Sample code for 30+ languages & platforms
Delphi DLL

Get PDF DSS (Document Security Store)

See more PDF Signatures Examples

This example demonstrates how to extract the information from a PDF's DSS (Document Security Store), if a /DSS exists. (Just because a PDF is signed does not mean a /DSS will exists. In fact, the /DSS is typically created at the point of adding the 2nd or greater signature because the /DSS contains LTV (long term validation) information about the previous signature at the time of adding an additional signature.)

Note: This example requires Chilkat v9.5.0.85 or greater.

Chilkat Delphi DLL Downloads

Delphi DLL
uses
    Winapi.Windows, Winapi.Messages, System.SysUtils, System.Variants, System.Classes, Vcl.Graphics,
    Vcl.Controls, Vcl.Forms, Vcl.Dialogs, Vcl.StdCtrls, DtObj, Pdf, JsonObject;

...

procedure TForm1.Button1Click(Sender: TObject);
var
success: Boolean;
pdf: HCkPdf;
json: HCkJsonObject;
responseDateTime: HCkDtObj;
thisUpdate: HCkDtObj;
nextUpdate: HCkDtObj;
serial: PWideChar;
validFrom: PWideChar;
validTo: PWideChar;
expired: Boolean;
subjectCN: PWideChar;
subjectO: PWideChar;
issuerCN: PWideChar;
issuerO: PWideChar;
keyType: PWideChar;
keySize: PWideChar;
der: PWideChar;
subjectOU: PWideChar;
subjectC: PWideChar;
issuerOU: PWideChar;
issuerC: PWideChar;
responseStatus: Integer;
responseTypeOid: PWideChar;
responseTypeName: PWideChar;
responseResponderIdChoice: PWideChar;
responseResponderKeyHash: PWideChar;
j: Integer;
count_j: Integer;
hashOid: PWideChar;
hashAlg: PWideChar;
issuerNameHash: PWideChar;
issuerKeyHash: PWideChar;
serialNumber: PWideChar;
status: Integer;
i: Integer;
count_i: Integer;

begin
success := False;

// This example requires the Chilkat API to have been previously unlocked.
// See Global Unlock Sample for sample code.

pdf := CkPdf_Create();

success := CkPdf_LoadFile(pdf,'qa_data/pdf/sign_testing_1/helloSigned2.pdf');
if (success = False) then
  begin
    Memo1.Lines.Add(CkPdf__lastErrorText(pdf));
    Exit;
  end;

json := CkJsonObject_Create();
CkJsonObject_putEmitCompact(json,False);

success := CkPdf_GetDss(pdf,json);
Memo1.Lines.Add(CkJsonObject__emit(json));

// The document security store contains certificates, OCSP responses, and CRLs.
// The following JSON is a sample of what the /DSS can contain.
// Unfortunately, our sample contains /Certs and /OCSPs, but no /CRLs.
// It's no problem because whatever JSON you get back, you can use the
// following online tool to generate code to parse.
// Generate Parsing Code from JSON

// The code generated by the online tool for this JSON is shown below..

// {
//   "/VRI": {
//     "/EC5BB34CC1F8A0C5FE674427E16E313A08C80808": {}
//   },
//   "/Certs": [
//     {
//       "serial": "02",
//       "validFrom": "2011-08-07T19:00:00-05:00",
//       "validTo": "2021-08-10T23:59:59-05:00",
//       "expired": false,
//       "subject": {
//         "CN": "XYZ Corporation",
//         "O": "XYZ"
//       },
//       "issuer": {
//         "CN": "XYZ Corporation",
//         "O": "XYZ"
//       },
//       "keyType": "RSA",
//       "keySize": "2048",
//       "der": "MIIDz...Q4Zt"
//     },
//     {
//       "serial": "01",
//       "validFrom": "2011-08-07T19:00:00-05:00",
//       "validTo": "2021-08-10T23:59:59-05:00",
//       "expired": false,
//       "subject": {
//         "CN": "XYZ Corporation",
//         "O": "XYZ"
//       },
//       "issuer": {
//         "CN": "XYZ Corporation",
//         "O": "XYZ"
//       },
//       "keyType": "RSA",
//       "keySize": "2048",
//       "der": "MIID...jXYFc="
//     },
//     {
//       "serial": "0AA125D6D6321B7E41E405DA3697C215",
//       "validFrom": "2016-01-07T06:00:00-06:00",
//       "validTo": "2031-01-07T12:00:00-06:00",
//       "expired": false,
//       "subject": {
//         "CN": "DigiCert SHA2 Assured ID Timestamping CA",
//         "OU": "www.digicert.com",
//         "O": "DigiCert Inc",
//         "C": "US"
//       },
//       "issuer": {
//         "CN": "DigiCert Assured ID Root CA",
//         "OU": "www.digicert.com",
//         "O": "DigiCert Inc",
//         "C": "US"
//       },
//       "keyType": "RSA",
//       "keySize": "2048",
//       "der": "MIIF...OUg=="
//     },
//     {
//       "serial": "04CD3F8568AE76C61BB0FE7160CCA76D",
//       "validFrom": "2019-09-30T19:00:00-05:00",
//       "validTo": "2030-10-17T00:00:00-05:00",
//       "expired": false,
//       "subject": {
//         "CN": "TIMESTAMP-SHA256-2019-10-15",
//         "O": "DigiCert, Inc.",
//         "C": "US"
//       },
//       "issuer": {
//         "CN": "DigiCert SHA2 Assured ID Timestamping CA",
//         "OU": "www.digicert.com",
//         "O": "DigiCert Inc",
//         "C": "US"
//       },
//       "keyType": "RSA",
//       "keySize": "2048",
//       "der": "MIIG...MJtPc="
//     },
//     {
//       "serial": "0CE7E0E517D846FE8FE560FC1BF03039",
//       "validFrom": "2006-11-09T18:00:00-06:00",
//       "validTo": "2031-11-10T00:00:00-06:00",
//       "expired": false,
//       "subject": {
//         "CN": "DigiCert Assured ID Root CA",
//         "OU": "www.digicert.com",
//         "O": "DigiCert Inc",
//         "C": "US"
//       },
//       "issuer": {
//         "CN": "DigiCert Assured ID Root CA",
//         "OU": "www.digicert.com",
//         "O": "DigiCert Inc",
//         "C": "US"
//       },
//       "keyType": "RSA",
//       "keySize": "2048",
//       "der": "MIIDt...FL6Lw8g=="
//     },
//     {
//       "serial": "E4D34D01798BE686424AF7F6F0C3BF41",
//       "validFrom": "2015-03-24T10:58:16-05:00",
//       "validTo": "2039-12-31T23:59:59-06:00",
//       "expired": false,
//       "subject": {
//         "CN": "www.xyz.com"
//       },
//       "issuer": {
//         "CN": "www.xyz.com"
//       },
//       "keyType": "RSA",
//       "keySize": "1024",
//       "der": "MIIB9DCCAWG...UR10lz"
//     }
//   ],
//   "/OCSPs": [
//     {
//       "responseStatus": 0,
//       "responseTypeOid": "1.3.6.1.5.5.7.48.1.1",
//       "responseTypeName": "ocspBasic",
//       "response": {
//         "responderIdChoice": "KeyHash",
//         "responderKeyHash": "Reuir/SSy4IxLVGLp6chnfNtyA8=",
//         "dateTime": "20201005173921Z",
//         "cert": [
//           {
//             "hashOid": "1.3.14.3.2.26",
//             "hashAlg": "SHA-1",
//             "issuerNameHash": "98S+C0C1w0QzPT+uuU1uONr67FE=",
//             "issuerKeyHash": "Reuir/SSy4IxLVGLp6chnfNtyA8=",
//             "serialNumber": "0AA125D6D6321B7E41E405DA3697C215",
//             "status": 0,
//             "thisUpdate": "20201005173921Z",
//             "nextUpdate": "20201012173921Z"
//           }
//         ]
//       }
//     },
//     {
//       "responseStatus": 0,
//       "responseTypeOid": "1.3.6.1.5.5.7.48.1.1",
//       "responseTypeName": "ocspBasic",
//       "response": {
//         "responderIdChoice": "KeyHash",
//         "responderKeyHash": "9LbhIB3+Ka7S5GGlsqIlssgXNW4=",
//         "dateTime": "20201006114501Z",
//         "cert": [
//           {
//             "hashOid": "1.3.14.3.2.26",
//             "hashAlg": "SHA-1",
//             "issuerNameHash": "+YYA+KSr7NIxRSxCjUNQo25SyD0=",
//             "issuerKeyHash": "9LbhIB3+Ka7S5GGlsqIlssgXNW4=",
//             "serialNumber": "04CD3F8568AE76C61BB0FE7160CCA76D",
//             "status": 0,
//             "thisUpdate": "20201006114501Z",
//             "nextUpdate": "20201013110001Z"
//           }
//         ]
//       }
//     }
//   ]
// }

responseDateTime := CkDtObj_Create();
thisUpdate := CkDtObj_Create();
nextUpdate := CkDtObj_Create();

i := 0;
count_i := CkJsonObject_SizeOfArray(json,'/Certs');
while i < count_i do
  begin
    CkJsonObject_putI(json,i);
    serial := CkJsonObject__stringOf(json,'/Certs[i].serial');
    validFrom := CkJsonObject__stringOf(json,'/Certs[i].validFrom');
    validTo := CkJsonObject__stringOf(json,'/Certs[i].validTo');
    expired := CkJsonObject_BoolOf(json,'/Certs[i].expired');
    subjectCN := CkJsonObject__stringOf(json,'/Certs[i].subject.CN');
    subjectO := CkJsonObject__stringOf(json,'/Certs[i].subject.O');
    issuerCN := CkJsonObject__stringOf(json,'/Certs[i].issuer.CN');
    issuerO := CkJsonObject__stringOf(json,'/Certs[i].issuer.O');
    keyType := CkJsonObject__stringOf(json,'/Certs[i].keyType');
    keySize := CkJsonObject__stringOf(json,'/Certs[i].keySize');
    der := CkJsonObject__stringOf(json,'/Certs[i].der');
    subjectOU := CkJsonObject__stringOf(json,'/Certs[i].subject.OU');
    subjectC := CkJsonObject__stringOf(json,'/Certs[i].subject.C');
    issuerOU := CkJsonObject__stringOf(json,'/Certs[i].issuer.OU');
    issuerC := CkJsonObject__stringOf(json,'/Certs[i].issuer.C');
    i := i + 1;
  end;

i := 0;
count_i := CkJsonObject_SizeOfArray(json,'/OCSPs');
while i < count_i do
  begin
    CkJsonObject_putI(json,i);
    responseStatus := CkJsonObject_IntOf(json,'/OCSPs[i].responseStatus');
    responseTypeOid := CkJsonObject__stringOf(json,'/OCSPs[i].responseTypeOid');
    responseTypeName := CkJsonObject__stringOf(json,'/OCSPs[i].responseTypeName');
    responseResponderIdChoice := CkJsonObject__stringOf(json,'/OCSPs[i].response.responderIdChoice');
    responseResponderKeyHash := CkJsonObject__stringOf(json,'/OCSPs[i].response.responderKeyHash');
    CkJsonObject_DtOf(json,'/OCSPs[i].response.dateTime',False,responseDateTime);
    j := 0;
    count_j := CkJsonObject_SizeOfArray(json,'/OCSPs[i].response.cert');
    while j < count_j do
      begin
        CkJsonObject_putJ(json,j);
        hashOid := CkJsonObject__stringOf(json,'/OCSPs[i].response.cert[j].hashOid');
        hashAlg := CkJsonObject__stringOf(json,'/OCSPs[i].response.cert[j].hashAlg');
        issuerNameHash := CkJsonObject__stringOf(json,'/OCSPs[i].response.cert[j].issuerNameHash');
        issuerKeyHash := CkJsonObject__stringOf(json,'/OCSPs[i].response.cert[j].issuerKeyHash');
        serialNumber := CkJsonObject__stringOf(json,'/OCSPs[i].response.cert[j].serialNumber');
        status := CkJsonObject_IntOf(json,'/OCSPs[i].response.cert[j].status');
        CkJsonObject_DtOf(json,'/OCSPs[i].response.cert[j].thisUpdate',False,thisUpdate);
        CkJsonObject_DtOf(json,'/OCSPs[i].response.cert[j].nextUpdate',False,nextUpdate);
        j := j + 1;
      end;

    i := i + 1;
  end;

CkPdf_Dispose(pdf);
CkJsonObject_Dispose(json);
CkDtObj_Dispose(responseDateTime);
CkDtObj_Dispose(thisUpdate);
CkDtObj_Dispose(nextUpdate);

end;