|
Chilkat • HOME • .NET Core C# • Android™ • AutoIt • C • C# • C++ • Chilkat2-Python • CkPython • Classic ASP • DataFlex • Delphi ActiveX • Delphi DLL • Go • Java • Lianja • Mono C# • Node.js • Objective-C • PHP ActiveX • PHP Extension • Perl • PowerBuilder • PowerShell • PureBasic • Ruby • SQL Server • Swift 2 • Swift 3,4,5... • Tcl • Unicode C • Unicode C++ • VB.NET • VBScript • Visual Basic 6.0 • Visual FoxPro • Xojo Plugin
(DataFlex) RFC3161 Timestamp Client - Fetch from Timestamp Authority (TSA) and VerifySends an RFC 3161 timestamp request to a TSA (Timestamp Authority) server and validates the timestamp token response. Note: This example requires Chilkat v9.5.0.75 or greater.
Use ChilkatAx-9.5.0-win32.pkg Procedure Test Boolean iSuccess Handle hoCrypt String sBase64Hash Handle hoHttp Variant vRequestToken Handle hoRequestToken String sOptionalPolicyOid Boolean iAddNonce Boolean iRequestTsaCert String sTsaUrl Variant vResp Handle hoResp Variant vTimestampReply Handle hoTimestampReply Variant vTsaCert Handle hoTsaCert Integer iPkiStatus Variant vJson Handle hoJson Variant vSigningTime Handle hoSigningTime Variant vAuthAttrSigningTimeUtctime Handle hoAuthAttrSigningTimeUtctime String sStrVal String sCertSerialNumber String sCertIssuerCN String sCertDigestAlgOid String sCertDigestAlgName String sContentType String sMessageDigest String sSigningAlgOid String sSigningAlgName String sAuthAttrContentTypeName String sAuthAttrContentTypeOid String sAuthAttrSigningTimeName String sAuthAttrSigningCertificateName String sAuthAttrSigningCertificateDer String sAuthAttrMessageDigestName String sAuthAttrMessageDigestDigest Integer iTimestampReplyPkiStatusValue String sTimestampReplyPkiStatusMeaning Integer i Integer iCount_i String sTemp1 Boolean bTemp1 // Note: Requires Chilkat v9.5.0.75 or greater. // This requires the Chilkat API to have been previously unlocked. // See Global Unlock Sample for sample code. // First sha-256 hash the data that is to be timestamped. // In this example, the data is the string "Hello World" Get Create (RefClass(cComChilkatCrypt2)) To hoCrypt If (Not(IsComObjectCreated(hoCrypt))) Begin Send CreateComObject of hoCrypt End Set ComHashAlgorithm Of hoCrypt To "sha256" Set ComEncodingMode Of hoCrypt To "base64" Get ComHashStringENC Of hoCrypt "Hello World" To sBase64Hash Get Create (RefClass(cComChilkatHttp)) To hoHttp If (Not(IsComObjectCreated(hoHttp))) Begin Send CreateComObject of hoHttp End Get Create (RefClass(cComChilkatBinData)) To hoRequestToken If (Not(IsComObjectCreated(hoRequestToken))) Begin Send CreateComObject of hoRequestToken End Move "" To sOptionalPolicyOid Move False To iAddNonce Move True To iRequestTsaCert // Create a time-stamp request token Get pvComObject of hoRequestToken to vRequestToken Get ComCreateTimestampRequest Of hoHttp "sha256" sBase64Hash sOptionalPolicyOid iAddNonce iRequestTsaCert vRequestToken To iSuccess If (iSuccess <> True) Begin Get ComLastErrorText Of hoHttp To sTemp1 Showln sTemp1 Procedure_Return End // Send the time-stamp request token to the TSA. // This is the equivalent of the following CURL command: // curl -H "Content-Type: application/timestamp-query" --data-binary '@file.tsq' https://freetsa.org/tsr > file.tsr Move "https://freetsa.org/tsr" To sTsaUrl // Another timestamp server you could try is: http://timestamp.digicert.com Move "http://timestamp.digicert.com" To sTsaUrl Get pvComObject of hoRequestToken to vRequestToken Get ComPBinaryBd Of hoHttp "POST" sTsaUrl vRequestToken "application/timestamp-query" False False To vResp If (IsComObject(vResp)) Begin Get Create (RefClass(cComChilkatHttpResponse)) To hoResp Set pvComObject Of hoResp To vResp End Get ComLastMethodSuccess Of hoHttp To bTemp1 If (bTemp1 <> True) Begin Get ComLastErrorText Of hoHttp To sTemp1 Showln sTemp1 Procedure_Return End // Get the timestamp reply from the HTTP response object. Get Create (RefClass(cComChilkatBinData)) To hoTimestampReply If (Not(IsComObjectCreated(hoTimestampReply))) Begin Send CreateComObject of hoTimestampReply End Get pvComObject of hoTimestampReply to vTimestampReply Get ComGetBodyBd Of hoResp vTimestampReply To iSuccess Send Destroy of hoResp // Show the base64 encoded timestamp reply. Get ComGetEncoded Of hoTimestampReply "base64" To sTemp1 Showln sTemp1 // Let's verify the timestamp reply against the TSA's cert, which we've previously downloaded. // See https://freetsa.org/index_en.php Get Create (RefClass(cComChilkatCert)) To hoTsaCert If (Not(IsComObjectCreated(hoTsaCert))) Begin Send CreateComObject of hoTsaCert End Get ComLoadFromFile Of hoTsaCert "qa_data/certs/freetsa.org.cer" To iSuccess If (iSuccess <> True) Begin Get ComLastErrorText Of hoTsaCert To sTemp1 Showln sTemp1 Procedure_Return End // The VerifyTimestampReply method will return one of the following values: // -1: The timestampReply does not contain a valid timestamp reply. // -2: The timestampReply is a valid timestamp reply, but failed verification using the public key of the tsaCert. // 0: Granted and verified. // 1: Granted and verified, with mods (see RFC 3161) // 2: Rejected. // 3: Waiting. // 4: Revocation Warning // 5: Revocation Notification Get pvComObject of hoTimestampReply to vTimestampReply Get pvComObject of hoTsaCert to vTsaCert Get ComVerifyTimestampReply Of hoHttp vTimestampReply vTsaCert To iPkiStatus If (iPkiStatus < 0) Begin Get ComLastErrorText Of hoHttp To sTemp1 Showln sTemp1 Procedure_Return End Showln "pkiStatus = " iPkiStatus Get ComLastJsonData Of hoHttp To vJson If (IsComObject(vJson)) Begin Get Create (RefClass(cComChilkatJsonObject)) To hoJson Set pvComObject Of hoJson To vJson End Set ComEmitCompact Of hoJson To False Get ComEmit Of hoJson To sTemp1 Showln sTemp1 // The LastJsonData looks like the following. // Note: The "timestampReply.pkiStatus" portion of the LastJsonData was added in Chilkat v9.5.0.83 // Use this online tool to generate parsing code from sample JSON: // Generate Parsing Code from JSON // { // "timestampReply": { // "pkiStatus": { // "value": 0, // "meaning": "granted" // } // }, // "pkcs7": { // "verify": { // "digestAlgorithms": [ // "sha256" // ], // "signerInfo": [ // { // "cert": { // "serialNumber": "04CD3F8568AE76C61BB0FE7160CCA76D", // "issuerCN": "DigiCert SHA2 Assured ID Timestamping CA", // "digestAlgOid": "2.16.840.1.101.3.4.2.1", // "digestAlgName": "SHA256" // }, // "contentType": "1.2.840.113549.1.9.16.1.4", // "signingTime": "200405023019Z", // "messageDigest": "f14zOsdnN9vyyV3HjjBiLzNDi1PF28hAFMODxNkNRZs=", // "signingAlgOid": "1.2.840.113549.1.1.1", // "signingAlgName": "RSA-PKCSV-1_5", // "authAttr": { // "1.2.840.113549.1.9.3": { // "name": "contentType", // "oid": "1.2.840.113549.1.9.16.1.4" // }, // "1.2.840.113549.1.9.5": { // "name": "signingTime", // "utctime": "200405023019Z" // }, // "1.2.840.113549.1.9.16.2.12": { // "name": "signingCertificate", // "der": "MBowGDAWBBQDJb1QXtqWMC3CL0+gHkwovig0xQ==" // }, // "1.2.840.113549.1.9.4": { // "name": "messageDigest", // "digest": "f14zOsdnN9vyyV3HjjBiLzNDi1PF28hAFMODxNkNRZs=" // } // } // } // ] // } // } // } Get Create (RefClass(cComChilkatDtObj)) To hoSigningTime If (Not(IsComObjectCreated(hoSigningTime))) Begin Send CreateComObject of hoSigningTime End Get Create (RefClass(cComChilkatDtObj)) To hoAuthAttrSigningTimeUtctime If (Not(IsComObjectCreated(hoAuthAttrSigningTimeUtctime))) Begin Send CreateComObject of hoAuthAttrSigningTimeUtctime End Get ComIntOf Of hoJson "timestampReply.pkiStatus.value" To iTimestampReplyPkiStatusValue Get ComStringOf Of hoJson "timestampReply.pkiStatus.meaning" To sTimestampReplyPkiStatusMeaning Move 0 To i Get ComSizeOfArray Of hoJson "pkcs7.verify.digestAlgorithms" To iCount_i While (i < iCount_i) Set ComI Of hoJson To i Get ComStringOf Of hoJson "pkcs7.verify.digestAlgorithms[i]" To sStrVal Move (i + 1) To i Loop Move 0 To i Get ComSizeOfArray Of hoJson "pkcs7.verify.signerInfo" To iCount_i While (i < iCount_i) Set ComI Of hoJson To i Get ComStringOf Of hoJson "pkcs7.verify.signerInfo[i].cert.serialNumber" To sCertSerialNumber Get ComStringOf Of hoJson "pkcs7.verify.signerInfo[i].cert.issuerCN" To sCertIssuerCN Get ComStringOf Of hoJson "pkcs7.verify.signerInfo[i].cert.digestAlgOid" To sCertDigestAlgOid Get ComStringOf Of hoJson "pkcs7.verify.signerInfo[i].cert.digestAlgName" To sCertDigestAlgName Get ComStringOf Of hoJson "pkcs7.verify.signerInfo[i].contentType" To sContentType Get pvComObject of hoSigningTime to vSigningTime Get ComDtOf Of hoJson "pkcs7.verify.signerInfo[i].signingTime" False vSigningTime To iSuccess Get ComStringOf Of hoJson "pkcs7.verify.signerInfo[i].messageDigest" To sMessageDigest Get ComStringOf Of hoJson "pkcs7.verify.signerInfo[i].signingAlgOid" To sSigningAlgOid Get ComStringOf Of hoJson "pkcs7.verify.signerInfo[i].signingAlgName" To sSigningAlgName Get ComStringOf Of hoJson 'pkcs7.verify.signerInfo[i].authAttr."1.2.840.113549.1.9.3".name' To sAuthAttrContentTypeName Get ComStringOf Of hoJson 'pkcs7.verify.signerInfo[i].authAttr."1.2.840.113549.1.9.3".oid' To sAuthAttrContentTypeOid Get ComStringOf Of hoJson 'pkcs7.verify.signerInfo[i].authAttr."1.2.840.113549.1.9.5".name' To sAuthAttrSigningTimeName Get pvComObject of hoAuthAttrSigningTimeUtctime to vAuthAttrSigningTimeUtctime Get ComDtOf Of hoJson 'pkcs7.verify.signerInfo[i].authAttr."1.2.840.113549.1.9.5".utctime' False vAuthAttrSigningTimeUtctime To iSuccess Get ComStringOf Of hoJson 'pkcs7.verify.signerInfo[i].authAttr."1.2.840.113549.1.9.16.2.12".name' To sAuthAttrSigningCertificateName Get ComStringOf Of hoJson 'pkcs7.verify.signerInfo[i].authAttr."1.2.840.113549.1.9.16.2.12".der' To sAuthAttrSigningCertificateDer Get ComStringOf Of hoJson 'pkcs7.verify.signerInfo[i].authAttr."1.2.840.113549.1.9.4".name' To sAuthAttrMessageDigestName Get ComStringOf Of hoJson 'pkcs7.verify.signerInfo[i].authAttr."1.2.840.113549.1.9.4".digest' To sAuthAttrMessageDigestDigest Move (i + 1) To i Loop Send Destroy of hoJson End_Procedure |
||||
© 2000-2024 Chilkat Software, Inc. All Rights Reserved.