Sample code for 30+ languages & platforms
C

Get ETK Public Key (api-acpt.ehealth.fgov.be)

See more Belgian eHealth Platform Examples

The following URL returns JSON, which contains a PKCS7 signed data:
https://api-acpt.ehealth.fgov.be/etee/v1/etks?identifier=12345678901&type=SSIN

This example extracts the signed data, validates it, and then extracts the public key from the certificate (obtained from signed content in the PKCS7)

Note: The URL above uses "12345678901" which is not valid. You should replace it with a valid number.

Chilkat C Downloads

C
#include <C_CkHttp.h>
#include <C_CkJsonArray.h>
#include <C_CkJsonObject.h>
#include <C_CkBinData.h>
#include <C_CkCrypt2.h>
#include <C_CkCert.h>
#include <C_CkPublicKey.h>

void ChilkatSample(void)
    {
    BOOL success;
    HCkHttp http;
    const char *jsonStr;
    HCkJsonArray jarr;
    HCkJsonObject json;
    HCkBinData bdPkcs7;
    HCkCrypt2 crypt;
    HCkCert cert;
    HCkPublicKey pubKey;

    success = FALSE;

    // This example requires the Chilkat API to have been previously unlocked.
    // See Global Unlock Sample for sample code.

    http = CkHttp_Create();

    jsonStr = CkHttp_quickGetStr(http,"https://api-acpt.ehealth.fgov.be/etee/v1/etks?identifier=12345678901&type=SSIN");
    if (CkHttp_getLastMethodSuccess(http) == FALSE) {
        printf("%s\n",CkHttp_lastErrorText(http));
        CkHttp_Dispose(http);
        return;
    }

    printf("%s\n",jsonStr);

    // The JSON contains something like this:

    // [
    //     {
    //         "key": {
    //             "applicationIdentifier": "",
    //             "ssin": "12345678901"
    //         },
    //         "value": "MIAGCSq....AAAAAAAA=="
    //     }
    // ]

    // Note: The above is a JSON array (not a JSON object)
    // It should be loaded into a Chilkat JSON array.
    jarr = CkJsonArray_Create();
    success = CkJsonArray_Load(jarr,jsonStr);
    if (success == FALSE) {
        printf("Failed to load JSON.\n");
        CkHttp_Dispose(http);
        CkJsonArray_Dispose(jarr);
        return;
    }

    json = CkJsonArray_ObjectAt(jarr,0);
    bdPkcs7 = CkBinData_Create();
    CkBinData_AppendEncoded(bdPkcs7,CkJsonObject_stringOf(json,"value"),"base64");
    CkJsonObject_Dispose(json);

    // Let's verify the PKCS7, and then examine the signing cert,
    // and get the signing cert's public key.
    crypt = CkCrypt2_Create();

    // Validate the signedData PKCS7, and replace the contents of bdPkcs7 with the extracted signed content.
    success = CkCrypt2_OpaqueVerifyBd(crypt,bdPkcs7);
    if (success == FALSE) {
        printf("%s\n",CkCrypt2_lastErrorText(crypt));
        CkHttp_Dispose(http);
        CkJsonArray_Dispose(jarr);
        CkBinData_Dispose(bdPkcs7);
        CkCrypt2_Dispose(crypt);
        return;
    }

    // The signed content is the DER of a certificate.
    // In other words, bdPkcs7 now contains a certificate.
    cert = CkCert_Create();
    success = CkCert_LoadFromBd(cert,bdPkcs7);
    if (success == FALSE) {
        printf("%s\n",CkCert_lastErrorText(cert));
        CkHttp_Dispose(http);
        CkJsonArray_Dispose(jarr);
        CkBinData_Dispose(bdPkcs7);
        CkCrypt2_Dispose(crypt);
        CkCert_Dispose(cert);
        return;
    }

    // Show some certificate information:
    printf("Subject: %s\n",CkCert_subjectDN(cert));
    printf("Serial: %s\n",CkCert_serialNumber(cert));
    printf("Issuer: %s\n",CkCert_issuerDN(cert));

    // Let's get the cert's public key...
    pubKey = CkPublicKey_Create();
    CkCert_GetPublicKey(cert,pubKey);

    // OK, you now have the public key and can do whatever is needed..
    printf("%s\n",CkPublicKey_keyType(pubKey));
    printf("%d\n",CkPublicKey_getKeySize(pubKey));


    CkHttp_Dispose(http);
    CkJsonArray_Dispose(jarr);
    CkBinData_Dispose(bdPkcs7);
    CkCrypt2_Dispose(crypt);
    CkCert_Dispose(cert);
    CkPublicKey_Dispose(pubKey);

    }