(Delphi DLL) Extract TSTInfo from RFC3161 Timestamp Reply

See more HTTP Examples

Sends an RFC 3161 timestamp request to a TSA (Timestamp Authority) server and converts the timestamp reply to XML, and then extracts the TSTInfo from the XML and converts it to XML.

For more information, see https://www.ietf.org/rfc/rfc3161.txt

Chilkat for Delphi Downloads Chilkat non-ActiveX DLL for Delphi Chilkat ActiveX DLL for Delphi * The examples here use the non-ActiveX DLL.

uses
    Winapi.Windows, Winapi.Messages, System.SysUtils, System.Variants, System.Classes, Vcl.Graphics,
    Vcl.Controls, Vcl.Forms, Vcl.Dialogs, Vcl.StdCtrls, Asn, HttpResponse, Http, BinData, StringBuilder, Xml, Crypt2;

...

procedure TForm1.Button1Click(Sender: TObject);
var
success: Boolean;
crypt: HCkCrypt2;
base64Hash: PWideChar;
http: HCkHttp;
requestToken: HCkBinData;
optionalPolicyOid: PWideChar;
addNonce: Boolean;
requestTsaCert: Boolean;
tsaUrl: PWideChar;
resp: HCkHttpResponse;
timestampReply: HCkBinData;
asn: HCkAsn;
xml: HCkXml;
tstInfoBase64: PWideChar;
bdTstInfo: HCkBinData;
asnTstInfo: HCkAsn;
xmlTstInfo: HCkXml;
sbGenTime: HCkStringBuilder;

begin
// Note: Requires Chilkat v9.5.0.75 or greater.

// This requires the Chilkat API to have been previously unlocked.
// See Global Unlock Sample for sample code.

// First sha-256 hash the data that is to be timestamped.
// In this example, the data is the string "Hello World"

crypt := CkCrypt2_Create();
CkCrypt2_putHashAlgorithm(crypt,'sha256');
CkCrypt2_putEncodingMode(crypt,'base64');
base64Hash := CkCrypt2__hashFileENC(crypt,'qa_data/hamlet.xml');

http := CkHttp_Create();

requestToken := CkBinData_Create();
optionalPolicyOid := '';
addNonce := False;
requestTsaCert := True;

// Create a time-stamp request token
success := CkHttp_CreateTimestampRequest(http,'sha256',base64Hash,optionalPolicyOid,addNonce,requestTsaCert,requestToken);
if (success = False) then
  begin
    Memo1.Lines.Add(CkHttp__lastErrorText(http));
    Exit;
  end;

// Send the time-stamp request token to the TSA.
// This is the equivalent of the following CURL command:
// curl -H "Content-Type: application/timestamp-query" --data-binary '@file.tsq' http://timestamp.digicert.com > file.tsr
tsaUrl := 'http://timestamp.digicert.com';
resp := CkHttp_PBinaryBd(http,'POST',tsaUrl,requestToken,'application/timestamp-query',False,False);
if (CkHttp_getLastMethodSuccess(http) = False) then
  begin
    Memo1.Lines.Add(CkHttp__lastErrorText(http));
    Exit;
  end;

// Get the timestamp reply from the HTTP response object.
timestampReply := CkBinData_Create();
CkHttpResponse_GetBodyBd(resp,timestampReply);
CkHttpResponse_Dispose(resp);

// Convert the binary timestamp reply to XML
asn := CkAsn_Create();
success := CkAsn_LoadBd(asn,timestampReply);
if (success = False) then
  begin
    Memo1.Lines.Add(CkAsn__lastErrorText(asn));
    Exit;
  end;

xml := CkXml_Create();
success := CkXml_LoadXml(xml,CkAsn__asnToXml(asn));

// Extract the TSTInfo from the XML.
// The TSTInfo is this base64 encoded ASN.1 

// TSTInfo ::= SEQUENCE  {
//    version                      INTEGER  { v1(1) },
//    policy                       TSAPolicyId,
//    messageImprint               MessageImprint,
//      -- MUST have the same value as the similar field in
//      -- TimeStampReq
//    serialNumber                 INTEGER,
//     -- Time-Stamping users MUST be ready to accommodate integers
//     -- up to 160 bits.
//    genTime                      GeneralizedTime,
//    accuracy                     Accuracy                 OPTIONAL,
//    ordering                     BOOLEAN             DEFAULT FALSE,
//    nonce                        INTEGER                  OPTIONAL,
//      -- MUST be present if the similar field was present
//      -- in TimeStampReq.  In that case it MUST have the same value.
//    tsa                          [0] GeneralName          OPTIONAL,
//    extensions                   [1] IMPLICIT Extensions   OPTIONAL  }

tstInfoBase64 := CkXml__getChildContent(xml,'sequence[1]|contextSpecific|sequence|sequence|contextSpecific|octets');

bdTstInfo := CkBinData_Create();
CkBinData_AppendEncoded(bdTstInfo,tstInfoBase64,'base64');

asnTstInfo := CkAsn_Create();
success := CkAsn_LoadBd(asnTstInfo,bdTstInfo);
if (success = False) then
  begin
    Memo1.Lines.Add(CkAsn__lastErrorText(asnTstInfo));
    Exit;
  end;

xmlTstInfo := CkXml_Create();
success := CkXml_LoadXml(xmlTstInfo,CkAsn__asnToXml(asnTstInfo));
Memo1.Lines.Add(CkXml__getXml(xmlTstInfo));

// Here's the TSTInfo XML:

// <?xml version="1.0" encoding="utf-8"?>
// <sequence>
//     <int>01</int>
//     <oid>2.16.840.1.114412.7.1</oid>
//     <sequence>
//         <sequence>
//             <oid>2.16.840.1.101.3.4.2.1</oid>
//             <null/>
//         </sequence>
//         <octets>4sRRyWOzC7EOic4fQ9+Op1pa10DbgoBGjBvkq09LZmE=</octets>
//     </sequence>
//     <int>00AD2C86E49872597B60F87D5C54BCFFAE</int>
//     <universal tag="24" constructed="0">MjAyMzAzMTYxMTQ5NTJa</universal>
// </sequence>

//    The genTime (GeneralizedTime) is contained in the final "universal" XML element and is 
//    in base64. It is the time at which the time-stamp token has been created by
//    the TSA. After decoding from base64, it is:
// 
//    The syntax is: YYYYMMDDhhmmss[.s...]Z
//    Example: 19990609001326.34352Z

sbGenTime := CkStringBuilder_Create();
CkStringBuilder_DecodeAndAppend(sbGenTime,CkXml__getChildContent(xmlTstInfo,'universal'),'base64','utf-8');
Memo1.Lines.Add(CkStringBuilder__getAsString(sbGenTime));

// Result:
// 20230316115718Z

CkCrypt2_Dispose(crypt);
CkHttp_Dispose(http);
CkBinData_Dispose(requestToken);
CkBinData_Dispose(timestampReply);
CkAsn_Dispose(asn);
CkXml_Dispose(xml);
CkBinData_Dispose(bdTstInfo);
CkAsn_Dispose(asnTstInfo);
CkXml_Dispose(xmlTstInfo);
CkStringBuilder_Dispose(sbGenTime);

end;