Sample code for 30+ languages & platforms
AutoIt

RFC3161 Timestamp Client - Fetch from Timestamp Authority (TSA) and Verify

See more HTTP Examples

Sends an RFC 3161 timestamp request to a TSA (Timestamp Authority) server and validates the timestamp token response.

Chilkat AutoIt Downloads

AutoIt
Local $bSuccess = False

; This requires the Chilkat API to have been previously unlocked.
; See Global Unlock Sample for sample code.

; First sha-256 hash the data that is to be timestamped.
; In this example, the data is the string "Hello World"

$oCrypt = ObjCreate("Chilkat.Crypt2")
$oCrypt.HashAlgorithm = "sha256"
$oCrypt.EncodingMode = "base64"
Local $sBase64Hash = $oCrypt.HashStringENC("Hello World")

$oHttp = ObjCreate("Chilkat.Http")

$oRequestToken = ObjCreate("Chilkat.BinData")
Local $sOptionalPolicyOid = ""
Local $bAddNonce = False
Local $bRequestTsaCert = True

; Create a time-stamp request token
$bSuccess = $oHttp.CreateTimestampRequest("sha256",$sBase64Hash,$sOptionalPolicyOid,$bAddNonce,$bRequestTsaCert,$oRequestToken)
If ($bSuccess = False) Then
    ConsoleWrite($oHttp.LastErrorText & @CRLF)
    Exit
EndIf

; Send the time-stamp request token to the TSA.
; This is the equivalent of the following CURL command:
; curl -H "Content-Type: application/timestamp-query" --data-binary '@file.tsq' https://freetsa.org/tsr > file.tsr
Local $sTsaUrl = "https://freetsa.org/tsr"
; Another timestamp server you could try is: http://timestamp.digicert.com
$sTsaUrl = "http://timestamp.digicert.com"
$oResp = ObjCreate("Chilkat.HttpResponse")
$bSuccess = $oHttp.HttpBd("POST",$sTsaUrl,$oRequestToken,"application/timestamp-query",$oResp)
If ($bSuccess = False) Then
    ConsoleWrite($oHttp.LastErrorText & @CRLF)
    Exit
EndIf

; Get the timestamp reply from the HTTP response object.
$oTimestampReply = ObjCreate("Chilkat.BinData")
$oResp.GetBodyBd($oTimestampReply)

; Show the base64 encoded timestamp reply.
ConsoleWrite($oTimestampReply.GetEncoded("base64") & @CRLF)

; Let's verify the timestamp reply against the TSA's cert, which we've previously downloaded.
; See https://freetsa.org/index_en.php
$oTsaCert = ObjCreate("Chilkat.Cert")
$bSuccess = $oTsaCert.LoadFromFile("qa_data/certs/freetsa.org.cer")
If ($bSuccess = False) Then
    ConsoleWrite($oTsaCert.LastErrorText & @CRLF)
    Exit
EndIf

; The VerifyTimestampReply method will return one of the following values:
; -1:  The timestampReply does not contain a valid timestamp reply.
; -2: The  timestampReply is a valid timestamp reply, but failed verification using the public key of the tsaCert.
; 0:  Granted and verified.
; 1: Granted and verified, with mods (see RFC 3161)
; 2: Rejected.
; 3: Waiting.
; 4: Revocation Warning
; 5: Revocation Notification
Local $iPkiStatus = $oHttp.VerifyTimestampReply($oTimestampReply,$oTsaCert)
If ($iPkiStatus < 0) Then
    ConsoleWrite($oHttp.LastErrorText & @CRLF)
    Exit
EndIf

ConsoleWrite("pkiStatus = " & $iPkiStatus & @CRLF)

$oJson = ObjCreate("Chilkat.JsonObject")
$oHttp.GetLastJsonData $oJson

$oJson.EmitCompact = False
ConsoleWrite($oJson.Emit() & @CRLF)

; The JSON looks like the following.

; Use this online tool to generate parsing code from sample JSON: 
; Generate Parsing Code from JSON

; {
;   "timestampReply": {
;     "pkiStatus": {
;       "value": 0,
;       "meaning": "granted"
;     }
;   },
;   "pkcs7": {
;     "verify": {
;       "digestAlgorithms": [
;         "sha256"
;       ],
;       "signerInfo": [
;         {
;           "cert": {
;             "serialNumber": "04CD3F8568AE76C61BB0FE7160CCA76D",
;             "issuerCN": "DigiCert SHA2 Assured ID Timestamping CA",
;             "digestAlgOid": "2.16.840.1.101.3.4.2.1",
;             "digestAlgName": "SHA256"
;           },
;           "contentType": "1.2.840.113549.1.9.16.1.4",
;           "signingTime": "200405023019Z",
;           "messageDigest": "f14zOsdnN9vyyV3HjjBiLzNDi1PF28hAFMODxNkNRZs=",
;           "signingAlgOid": "1.2.840.113549.1.1.1",
;           "signingAlgName": "RSA-PKCSV-1_5",
;           "authAttr": {
;             "1.2.840.113549.1.9.3": {
;               "name": "contentType",
;               "oid": "1.2.840.113549.1.9.16.1.4"
;             },
;             "1.2.840.113549.1.9.5": {
;               "name": "signingTime",
;               "utctime": "200405023019Z"
;             },
;             "1.2.840.113549.1.9.16.2.12": {
;               "name": "signingCertificate",
;               "der": "MBowGDAWBBQDJb1QXtqWMC3CL0+gHkwovig0xQ=="
;             },
;             "1.2.840.113549.1.9.4": {
;               "name": "messageDigest",
;               "digest": "f14zOsdnN9vyyV3HjjBiLzNDi1PF28hAFMODxNkNRZs="
;             }
;           }
;         }
;       ]
;     }
;   }
; }

$oSigningTime = ObjCreate("Chilkat.DtObj")
$oAuthAttrSigningTimeUtctime = ObjCreate("Chilkat.DtObj")
Local $strVal
Local $sCertSerialNumber
Local $sCertIssuerCN
Local $sCertDigestAlgOid
Local $sCertDigestAlgName
Local $sContentType
Local $sMessageDigest
Local $signingAlgOid
Local $signingAlgName
Local $sAuthAttrContentTypeName
Local $sAuthAttrContentTypeOid
Local $sAuthAttrSigningTimeName
Local $sAuthAttrSigningCertificateName
Local $sAuthAttrSigningCertificateDer
Local $sAuthAttrMessageDigestName
Local $sAuthAttrMessageDigestDigest

Local $iTimestampReplyPkiStatusValue = $oJson.IntOf("timestampReply.pkiStatus.value")
Local $sTimestampReplyPkiStatusMeaning = $oJson.StringOf("timestampReply.pkiStatus.meaning")
Local $i = 0
Local $iCount_i = $oJson.SizeOfArray("pkcs7.verify.digestAlgorithms")
While $i < $iCount_i
    $oJson.I = $i
    $strVal = $oJson.StringOf("pkcs7.verify.digestAlgorithms[i]")
    $i = $i + 1
Wend
$i = 0
$iCount_i = $oJson.SizeOfArray("pkcs7.verify.signerInfo")
While $i < $iCount_i
    $oJson.I = $i
    $sCertSerialNumber = $oJson.StringOf("pkcs7.verify.signerInfo[i].cert.serialNumber")
    $sCertIssuerCN = $oJson.StringOf("pkcs7.verify.signerInfo[i].cert.issuerCN")
    $sCertDigestAlgOid = $oJson.StringOf("pkcs7.verify.signerInfo[i].cert.digestAlgOid")
    $sCertDigestAlgName = $oJson.StringOf("pkcs7.verify.signerInfo[i].cert.digestAlgName")
    $sContentType = $oJson.StringOf("pkcs7.verify.signerInfo[i].contentType")
    $oJson.DtOf("pkcs7.verify.signerInfo[i].signingTime",False,$oSigningTime)
    $sMessageDigest = $oJson.StringOf("pkcs7.verify.signerInfo[i].messageDigest")
    $signingAlgOid = $oJson.StringOf("pkcs7.verify.signerInfo[i].signingAlgOid")
    $signingAlgName = $oJson.StringOf("pkcs7.verify.signerInfo[i].signingAlgName")
    $sAuthAttrContentTypeName = $oJson.StringOf("pkcs7.verify.signerInfo[i].authAttr.""1.2.840.113549.1.9.3"".name")
    $sAuthAttrContentTypeOid = $oJson.StringOf("pkcs7.verify.signerInfo[i].authAttr.""1.2.840.113549.1.9.3"".oid")
    $sAuthAttrSigningTimeName = $oJson.StringOf("pkcs7.verify.signerInfo[i].authAttr.""1.2.840.113549.1.9.5"".name")
    $oJson.DtOf("pkcs7.verify.signerInfo[i].authAttr.""1.2.840.113549.1.9.5"".utctime",False,$oAuthAttrSigningTimeUtctime)
    $sAuthAttrSigningCertificateName = $oJson.StringOf("pkcs7.verify.signerInfo[i].authAttr.""1.2.840.113549.1.9.16.2.12"".name")
    $sAuthAttrSigningCertificateDer = $oJson.StringOf("pkcs7.verify.signerInfo[i].authAttr.""1.2.840.113549.1.9.16.2.12"".der")
    $sAuthAttrMessageDigestName = $oJson.StringOf("pkcs7.verify.signerInfo[i].authAttr.""1.2.840.113549.1.9.4"".name")
    $sAuthAttrMessageDigestDigest = $oJson.StringOf("pkcs7.verify.signerInfo[i].authAttr.""1.2.840.113549.1.9.4"".digest")
    $i = $i + 1
Wend