C
C
Get PDF DSS (Document Security Store)
See more PDF Signatures Examples
This example demonstrates how to extract the information from a PDF's DSS (Document Security Store), if a /DSS exists. (Just because a PDF is signed does not mean a /DSS will exists. In fact, the /DSS is typically created at the point of adding the 2nd or greater signature because the /DSS contains LTV (long term validation) information about the previous signature at the time of adding an additional signature.)Note: This example requires Chilkat v9.5.0.85 or greater.
Chilkat C Downloads
#include <C_CkPdf.h>
#include <C_CkJsonObject.h>
#include <C_CkDtObj.h>
void ChilkatSample(void)
{
BOOL success;
HCkPdf pdf;
HCkJsonObject json;
HCkDtObj responseDateTime;
HCkDtObj thisUpdate;
HCkDtObj nextUpdate;
const char *serial;
const char *validFrom;
const char *validTo;
BOOL expired;
const char *subjectCN;
const char *subjectO;
const char *issuerCN;
const char *issuerO;
const char *keyType;
const char *keySize;
const char *der;
const char *subjectOU;
const char *subjectC;
const char *issuerOU;
const char *issuerC;
int responseStatus;
const char *responseTypeOid;
const char *responseTypeName;
const char *responseResponderIdChoice;
const char *responseResponderKeyHash;
int j;
int count_j;
const char *hashOid;
const char *hashAlg;
const char *issuerNameHash;
const char *issuerKeyHash;
const char *serialNumber;
int status;
int i;
int count_i;
success = FALSE;
// This example requires the Chilkat API to have been previously unlocked.
// See Global Unlock Sample for sample code.
pdf = CkPdf_Create();
success = CkPdf_LoadFile(pdf,"qa_data/pdf/sign_testing_1/helloSigned2.pdf");
if (success == FALSE) {
printf("%s\n",CkPdf_lastErrorText(pdf));
CkPdf_Dispose(pdf);
return;
}
json = CkJsonObject_Create();
CkJsonObject_putEmitCompact(json,FALSE);
success = CkPdf_GetDss(pdf,json);
printf("%s\n",CkJsonObject_emit(json));
// The document security store contains certificates, OCSP responses, and CRLs.
// The following JSON is a sample of what the /DSS can contain.
// Unfortunately, our sample contains /Certs and /OCSPs, but no /CRLs.
// It's no problem because whatever JSON you get back, you can use the
// following online tool to generate code to parse.
// Generate Parsing Code from JSON
// The code generated by the online tool for this JSON is shown below..
// {
// "/VRI": {
// "/EC5BB34CC1F8A0C5FE674427E16E313A08C80808": {}
// },
// "/Certs": [
// {
// "serial": "02",
// "validFrom": "2011-08-07T19:00:00-05:00",
// "validTo": "2021-08-10T23:59:59-05:00",
// "expired": false,
// "subject": {
// "CN": "XYZ Corporation",
// "O": "XYZ"
// },
// "issuer": {
// "CN": "XYZ Corporation",
// "O": "XYZ"
// },
// "keyType": "RSA",
// "keySize": "2048",
// "der": "MIIDz...Q4Zt"
// },
// {
// "serial": "01",
// "validFrom": "2011-08-07T19:00:00-05:00",
// "validTo": "2021-08-10T23:59:59-05:00",
// "expired": false,
// "subject": {
// "CN": "XYZ Corporation",
// "O": "XYZ"
// },
// "issuer": {
// "CN": "XYZ Corporation",
// "O": "XYZ"
// },
// "keyType": "RSA",
// "keySize": "2048",
// "der": "MIID...jXYFc="
// },
// {
// "serial": "0AA125D6D6321B7E41E405DA3697C215",
// "validFrom": "2016-01-07T06:00:00-06:00",
// "validTo": "2031-01-07T12:00:00-06:00",
// "expired": false,
// "subject": {
// "CN": "DigiCert SHA2 Assured ID Timestamping CA",
// "OU": "www.digicert.com",
// "O": "DigiCert Inc",
// "C": "US"
// },
// "issuer": {
// "CN": "DigiCert Assured ID Root CA",
// "OU": "www.digicert.com",
// "O": "DigiCert Inc",
// "C": "US"
// },
// "keyType": "RSA",
// "keySize": "2048",
// "der": "MIIF...OUg=="
// },
// {
// "serial": "04CD3F8568AE76C61BB0FE7160CCA76D",
// "validFrom": "2019-09-30T19:00:00-05:00",
// "validTo": "2030-10-17T00:00:00-05:00",
// "expired": false,
// "subject": {
// "CN": "TIMESTAMP-SHA256-2019-10-15",
// "O": "DigiCert, Inc.",
// "C": "US"
// },
// "issuer": {
// "CN": "DigiCert SHA2 Assured ID Timestamping CA",
// "OU": "www.digicert.com",
// "O": "DigiCert Inc",
// "C": "US"
// },
// "keyType": "RSA",
// "keySize": "2048",
// "der": "MIIG...MJtPc="
// },
// {
// "serial": "0CE7E0E517D846FE8FE560FC1BF03039",
// "validFrom": "2006-11-09T18:00:00-06:00",
// "validTo": "2031-11-10T00:00:00-06:00",
// "expired": false,
// "subject": {
// "CN": "DigiCert Assured ID Root CA",
// "OU": "www.digicert.com",
// "O": "DigiCert Inc",
// "C": "US"
// },
// "issuer": {
// "CN": "DigiCert Assured ID Root CA",
// "OU": "www.digicert.com",
// "O": "DigiCert Inc",
// "C": "US"
// },
// "keyType": "RSA",
// "keySize": "2048",
// "der": "MIIDt...FL6Lw8g=="
// },
// {
// "serial": "E4D34D01798BE686424AF7F6F0C3BF41",
// "validFrom": "2015-03-24T10:58:16-05:00",
// "validTo": "2039-12-31T23:59:59-06:00",
// "expired": false,
// "subject": {
// "CN": "www.xyz.com"
// },
// "issuer": {
// "CN": "www.xyz.com"
// },
// "keyType": "RSA",
// "keySize": "1024",
// "der": "MIIB9DCCAWG...UR10lz"
// }
// ],
// "/OCSPs": [
// {
// "responseStatus": 0,
// "responseTypeOid": "1.3.6.1.5.5.7.48.1.1",
// "responseTypeName": "ocspBasic",
// "response": {
// "responderIdChoice": "KeyHash",
// "responderKeyHash": "Reuir/SSy4IxLVGLp6chnfNtyA8=",
// "dateTime": "20201005173921Z",
// "cert": [
// {
// "hashOid": "1.3.14.3.2.26",
// "hashAlg": "SHA-1",
// "issuerNameHash": "98S+C0C1w0QzPT+uuU1uONr67FE=",
// "issuerKeyHash": "Reuir/SSy4IxLVGLp6chnfNtyA8=",
// "serialNumber": "0AA125D6D6321B7E41E405DA3697C215",
// "status": 0,
// "thisUpdate": "20201005173921Z",
// "nextUpdate": "20201012173921Z"
// }
// ]
// }
// },
// {
// "responseStatus": 0,
// "responseTypeOid": "1.3.6.1.5.5.7.48.1.1",
// "responseTypeName": "ocspBasic",
// "response": {
// "responderIdChoice": "KeyHash",
// "responderKeyHash": "9LbhIB3+Ka7S5GGlsqIlssgXNW4=",
// "dateTime": "20201006114501Z",
// "cert": [
// {
// "hashOid": "1.3.14.3.2.26",
// "hashAlg": "SHA-1",
// "issuerNameHash": "+YYA+KSr7NIxRSxCjUNQo25SyD0=",
// "issuerKeyHash": "9LbhIB3+Ka7S5GGlsqIlssgXNW4=",
// "serialNumber": "04CD3F8568AE76C61BB0FE7160CCA76D",
// "status": 0,
// "thisUpdate": "20201006114501Z",
// "nextUpdate": "20201013110001Z"
// }
// ]
// }
// }
// ]
// }
// Chilkat functions returning "const char *" return a pointer to temporary internal memory owned and managed by Chilkat.
// See this example explaining how this memory should be used: const char * functions.
responseDateTime = CkDtObj_Create();
thisUpdate = CkDtObj_Create();
nextUpdate = CkDtObj_Create();
i = 0;
count_i = CkJsonObject_SizeOfArray(json,"/Certs");
while (i < count_i) {
CkJsonObject_putI(json,i);
serial = CkJsonObject_stringOf(json,"/Certs[i].serial");
validFrom = CkJsonObject_stringOf(json,"/Certs[i].validFrom");
validTo = CkJsonObject_stringOf(json,"/Certs[i].validTo");
expired = CkJsonObject_BoolOf(json,"/Certs[i].expired");
subjectCN = CkJsonObject_stringOf(json,"/Certs[i].subject.CN");
subjectO = CkJsonObject_stringOf(json,"/Certs[i].subject.O");
issuerCN = CkJsonObject_stringOf(json,"/Certs[i].issuer.CN");
issuerO = CkJsonObject_stringOf(json,"/Certs[i].issuer.O");
keyType = CkJsonObject_stringOf(json,"/Certs[i].keyType");
keySize = CkJsonObject_stringOf(json,"/Certs[i].keySize");
der = CkJsonObject_stringOf(json,"/Certs[i].der");
subjectOU = CkJsonObject_stringOf(json,"/Certs[i].subject.OU");
subjectC = CkJsonObject_stringOf(json,"/Certs[i].subject.C");
issuerOU = CkJsonObject_stringOf(json,"/Certs[i].issuer.OU");
issuerC = CkJsonObject_stringOf(json,"/Certs[i].issuer.C");
i = i + 1;
}
i = 0;
count_i = CkJsonObject_SizeOfArray(json,"/OCSPs");
while (i < count_i) {
CkJsonObject_putI(json,i);
responseStatus = CkJsonObject_IntOf(json,"/OCSPs[i].responseStatus");
responseTypeOid = CkJsonObject_stringOf(json,"/OCSPs[i].responseTypeOid");
responseTypeName = CkJsonObject_stringOf(json,"/OCSPs[i].responseTypeName");
responseResponderIdChoice = CkJsonObject_stringOf(json,"/OCSPs[i].response.responderIdChoice");
responseResponderKeyHash = CkJsonObject_stringOf(json,"/OCSPs[i].response.responderKeyHash");
CkJsonObject_DtOf(json,"/OCSPs[i].response.dateTime",FALSE,responseDateTime);
j = 0;
count_j = CkJsonObject_SizeOfArray(json,"/OCSPs[i].response.cert");
while (j < count_j) {
CkJsonObject_putJ(json,j);
hashOid = CkJsonObject_stringOf(json,"/OCSPs[i].response.cert[j].hashOid");
hashAlg = CkJsonObject_stringOf(json,"/OCSPs[i].response.cert[j].hashAlg");
issuerNameHash = CkJsonObject_stringOf(json,"/OCSPs[i].response.cert[j].issuerNameHash");
issuerKeyHash = CkJsonObject_stringOf(json,"/OCSPs[i].response.cert[j].issuerKeyHash");
serialNumber = CkJsonObject_stringOf(json,"/OCSPs[i].response.cert[j].serialNumber");
status = CkJsonObject_IntOf(json,"/OCSPs[i].response.cert[j].status");
CkJsonObject_DtOf(json,"/OCSPs[i].response.cert[j].thisUpdate",FALSE,thisUpdate);
CkJsonObject_DtOf(json,"/OCSPs[i].response.cert[j].nextUpdate",FALSE,nextUpdate);
j = j + 1;
}
i = i + 1;
}
CkPdf_Dispose(pdf);
CkJsonObject_Dispose(json);
CkDtObj_Dispose(responseDateTime);
CkDtObj_Dispose(thisUpdate);
CkDtObj_Dispose(nextUpdate);
}