AutoIt
AutoIt
RFC3161 Timestamp Client - Fetch from Timestamp Authority (TSA) and Verify
See more HTTP Examples
Sends an RFC 3161 timestamp request to a TSA (Timestamp Authority) server and validates the timestamp token response.Chilkat AutoIt Downloads
Local $bSuccess = False
; This requires the Chilkat API to have been previously unlocked.
; See Global Unlock Sample for sample code.
; First sha-256 hash the data that is to be timestamped.
; In this example, the data is the string "Hello World"
$oCrypt = ObjCreate("Chilkat.Crypt2")
$oCrypt.HashAlgorithm = "sha256"
$oCrypt.EncodingMode = "base64"
Local $sBase64Hash = $oCrypt.HashStringENC("Hello World")
$oHttp = ObjCreate("Chilkat.Http")
$oRequestToken = ObjCreate("Chilkat.BinData")
Local $sOptionalPolicyOid = ""
Local $bAddNonce = False
Local $bRequestTsaCert = True
; Create a time-stamp request token
$bSuccess = $oHttp.CreateTimestampRequest("sha256",$sBase64Hash,$sOptionalPolicyOid,$bAddNonce,$bRequestTsaCert,$oRequestToken)
If ($bSuccess = False) Then
ConsoleWrite($oHttp.LastErrorText & @CRLF)
Exit
EndIf
; Send the time-stamp request token to the TSA.
; This is the equivalent of the following CURL command:
; curl -H "Content-Type: application/timestamp-query" --data-binary '@file.tsq' https://freetsa.org/tsr > file.tsr
Local $sTsaUrl = "https://freetsa.org/tsr"
; Another timestamp server you could try is: http://timestamp.digicert.com
$sTsaUrl = "http://timestamp.digicert.com"
$oResp = ObjCreate("Chilkat.HttpResponse")
$bSuccess = $oHttp.HttpBd("POST",$sTsaUrl,$oRequestToken,"application/timestamp-query",$oResp)
If ($bSuccess = False) Then
ConsoleWrite($oHttp.LastErrorText & @CRLF)
Exit
EndIf
; Get the timestamp reply from the HTTP response object.
$oTimestampReply = ObjCreate("Chilkat.BinData")
$oResp.GetBodyBd($oTimestampReply)
; Show the base64 encoded timestamp reply.
ConsoleWrite($oTimestampReply.GetEncoded("base64") & @CRLF)
; Let's verify the timestamp reply against the TSA's cert, which we've previously downloaded.
; See https://freetsa.org/index_en.php
$oTsaCert = ObjCreate("Chilkat.Cert")
$bSuccess = $oTsaCert.LoadFromFile("qa_data/certs/freetsa.org.cer")
If ($bSuccess = False) Then
ConsoleWrite($oTsaCert.LastErrorText & @CRLF)
Exit
EndIf
; The VerifyTimestampReply method will return one of the following values:
; -1: The timestampReply does not contain a valid timestamp reply.
; -2: The timestampReply is a valid timestamp reply, but failed verification using the public key of the tsaCert.
; 0: Granted and verified.
; 1: Granted and verified, with mods (see RFC 3161)
; 2: Rejected.
; 3: Waiting.
; 4: Revocation Warning
; 5: Revocation Notification
Local $iPkiStatus = $oHttp.VerifyTimestampReply($oTimestampReply,$oTsaCert)
If ($iPkiStatus < 0) Then
ConsoleWrite($oHttp.LastErrorText & @CRLF)
Exit
EndIf
ConsoleWrite("pkiStatus = " & $iPkiStatus & @CRLF)
$oJson = ObjCreate("Chilkat.JsonObject")
$oHttp.GetLastJsonData $oJson
$oJson.EmitCompact = False
ConsoleWrite($oJson.Emit() & @CRLF)
; The JSON looks like the following.
; Use this online tool to generate parsing code from sample JSON:
; Generate Parsing Code from JSON
; {
; "timestampReply": {
; "pkiStatus": {
; "value": 0,
; "meaning": "granted"
; }
; },
; "pkcs7": {
; "verify": {
; "digestAlgorithms": [
; "sha256"
; ],
; "signerInfo": [
; {
; "cert": {
; "serialNumber": "04CD3F8568AE76C61BB0FE7160CCA76D",
; "issuerCN": "DigiCert SHA2 Assured ID Timestamping CA",
; "digestAlgOid": "2.16.840.1.101.3.4.2.1",
; "digestAlgName": "SHA256"
; },
; "contentType": "1.2.840.113549.1.9.16.1.4",
; "signingTime": "200405023019Z",
; "messageDigest": "f14zOsdnN9vyyV3HjjBiLzNDi1PF28hAFMODxNkNRZs=",
; "signingAlgOid": "1.2.840.113549.1.1.1",
; "signingAlgName": "RSA-PKCSV-1_5",
; "authAttr": {
; "1.2.840.113549.1.9.3": {
; "name": "contentType",
; "oid": "1.2.840.113549.1.9.16.1.4"
; },
; "1.2.840.113549.1.9.5": {
; "name": "signingTime",
; "utctime": "200405023019Z"
; },
; "1.2.840.113549.1.9.16.2.12": {
; "name": "signingCertificate",
; "der": "MBowGDAWBBQDJb1QXtqWMC3CL0+gHkwovig0xQ=="
; },
; "1.2.840.113549.1.9.4": {
; "name": "messageDigest",
; "digest": "f14zOsdnN9vyyV3HjjBiLzNDi1PF28hAFMODxNkNRZs="
; }
; }
; }
; ]
; }
; }
; }
$oSigningTime = ObjCreate("Chilkat.DtObj")
$oAuthAttrSigningTimeUtctime = ObjCreate("Chilkat.DtObj")
Local $strVal
Local $sCertSerialNumber
Local $sCertIssuerCN
Local $sCertDigestAlgOid
Local $sCertDigestAlgName
Local $sContentType
Local $sMessageDigest
Local $signingAlgOid
Local $signingAlgName
Local $sAuthAttrContentTypeName
Local $sAuthAttrContentTypeOid
Local $sAuthAttrSigningTimeName
Local $sAuthAttrSigningCertificateName
Local $sAuthAttrSigningCertificateDer
Local $sAuthAttrMessageDigestName
Local $sAuthAttrMessageDigestDigest
Local $iTimestampReplyPkiStatusValue = $oJson.IntOf("timestampReply.pkiStatus.value")
Local $sTimestampReplyPkiStatusMeaning = $oJson.StringOf("timestampReply.pkiStatus.meaning")
Local $i = 0
Local $iCount_i = $oJson.SizeOfArray("pkcs7.verify.digestAlgorithms")
While $i < $iCount_i
$oJson.I = $i
$strVal = $oJson.StringOf("pkcs7.verify.digestAlgorithms[i]")
$i = $i + 1
Wend
$i = 0
$iCount_i = $oJson.SizeOfArray("pkcs7.verify.signerInfo")
While $i < $iCount_i
$oJson.I = $i
$sCertSerialNumber = $oJson.StringOf("pkcs7.verify.signerInfo[i].cert.serialNumber")
$sCertIssuerCN = $oJson.StringOf("pkcs7.verify.signerInfo[i].cert.issuerCN")
$sCertDigestAlgOid = $oJson.StringOf("pkcs7.verify.signerInfo[i].cert.digestAlgOid")
$sCertDigestAlgName = $oJson.StringOf("pkcs7.verify.signerInfo[i].cert.digestAlgName")
$sContentType = $oJson.StringOf("pkcs7.verify.signerInfo[i].contentType")
$oJson.DtOf("pkcs7.verify.signerInfo[i].signingTime",False,$oSigningTime)
$sMessageDigest = $oJson.StringOf("pkcs7.verify.signerInfo[i].messageDigest")
$signingAlgOid = $oJson.StringOf("pkcs7.verify.signerInfo[i].signingAlgOid")
$signingAlgName = $oJson.StringOf("pkcs7.verify.signerInfo[i].signingAlgName")
$sAuthAttrContentTypeName = $oJson.StringOf("pkcs7.verify.signerInfo[i].authAttr.""1.2.840.113549.1.9.3"".name")
$sAuthAttrContentTypeOid = $oJson.StringOf("pkcs7.verify.signerInfo[i].authAttr.""1.2.840.113549.1.9.3"".oid")
$sAuthAttrSigningTimeName = $oJson.StringOf("pkcs7.verify.signerInfo[i].authAttr.""1.2.840.113549.1.9.5"".name")
$oJson.DtOf("pkcs7.verify.signerInfo[i].authAttr.""1.2.840.113549.1.9.5"".utctime",False,$oAuthAttrSigningTimeUtctime)
$sAuthAttrSigningCertificateName = $oJson.StringOf("pkcs7.verify.signerInfo[i].authAttr.""1.2.840.113549.1.9.16.2.12"".name")
$sAuthAttrSigningCertificateDer = $oJson.StringOf("pkcs7.verify.signerInfo[i].authAttr.""1.2.840.113549.1.9.16.2.12"".der")
$sAuthAttrMessageDigestName = $oJson.StringOf("pkcs7.verify.signerInfo[i].authAttr.""1.2.840.113549.1.9.4"".name")
$sAuthAttrMessageDigestDigest = $oJson.StringOf("pkcs7.verify.signerInfo[i].authAttr.""1.2.840.113549.1.9.4"".digest")
$i = $i + 1
Wend