIssuerDN = json.StringOf("pkcs7.verify.signerInfo[i].cert.issuerDN") certDigestAlgOid = json.StringOf("pkcs7.verify.signerInfo[i].cert.digestAlgOid") certDigestAlgName = json.StringOf("pkcs7.verify.signerInfo[i].cert.digestAlgName") ' Get additional information for this signer, such as the signingTime, signature algorithm, etc. contentType = json.StringOf("pkcs7.verify.signerInfo[i].contentType") success = json.DtOf("pkcs7.verify.signerInfo[i].signingTime",0,signingTime) messageDigest = json.StringOf("pkcs7.verify.signerInfo[i].messageDigest") signingAlgOid = json.StringOf("pkcs7.verify.signerInfo[i].signingAlgOid") signingAlgName = json.StringOf("pkcs7.verify.signerInfo[i].signingAlgName") ' -------------------------------- ' Examine authenticated attributes. ' -------------------------------- ' contentType If (json.HasMember("pkcs7.verify.signerInfo[i].authAttr.""1.2.840.113549.1.9.3""") = 1) Then authAttrContentTypeName = json.StringOf("pkcs7.verify.signerInfo[i].authAttr.""1.2.840.113549.1.9.3"".name") authAttrContentTypeOid = json.StringOf("pkcs7.verify.signerInfo[i].authAttr.""1.2.840.113549.1.9.3"".oid") End If ' signingTime If (json.HasMember("pkcs7.verify.signerInfo[i].authAttr.""1.2.840.113549.1.9.5""") = 1) Then authAttrSigningTimeName = json.StringOf("pkcs7.verify.signerInfo[i].authAttr.""1.2.840.113549.1.9.5"".name") success = json.DtOf("pkcs7.verify.signerInfo[i].authAttr.""1.2.840.113549.1.9.5"".utctime",0,authAttrSigningTimeUtctime) End If ' messageDigest If (json.HasMember("pkcs7.verify.signerInfo[i].authAttr.""1.2.840.113549.1.9.4""") = 1) Then authAttrMessageDigestName = json.StringOf("pkcs7.verify.signerInfo[i].authAttr.""1.2.840.113549.1.9.4"".name") authAttrMessageDigestDigest = json.StringOf("pkcs7.verify.signerInfo[i].authAttr.""1.2.840.113549.1.9.4"".digest") End If ' signingCertificateV2 If (json.HasMember("pkcs7.verify.signerInfo[i].authAttr.""1.2.840.113549.1.9.16.2.47""") = 1) Then authAttrSigningCertificateV2Name = json.StringOf("pkcs7.verify.signerInfo[i].authAttr.""1.2.840.113549.1.9.16.2.47"".name") authAttrSigningCertificateV2Der = json.StringOf("pkcs7.verify.signerInfo[i].authAttr.""1.2.840.113549.1.9.16.2.47"".der") End If ' -------------------------------- ' Examine unauthenticated attributes. ' -------------------------------- ' timestampToken (the timestampToken is what makes this signature a CAdES-T) If (json.HasMember("pkcs7.verify.signerInfo[i].unauthAttr.""1.2.840.113549.1.9.16.2.14""") = 1) Then unauthAttrTimestampTokenName = json.StringOf("pkcs7.verify.signerInfo[i].unauthAttr.""1.2.840.113549.1.9.16.2.14"".name") unauthAttrTimestampTokenDer = json.StringOf("pkcs7.verify.signerInfo[i].unauthAttr.""1.2.840.113549.1.9.16.2.14"".der") ' This is where we find out if the timestampToken's signature is valid. unauthAttrTimestampTokenTimestampSignatureVerified = json.BoolOf("pkcs7.verify.signerInfo[i].unauthAttr.""1.2.840.113549.1.9.16.2.14"".timestampSignatureVerified") unauthAttrTimestampTokenTstInfoTsaPolicyId = json.StringOf("pkcs7.verify.signerInfo[i].unauthAttr.""1.2.840.113549.1.9.16.2.14"".tstInfo.tsaPolicyId") unauthAttrTimestampTokenTstInfoMessageImprintHashAlg = json.StringOf("pkcs7.verify.signerInfo[i].unauthAttr.""1.2.840.113549.1.9.16.2.14"".tstInfo.messageImprint.hashAlg") unauthAttrTimestampTokenTstInfoMessageImprintDigest = json.StringOf("pkcs7.verify.signerInfo[i].unauthAttr.""1.2.840.113549.1.9.16.2.14"".tstInfo.messageImprint.digest") ' Here is where we check to see if the digest in the timestampToken's messageImprint matches the digest of the signature of this signerInfo unauthAttrTimestampTokenTstInfoMessageImprintDigestMatches = json.BoolOf("pkcs7.verify.signerInfo[i].unauthAttr.""1.2.840.113549.1.9.16.2.14"".tstInfo.messageImprint.digestMatches") unauthAttrTimestampTokenTstInfoSerialNumber = json.StringOf("pkcs7.verify.signerInfo[i].unauthAttr.""1.2.840.113549.1.9.16.2.14"".tstInfo.serialNumber") ' Here is where we get the date/time of the timestampToken (i.e. when it was timestamped) success = json.DtOf("pkcs7.verify.signerInfo[i].unauthAttr.""1.2.840.113549.1.9.16.2.14"".tstInfo.genTime",0,unauthAttrTimestampTokenTstInfoGenTime) ' The following code gets details about the validity of the timestampToken's signature... j = 0 count_j = json.SizeOfArray("pkcs7.verify.signerInfo[i].unauthAttr.""1.2.840.113549.1.9.16.2.14"".verify.digestAlgorithms") Do While j < count_j json.J = j strVal = json.StringOf("pkcs7.verify.signerInfo[i].unauthAttr.""1.2.840.113549.1.9.16.2.14"".verify.digestAlgorithms[j]") j = j + 1 Loop j = 0 count_j = json.SizeOfArray("pkcs7.verify.signerInfo[i].unauthAttr.""1.2.840.113549.1.9.16.2.14"".verify.signerInfo") Do While j < count_j json.J = j certSerialNumber = json.StringOf("pkcs7.verify.signerInfo[i].unauthAttr.""1.2.840.113549.1.9.16.2.14"".verify.signerInfo[j].cert.serialNumber") certIssuerCN = json.StringOf("pkcs7.verify.signerInfo[i].unauthAttr.""1.2.840.113549.1.9.16.2.14"".verify.signerInfo[j].cert.issuerCN") certIssuerDN = json.StringOf("pkcs7.verify.signerInfo[i].unauthAttr.""1.2.840.113549.1.9.16.2.14"".verify.signerInfo[j].cert.issuerDN") certDigestAlgOid = json.StringOf("pkcs7.verify.signerInfo[i].unauthAttr.""1.2.840.113549.1.9.16.2.14"".verify.signerInfo[j].cert.digestAlgOid") certDigestAlgName = json.StringOf("pkcs7.verify.signerInfo[i].unauthAttr.""1.2.840.113549.1.9.16.2.14"".verify.signerInfo[j].cert.digestAlgName") contentType = json.StringOf("pkcs7.verify.signerInfo[i].unauthAttr.""1.2.840.113549.1.9.16.2.14"".verify.signerInfo[j].contentType") messageDigest = json.StringOf("pkcs7.verify.signerInfo[i].unauthAttr.""1.2.840.113549.1.9.16.2.14"".verify.signerInfo[j].messageDigest") signingAlgOid = json.StringOf("pkcs7.verify.signerInfo[i].unauthAttr.""1.2.840.113549.1.9.16.2.14"".verify.signerInfo[j].signingAlgOid") signingAlgName = json.StringOf("pkcs7.verify.signerInfo[i].unauthAttr.""1.2.840.113549.1.9.16.2.14"".verify.signerInfo[j].signingAlgName") authAttrContentTypeName = json.StringOf("pkcs7.verify.signerInfo[i].unauthAttr.""1.2.840.113549.1.9.16.2.14"".verify.signerInfo[j].authAttr.""1.2.840.113549.1.9.3"".name") authAttrContentTypeOid = json.StringOf("pkcs7.verify.signerInfo[i].unauthAttr.""1.2.840.113549.1.9.16.2.14"".verify.signerInfo[j].authAttr.""1.2.840.113549.1.9.3"".oid") authAttrMessageDigestName = json.StringOf("pkcs7.verify.signerInfo[i].unauthAttr.""1.2.840.113549.1.9.16.2.14"".verify.signerInfo[j].authAttr.""1.2.840.113549.1.9.4"".name") authAttrMessageDigestDigest = json.StringOf("pkcs7.verify.signerInfo[i].unauthAttr.""1.2.840.113549.1.9.16.2.14"".verify.signerInfo[j].authAttr.""1.2.840.113549.1.9.4"".digest") authAttrSigningCertificateV2Name = json.StringOf("pkcs7.verify.signerInfo[i].unauthAttr.""1.2.840.113549.1.9.16.2.14"".verify.signerInfo[j].authAttr.""1.2.840.113549.1.9.16.2.47"".name") authAttrSigningCertificateV2Der = json.StringOf("pkcs7.verify.signerInfo[i].unauthAttr.""1.2.840.113549.1.9.16.2.14"".verify.signerInfo[j].authAttr.""1.2.840.113549.1.9.16.2.47"".der") j = j + 1 Loop End If i = i + 1 Loop If (success <> 1) Then outFile.WriteLine(crypt.LastErrorText) outFile.WriteLine("CAdES-T verification failed.") Else outFile.WriteLine("CAdES-T signature is valid.") End If outFile.Close |
© 2000-2024 Chilkat Software, Inc. All Rights Reserved.