|
Chilkat • HOME • .NET Core C# • Android™ • AutoIt • C • C# • C++ • Chilkat2-Python • CkPython • Classic ASP • DataFlex • Delphi ActiveX • Delphi DLL • Go • Java • Lianja • Mono C# • Node.js • Objective-C • PHP ActiveX • PHP Extension • Perl • PowerBuilder • PowerShell • PureBasic • Ruby • SQL Server • Swift 2 • Swift 3,4,5... • Tcl • Unicode C • Unicode C++ • VB.NET • VBScript • Visual Basic 6.0 • Visual FoxPro • Xojo Plugin
(SQL Server) Validate a .pkpass ArchiveOpens a .pkpass archive (which is just a .zip renamed to .pkpass) and validates the contents. The hashes in the manifest are compared with the computed hash values for each individual file. If all computed hash values match, then the signature is verified.
// Important: See this note about string length limitations for strings returned by sp_OAMethod calls. // CREATE PROCEDURE ChilkatSample AS BEGIN DECLARE @hr int DECLARE @iTmp0 int DECLARE @sTmp0 nvarchar(4000) -- This example assumes the Chilkat API to have been previously unlocked. -- See Global Unlock Sample for sample code. DECLARE @crypt int EXEC @hr = sp_OACreate 'Chilkat_9_5_0.Crypt2', @crypt OUT IF @hr <> 0 BEGIN PRINT 'Failed to create ActiveX component' RETURN END DECLARE @zip int EXEC @hr = sp_OACreate 'Chilkat_9_5_0.Zip', @zip OUT DECLARE @success int EXEC sp_OAMethod @zip, 'OpenZip', @success OUT, 'qa_data/pkpass/invalid.pkpass' IF @success = 0 BEGIN EXEC sp_OAGetProperty @zip, 'LastErrorText', @sTmp0 OUT PRINT @sTmp0 EXEC @hr = sp_OADestroy @crypt EXEC @hr = sp_OADestroy @zip RETURN END -- Get the contents of the manifest.json file, which contains something like this: -- { -- "icon.png" : "0296b01347b3173e98438a003b0e88986340b2d8", -- "logo.png" : "25de09e2d3b01ce1fe00c2ca9a90a2be1aaa05cf", -- "icon@2x.png" : "5afd9585b08c65fdf105a90c8bd643407cba2787", -- "pass.json" : "145ea5a5db784fff485126c77ecf7a1fc2a88ee7", -- "strip@2x.png" : "468fa7bc93e6b55342b56fda09bdce7c829d7d46", -- "strip.png" : "736d01f84cb73d06e8a9932e43076d68f19461ff" -- } DECLARE @ent int EXEC sp_OAMethod @zip, 'GetEntryByName', @ent OUT, 'manifest.json' EXEC sp_OAGetProperty @zip, 'LastMethodSuccess', @iTmp0 OUT IF @iTmp0 = 0 BEGIN PRINT 'manifest.json entry not found.' EXEC @hr = sp_OADestroy @crypt EXEC @hr = sp_OADestroy @zip RETURN END -- Get the exact content of the manifest.json for later signature verification. DECLARE @bdManifest int EXEC @hr = sp_OACreate 'Chilkat_9_5_0.BinData', @bdManifest OUT EXEC sp_OAMethod @ent, 'UnzipToBd', @success OUT, @bdManifest DECLARE @json int EXEC @hr = sp_OACreate 'Chilkat_9_5_0.JsonObject', @json OUT EXEC sp_OASetProperty @json, 'EmitCompact', 0 EXEC sp_OAMethod @ent, 'UnzipToString', @sTmp0 OUT, 0, 'utf-8' EXEC sp_OAMethod @json, 'Load', @success OUT, @sTmp0 EXEC sp_OAMethod @json, 'Emit', @sTmp0 OUT PRINT @sTmp0 EXEC @hr = sp_OADestroy @ent -- For each file in the JSON, get the filename and hex hash value. EXEC sp_OASetProperty @crypt, 'EncodingMode', 'hexlower' EXEC sp_OASetProperty @crypt, 'HashAlgorithm', 'sha1' DECLARE @someHashesFailed int SELECT @someHashesFailed = 0 DECLARE @filename nvarchar(4000) DECLARE @sbHashHex int EXEC @hr = sp_OACreate 'Chilkat_9_5_0.StringBuilder', @sbHashHex OUT DECLARE @bdFileData int EXEC @hr = sp_OACreate 'Chilkat_9_5_0.BinData', @bdFileData OUT DECLARE @numMembers int EXEC sp_OAGetProperty @json, 'Size', @numMembers OUT DECLARE @i int SELECT @i = 0 WHILE @i < @numMembers BEGIN EXEC sp_OAMethod @json, 'NameAt', @filename OUT, @i EXEC sp_OAMethod @sbHashHex, 'Clear', NULL EXEC sp_OAMethod @json, 'StringAt', @sTmp0 OUT, @i EXEC sp_OAMethod @sbHashHex, 'Append', @success OUT, @sTmp0 EXEC sp_OAMethod @zip, 'GetEntryByName', @ent OUT, @filename EXEC sp_OAGetProperty @zip, 'LastMethodSuccess', @iTmp0 OUT IF @iTmp0 = 0 BEGIN PRINT @filename + ' not found in the pkpass file.' EXEC @hr = sp_OADestroy @crypt EXEC @hr = sp_OADestroy @zip EXEC @hr = sp_OADestroy @bdManifest EXEC @hr = sp_OADestroy @json EXEC @hr = sp_OADestroy @sbHashHex EXEC @hr = sp_OADestroy @bdFileData RETURN END -- Get the data for this file. EXEC sp_OAMethod @bdFileData, 'Clear', @success OUT EXEC sp_OAMethod @ent, 'UnzipToBd', @success OUT, @bdFileData DECLARE @computedHashHex nvarchar(4000) EXEC sp_OAMethod @crypt, 'HashBdENC', @computedHashHex OUT, @bdFileData EXEC sp_OAMethod @sbHashHex, 'ContentsEqual', @iTmp0 OUT, @computedHashHex, 0 IF @iTmp0 = 0 BEGIN PRINT 'Computed hash does not match stored hash for ' + @filename PRINT ' computed: ' + @computedHashHex EXEC sp_OAMethod @sbHashHex, 'GetAsString', @sTmp0 OUT PRINT ' stored: ' + @sTmp0 SELECT @someHashesFailed = 1 END ELSE BEGIN PRINT 'hash verified for ' + @filename + '(' + @computedHashHex + ')' END EXEC @hr = sp_OADestroy @ent SELECT @i = @i + 1 END IF @someHashesFailed = 1 BEGIN PRINT 'Some hashes failed.' EXEC @hr = sp_OADestroy @crypt EXEC @hr = sp_OADestroy @zip EXEC @hr = sp_OADestroy @bdManifest EXEC @hr = sp_OADestroy @json EXEC @hr = sp_OADestroy @sbHashHex EXEC @hr = sp_OADestroy @bdFileData RETURN END -- Let's verify the signature.. -- First get the signature. EXEC sp_OAMethod @zip, 'GetEntryByName', @ent OUT, 'signature' EXEC sp_OAGetProperty @zip, 'LastMethodSuccess', @iTmp0 OUT IF @iTmp0 = 0 BEGIN PRINT 'signature not found in the pkpass file.' EXEC @hr = sp_OADestroy @crypt EXEC @hr = sp_OADestroy @zip EXEC @hr = sp_OADestroy @bdManifest EXEC @hr = sp_OADestroy @json EXEC @hr = sp_OADestroy @sbHashHex EXEC @hr = sp_OADestroy @bdFileData RETURN END DECLARE @bdSignature int EXEC @hr = sp_OACreate 'Chilkat_9_5_0.BinData', @bdSignature OUT EXEC sp_OAMethod @ent, 'UnzipToBd', @success OUT, @bdSignature EXEC @hr = sp_OADestroy @ent -- Show the contents of the signature in base64 encoding. PRINT 'Signature:' EXEC sp_OAMethod @bdSignature, 'GetEncoded', @sTmp0 OUT, 'base64_mime' PRINT @sTmp0 PRINT '----' -- Verify the signature against the manifest.json EXEC sp_OASetProperty @crypt, 'EncodingMode', 'base64' DECLARE @verified int EXEC sp_OAMethod @bdSignature, 'GetEncoded', @sTmp0 OUT, 'base64' EXEC sp_OAMethod @crypt, 'VerifyBdENC', @verified OUT, @bdManifest, @sTmp0 IF @verified = 0 BEGIN EXEC sp_OAGetProperty @crypt, 'LastErrorText', @sTmp0 OUT PRINT @sTmp0 END PRINT 'signature verified = ' + @verified EXEC @hr = sp_OADestroy @crypt EXEC @hr = sp_OADestroy @zip EXEC @hr = sp_OADestroy @bdManifest EXEC @hr = sp_OADestroy @json EXEC @hr = sp_OADestroy @sbHashHex EXEC @hr = sp_OADestroy @bdFileData EXEC @hr = sp_OADestroy @bdSignature END GO |
||||
© 2000-2024 Chilkat Software, Inc. All Rights Reserved.