Queries a CMS signed-data object file for selected information.
Public Declare Function CMS_QuerySigData Lib "diCrPKI.dll"
(ByVal strDataOut As String, ByVal nDataLen As Long,
ByVal strFileIn As String, ByVal strQuery As String, ByVal nOptions As Long) As Long
nRet = CMS_QuerySigData(strDataOut, nDataLen, strFileIn, strQuery,
nOptions) As Long
long __stdcall CMS_QuerySigData(char *szOutput, long nOutChars, const char *szFileIn, const char *szQuery, long nOptions);
If successful, the return value is a positive integer indicating either the result itself (if the result is a number) or the number of characters in the output string (if the query is looking for a string). If the item queried cannot be found, the return value is zero. If there is an error (e.g. an invalid signed-data file), it returns a negative error code.
Public Function cmsQuerySigData
(szFileIn As String, szQuery As String, Optional nOptions As Long = 0) As String
static std::string dipki::Cms::QuerySigData (const std::string &inputFile, const std::string &query)
static Cms.query_sigdata(cmsfile, query)
This function queries a given SignedData file for selected information.
Only version 1 signed-data objects are fully supported.
The function will attempt to query other versions but may not succeed.
Note that this function does not verify any data, including the messageDigest attribute, it just returns what it finds.
The query string is case-insensitive, so "version"
, "Version"
and "VeRsIoN"
are all valid.
Valid queries are (case-insensitive):
Query String | Returns | Data Type |
---|---|---|
version | signedData version (sdVer ) value | Number |
eContentType | ContentType of the EncapsulatedContentInfo, e.g. "data" | String |
HASeContent | 1 if eContent is present; 0 if not | Number |
CountOfCertificates | Number of certificates in the SignedData | Number |
CountOfSignerInfos | Number of SignerInfos in the SignedData | Number |
CountOfDigestAlgs | Number of DigestAlgorithmIdentifiers in the SignedData [New in v23.0] | Number |
certificate/N | Nth certificate encoded in base64 [New in v23.0] | String |
signerInfoVersion | signerInfo version (siVer ) value | Number |
digestAlgorithm | digestAlgorithm, e.g. "sha1" | String |
signatureAlgorithm | signatureAlgorithm, e.g. "rsaEncryption" | String |
signatureValue | Signature value encoded in hex | String |
HASsignedAttributes | 1 if signedAttributes (authenticatedAttributes) are present; 0 if not | Number |
DigestOfSignedAttrs | Computed digest over signed attributes, if present, using digestAlgorithm | String |
DigestOfeContent | Computed digest over eContent, if present, using digestAlgorithm | String |
signingTime | signingTime attribute in format "2005-12-31 23:30:59" | String |
messageDigest | messageDigest attribute in hexadecimal format, if present | String |
pssParams | Parameters used for RSA-PSS (if applicable). | String |
HASsigningCertificate | 1 if an ESS signingCertificate is present; 0 if not. | Number |
signingCertHash | certHash value of ESS signing certificate, if present, encoded in hex | String |
HASalgorithmProtection | 1 if a cmsAlgorithmProtection attribute is present; 0 if not. | Number |
HASsubjectKeyIdentifier | 1 if signerIdentifier is the CHOICE subjectKeyIdentifier; 0 if issuerAndSerialNumber [New in v23.0] | Number |
signerIdentifier | signerIdentifier value encoded in hex [New in v23.0] | String |
By default, the function queries the first signerInfo in the file.
To query the Nth signerInfo append "/N" to the query string, e.g.
"signerInfoVersion/2"
to find the version number of the second signerInfo in the file.
[New in v23.0] The query "certificate/N"
will output the Nth certificate in the CertificateSet (default N = 1) encoded in base64.
Note that the length of an X.509 certificate is typically several hundred bytes.
The "raw" VBA/C function behaves differently depending on whether the output is a string or a number. If the result data type is a number then it returns the value directly. If the result is a string, then it sets szOutput and returns the number of characters in the string. The required number of characters can be found by passing zero for nOutChars or a null string for szOutput. ANSI C users must add one to this value when allocating memory.
Note that the VBA wrapper function and the C#/VB.NET methods always return a string, which is different from the behaviour of the raw VB6/C function.
To find out the type of data returned for a given query, use the PKI_QUERY_GETTYPE option.
The function will return either PKI_QUERY_NUMBER
(1) or PKI_QUERY_STRING
(2),
or a negative "invalid query" error.
For example
nRet = CMS_QuerySigData("", 0, "", "version", PKI_QUERY_GETTYPE);
will return PKI_QUERY_NUMBER
.
This example queries information from various sample files.
Dim strCMSFile As String Dim nRet As Long Dim strOutput As String ' Pre-dimension output string strOutput = String(64, " ") strCMSFile = "4.6.bin" nRet = CMS_QuerySigData(strOutput, Len(strOutput), strCMSFile, "version", 0) Debug.Print "Version=" & nRet strCMSFile = "4.7.bin" nRet = CMS_QuerySigData(strOutput, Len(strOutput), strCMSFile, "version", 0) Debug.Print "Version=" & nRet nRet = CMS_QuerySigData(strOutput, Len(strOutput), strCMSFile, "signingTime", 0) If nRet > 0 Then Debug.Print "signingTime=" & Left$(strOutput, nRet) Else Debug.Print "ERROR=" & nRet End If strCMSFile = "BasicSignByAlice_attr.bin" nRet = CMS_QuerySigData(strOutput, Len(strOutput), strCMSFile, "signingTime", 0) If nRet > 0 Then Debug.Print "signingTime=" & Left$(strOutput, nRet) Else Debug.Print "ERROR=" & nRet End If
In this example, file 4.6.bin is CMS Version 1, file 4.7.bin is CMS Version 3 with no signingTime attribute (if not present, it returns error code zero), and the file BasicSignByAlice_attr.bin was signed at 7:31 a.m. on 25th February 2006:
Version=1 Version=3 ERROR=0 signingTime=2006-02-25 07:31:01
Dim strCMSFile As String Dim strQuery As String Dim strOutput As String strCMSFile = "4.6.bin" Debug.Print "FILE: " & strCMSFile strQuery = "version" strOutput = cmsQuerySigData(strCMSFile, strQuery) Debug.Print strQuery & " ==> [" & strOutput & "]" strQuery = "digestAlgorithm" strOutput = cmsQuerySigData(strCMSFile, strQuery) Debug.Print strQuery & " ==> [" & strOutput & "]" strCMSFile = "4.7.bin" Debug.Print "FILE: " & strCMSFile strQuery = "version" strOutput = cmsQuerySigData(strCMSFile, strQuery) Debug.Print strQuery & " ==> [" & strOutput & "]" strQuery = "signatureAlgorithm" strOutput = cmsQuerySigData(strCMSFile, strQuery) Debug.Print strQuery & " ==> [" & strOutput & "]" strCMSFile = "BasicSignByAlice_attr.bin" Debug.Print "FILE: " & strCMSFile strQuery = "signingTime" strOutput = cmsQuerySigData(strCMSFile, strQuery) Debug.Print strQuery & " ==> [" & strOutput & "]"
CMS_ReadSigData CMS_GetSigDataDigest