Sample code for 30+ languages & platforms
Delphi DLL

Get Certificate Authority Information Access

See more Certificates Examples

Demonstrates how to get a certificate's Authority Information Access extension data (if it exists).

Note: This example requires Chilkat v9.5.0.76 or greater.

Chilkat Delphi DLL Downloads

Delphi DLL
uses
    Winapi.Windows, Winapi.Messages, System.SysUtils, System.Variants, System.Classes, Vcl.Graphics,
    Vcl.Controls, Vcl.Forms, Vcl.Dialogs, Vcl.StdCtrls, StringBuilder, Xml, Cert;

...

procedure TForm1.Button1Click(Sender: TObject);
var
success: Boolean;
cert: HCkCert;
extensionXmlStr: PWideChar;
xml: HCkXml;
sbOcsp: HCkStringBuilder;
sbIssuer: HCkStringBuilder;

begin
success := False;

cert := CkCert_Create();

success := CkCert_LoadFromFile(cert,'qa_data/certs/test_haswdt.cer');
if (success <> True) then
  begin
    Memo1.Lines.Add(CkCert__lastErrorText(cert));
    Exit;
  end;

// Get the Authority Information Access extension, which is at OID 1.3.6.1.5.5.7.1.1
extensionXmlStr := CkCert__getExtensionAsXml(cert,'1.3.6.1.5.5.7.1.1');
if (CkCert_getLastMethodSuccess(cert) = False) then
  begin
    Memo1.Lines.Add('Certificate does not have the AuthInfoAccess extension.');
    Exit;
  end;

xml := CkXml_Create();
CkXml_LoadXml(xml,extensionXmlStr);

// See what we have..
Memo1.Lines.Add(CkXml__getXml(xml));

// We should get XML like this:

// <?xml version="1.0" encoding="utf-8" ?>
// <sequence>
//     <sequence>
//         <oid>1.3.6.1.5.5.7.48.2</oid>
//         <contextSpecific tag="6" constructed="0">aHR0cDovL2NydC5jb21vZG9jYS5jb20vQ09NT0RPUlNBQ2xpZW50QXV0aGVudGljYXRpb25hbmRTZWN1
// cmVFbWFpbENBLmNydA==</contextSpecific>
//     </sequence>
//     <sequence>
//         <oid>1.3.6.1.5.5.7.48.1</oid>
//         <contextSpecific tag="6" constructed="0">aHR0cDovL29jc3AuY29tb2RvY2EuY29t</contextSpecific>
//     </sequence>
// </sequence>

// Typically, a certificate AIA(Authority Information access) contains 2 parts:
// 
//     On-line Certificate Status Protocol (1.3.6.1.5.5.7.48.1)
//     Certification Authority Issuer (1.3.6.1.5.5.7.48.2)
// 
// The base64 content for each OID (in this case) is just a string.  
// The data can be accessed and decoded like this:

sbOcsp := CkStringBuilder_Create();
success := CkXml_GetChildContentSb(xml,'/C/oid,1.3.6.1.5.5.7.48.1|++',sbOcsp);
if (success = True) then
  begin
    CkStringBuilder_Decode(sbOcsp,'base64','utf-8');
    Memo1.Lines.Add('1.3.6.1.5.5.7.48.1:  ' + CkStringBuilder__getAsString(sbOcsp));
  end;

sbIssuer := CkStringBuilder_Create();
success := CkXml_GetChildContentSb(xml,'/C/oid,1.3.6.1.5.5.7.48.2|++',sbIssuer);
if (success = True) then
  begin
    CkStringBuilder_Decode(sbIssuer,'base64','utf-8');
    Memo1.Lines.Add('1.3.6.1.5.5.7.48.2:  ' + CkStringBuilder__getAsString(sbIssuer));
  end;

// The output looks like this:

// 1.3.6.1.5.5.7.48.1:  http://ocsp.comodoca.com
// 1.3.6.1.5.5.7.48.2:  http://crt.comodoca.com/COMODORSAClientAuthenticationandSecureEmailCA.crt

// -------------------------------------------------------------------------------
// Note: The Chilkat path passed to GetChildContentSb is composed of two commands:
// The first command is "/C/oid,1.3.6.1.5.5.7.48.1".   It says "traverse the XML tree from the caller
// node and stop at the 1st node having tag = "oid" and content = "1.3.6.1.5.5.7.48.1".
// The "|" char separates the 1st command from the 2nd.
// The 2nd command is "++" and says "move to the next sibling".

CkCert_Dispose(cert);
CkXml_Dispose(xml);
CkStringBuilder_Dispose(sbOcsp);
CkStringBuilder_Dispose(sbIssuer);

end;