Chilkat HOME .NET Core C# Android™ AutoIt C C# C++ Chilkat2-Python CkPython Classic ASP DataFlex Delphi ActiveX Delphi DLL Go Java Lianja Mono C# Node.js Objective-C PHP ActiveX PHP Extension Perl PowerBuilder PowerShell PureBasic Ruby SQL Server Swift 2 Swift 3,4,5... Tcl Unicode C Unicode C++ VB.NET VBScript Visual Basic 6.0 Visual FoxPro Xojo Plugin
(SQL Server) Verify Opaque Signature and Retrieve Signing CertificatesDemonstrates how to verify a PCKS7 opaque digital signature (signed data), extract the original file/data, and then extract the certificate(s) that were used to sign.
// Important: See this note about string length limitations for strings returned by sp_OAMethod calls. // CREATE PROCEDURE ChilkatSample AS BEGIN DECLARE @hr int DECLARE @sTmp0 nvarchar(4000) -- This example assumes the Chilkat API to have been previously unlocked. -- See Global Unlock Sample for sample code. DECLARE @crypt int EXEC @hr = sp_OACreate 'Chilkat_9_5_0.Crypt2', @crypt OUT IF @hr <> 0 BEGIN PRINT 'Failed to create ActiveX component' RETURN END -- Verify a PKCS7 signed-data (opaque signature) file and extract the original content to a file. DECLARE @success int EXEC sp_OAMethod @crypt, 'VerifyP7M', @success OUT, 'qa_data/p7m/opaqueSig.p7', 'qa_output/originalData.dat' IF @success <> 1 BEGIN EXEC sp_OAGetProperty @crypt, 'LastErrorText', @sTmp0 OUT PRINT @sTmp0 EXEC @hr = sp_OADestroy @crypt RETURN END -- Alternatively, we can do it in memory... DECLARE @binData int EXEC @hr = sp_OACreate 'Chilkat_9_5_0.BinData', @binData OUT EXEC sp_OAMethod @binData, 'LoadFile', @success OUT, 'qa_data/p7m/opaqueSig.p7' -- Your app should check for success, but we'll skip the check for brevity.. -- If verified, the signature is unwrapped and binData is replaced with the original data that was signed. EXEC sp_OAMethod @crypt, 'OpaqueVerifyBd', @success OUT, @binData IF @success <> 1 BEGIN EXEC sp_OAGetProperty @crypt, 'LastErrorText', @sTmp0 OUT PRINT @sTmp0 EXEC @hr = sp_OADestroy @crypt EXEC @hr = sp_OADestroy @binData RETURN END -- For our testing, we signed some text, so we can get it from the binData.. PRINT 'Original Data:' EXEC sp_OAMethod @binData, 'GetString', @sTmp0 OUT, 'utf-8' PRINT @sTmp0 -- After any method call that verifies a signature, the crypt object will contain the certificate(s) -- that were used for signing (assuming the X.509 certs were available in the signature, which is typically the case). -- Get the number of signing certificates, and get each.. DECLARE @numCerts int EXEC sp_OAGetProperty @crypt, 'NumSignerCerts', @numCerts OUT DECLARE @i int SELECT @i = 0 WHILE @i < @numCerts BEGIN DECLARE @cert int EXEC sp_OAMethod @crypt, 'GetSignerCert', @cert OUT, @i EXEC sp_OAGetProperty @cert, 'SubjectDN', @sTmp0 OUT PRINT @sTmp0 EXEC @hr = sp_OADestroy @cert SELECT @i = @i + 1 END -- We could also get the complete certificate chain of each signer cert, -- assuming the certs in the chain of authentication to the trusted root -- are available on the system, or provided to Chilkat by some other means -- (such as via the XmlCertVault class, the TrustedRoots class, etc.) SELECT @i = 0 WHILE @i < @numCerts BEGIN DECLARE @certChain int EXEC sp_OAMethod @crypt, 'GetSignerCertChain', @certChain OUT, @i -- You can examine the various properties and methods for certChain in the online -- reference documentation... EXEC @hr = sp_OADestroy @certChain SELECT @i = @i + 1 END EXEC @hr = sp_OADestroy @crypt EXEC @hr = sp_OADestroy @binData END GO |
© 2000-2024 Chilkat Software, Inc. All Rights Reserved.