DataFlex
DataFlex
RFC3161 Timestamp Client - Fetch from Timestamp Authority (TSA) and Verify
See more HTTP Examples
Sends an RFC 3161 timestamp request to a TSA (Timestamp Authority) server and validates the timestamp token response.Chilkat DataFlex Downloads
Use ChilkatAx-win32.pkg
Procedure Test
Boolean iSuccess
Handle hoCrypt
String sBase64Hash
Handle hoHttp
Variant vRequestToken
Handle hoRequestToken
String sOptionalPolicyOid
Boolean iAddNonce
Boolean iRequestTsaCert
String sTsaUrl
Variant vResp
Handle hoResp
Variant vTimestampReply
Handle hoTimestampReply
Variant vTsaCert
Handle hoTsaCert
Integer iPkiStatus
Variant vJson
Handle hoJson
Variant vSigningTime
Handle hoSigningTime
Variant vAuthAttrSigningTimeUtctime
Handle hoAuthAttrSigningTimeUtctime
String sStrVal
String sCertSerialNumber
String sCertIssuerCN
String sCertDigestAlgOid
String sCertDigestAlgName
String sContentType
String sMessageDigest
String sSigningAlgOid
String sSigningAlgName
String sAuthAttrContentTypeName
String sAuthAttrContentTypeOid
String sAuthAttrSigningTimeName
String sAuthAttrSigningCertificateName
String sAuthAttrSigningCertificateDer
String sAuthAttrMessageDigestName
String sAuthAttrMessageDigestDigest
Integer iTimestampReplyPkiStatusValue
String sTimestampReplyPkiStatusMeaning
Integer i
Integer iCount_i
String sTemp1
Move False To iSuccess
// This requires the Chilkat API to have been previously unlocked.
// See Global Unlock Sample for sample code.
// First sha-256 hash the data that is to be timestamped.
// In this example, the data is the string "Hello World"
Get Create (RefClass(cComChilkatCrypt2)) To hoCrypt
If (Not(IsComObjectCreated(hoCrypt))) Begin
Send CreateComObject of hoCrypt
End
Set ComHashAlgorithm Of hoCrypt To "sha256"
Set ComEncodingMode Of hoCrypt To "base64"
Get ComHashStringENC Of hoCrypt "Hello World" To sBase64Hash
Get Create (RefClass(cComChilkatHttp)) To hoHttp
If (Not(IsComObjectCreated(hoHttp))) Begin
Send CreateComObject of hoHttp
End
Get Create (RefClass(cComChilkatBinData)) To hoRequestToken
If (Not(IsComObjectCreated(hoRequestToken))) Begin
Send CreateComObject of hoRequestToken
End
Move "" To sOptionalPolicyOid
Move False To iAddNonce
Move True To iRequestTsaCert
// Create a time-stamp request token
Get pvComObject of hoRequestToken to vRequestToken
Get ComCreateTimestampRequest Of hoHttp "sha256" sBase64Hash sOptionalPolicyOid iAddNonce iRequestTsaCert vRequestToken To iSuccess
If (iSuccess = False) Begin
Get ComLastErrorText Of hoHttp To sTemp1
Showln sTemp1
Procedure_Return
End
// Send the time-stamp request token to the TSA.
// This is the equivalent of the following CURL command:
// curl -H "Content-Type: application/timestamp-query" --data-binary '@file.tsq' https://freetsa.org/tsr > file.tsr
Move "https://freetsa.org/tsr" To sTsaUrl
// Another timestamp server you could try is: http://timestamp.digicert.com
Move "http://timestamp.digicert.com" To sTsaUrl
Get Create (RefClass(cComChilkatHttpResponse)) To hoResp
If (Not(IsComObjectCreated(hoResp))) Begin
Send CreateComObject of hoResp
End
Get pvComObject of hoRequestToken to vRequestToken
Get pvComObject of hoResp to vResp
Get ComHttpBd Of hoHttp "POST" sTsaUrl vRequestToken "application/timestamp-query" vResp To iSuccess
If (iSuccess = False) Begin
Get ComLastErrorText Of hoHttp To sTemp1
Showln sTemp1
Procedure_Return
End
// Get the timestamp reply from the HTTP response object.
Get Create (RefClass(cComChilkatBinData)) To hoTimestampReply
If (Not(IsComObjectCreated(hoTimestampReply))) Begin
Send CreateComObject of hoTimestampReply
End
Get pvComObject of hoTimestampReply to vTimestampReply
Get ComGetBodyBd Of hoResp vTimestampReply To iSuccess
// Show the base64 encoded timestamp reply.
Get ComGetEncoded Of hoTimestampReply "base64" To sTemp1
Showln sTemp1
// Let's verify the timestamp reply against the TSA's cert, which we've previously downloaded.
// See https://freetsa.org/index_en.php
Get Create (RefClass(cComChilkatCert)) To hoTsaCert
If (Not(IsComObjectCreated(hoTsaCert))) Begin
Send CreateComObject of hoTsaCert
End
Get ComLoadFromFile Of hoTsaCert "qa_data/certs/freetsa.org.cer" To iSuccess
If (iSuccess = False) Begin
Get ComLastErrorText Of hoTsaCert To sTemp1
Showln sTemp1
Procedure_Return
End
// The VerifyTimestampReply method will return one of the following values:
// -1: The timestampReply does not contain a valid timestamp reply.
// -2: The timestampReply is a valid timestamp reply, but failed verification using the public key of the tsaCert.
// 0: Granted and verified.
// 1: Granted and verified, with mods (see RFC 3161)
// 2: Rejected.
// 3: Waiting.
// 4: Revocation Warning
// 5: Revocation Notification
Get pvComObject of hoTimestampReply to vTimestampReply
Get pvComObject of hoTsaCert to vTsaCert
Get ComVerifyTimestampReply Of hoHttp vTimestampReply vTsaCert To iPkiStatus
If (iPkiStatus < 0) Begin
Get ComLastErrorText Of hoHttp To sTemp1
Showln sTemp1
Procedure_Return
End
Showln "pkiStatus = " iPkiStatus
Get Create (RefClass(cComChilkatJsonObject)) To hoJson
If (Not(IsComObjectCreated(hoJson))) Begin
Send CreateComObject of hoJson
End
Get pvComObject of hoJson to vJson
Send ComGetLastJsonData To hoHttp vJson
Set ComEmitCompact Of hoJson To False
Get ComEmit Of hoJson To sTemp1
Showln sTemp1
// The JSON looks like the following.
// Use this online tool to generate parsing code from sample JSON:
// Generate Parsing Code from JSON
// {
// "timestampReply": {
// "pkiStatus": {
// "value": 0,
// "meaning": "granted"
// }
// },
// "pkcs7": {
// "verify": {
// "digestAlgorithms": [
// "sha256"
// ],
// "signerInfo": [
// {
// "cert": {
// "serialNumber": "04CD3F8568AE76C61BB0FE7160CCA76D",
// "issuerCN": "DigiCert SHA2 Assured ID Timestamping CA",
// "digestAlgOid": "2.16.840.1.101.3.4.2.1",
// "digestAlgName": "SHA256"
// },
// "contentType": "1.2.840.113549.1.9.16.1.4",
// "signingTime": "200405023019Z",
// "messageDigest": "f14zOsdnN9vyyV3HjjBiLzNDi1PF28hAFMODxNkNRZs=",
// "signingAlgOid": "1.2.840.113549.1.1.1",
// "signingAlgName": "RSA-PKCSV-1_5",
// "authAttr": {
// "1.2.840.113549.1.9.3": {
// "name": "contentType",
// "oid": "1.2.840.113549.1.9.16.1.4"
// },
// "1.2.840.113549.1.9.5": {
// "name": "signingTime",
// "utctime": "200405023019Z"
// },
// "1.2.840.113549.1.9.16.2.12": {
// "name": "signingCertificate",
// "der": "MBowGDAWBBQDJb1QXtqWMC3CL0+gHkwovig0xQ=="
// },
// "1.2.840.113549.1.9.4": {
// "name": "messageDigest",
// "digest": "f14zOsdnN9vyyV3HjjBiLzNDi1PF28hAFMODxNkNRZs="
// }
// }
// }
// ]
// }
// }
// }
Get Create (RefClass(cComChilkatDtObj)) To hoSigningTime
If (Not(IsComObjectCreated(hoSigningTime))) Begin
Send CreateComObject of hoSigningTime
End
Get Create (RefClass(cComChilkatDtObj)) To hoAuthAttrSigningTimeUtctime
If (Not(IsComObjectCreated(hoAuthAttrSigningTimeUtctime))) Begin
Send CreateComObject of hoAuthAttrSigningTimeUtctime
End
Get ComIntOf Of hoJson "timestampReply.pkiStatus.value" To iTimestampReplyPkiStatusValue
Get ComStringOf Of hoJson "timestampReply.pkiStatus.meaning" To sTimestampReplyPkiStatusMeaning
Move 0 To i
Get ComSizeOfArray Of hoJson "pkcs7.verify.digestAlgorithms" To iCount_i
While (i < iCount_i)
Set ComI Of hoJson To i
Get ComStringOf Of hoJson "pkcs7.verify.digestAlgorithms[i]" To sStrVal
Move (i + 1) To i
Loop
Move 0 To i
Get ComSizeOfArray Of hoJson "pkcs7.verify.signerInfo" To iCount_i
While (i < iCount_i)
Set ComI Of hoJson To i
Get ComStringOf Of hoJson "pkcs7.verify.signerInfo[i].cert.serialNumber" To sCertSerialNumber
Get ComStringOf Of hoJson "pkcs7.verify.signerInfo[i].cert.issuerCN" To sCertIssuerCN
Get ComStringOf Of hoJson "pkcs7.verify.signerInfo[i].cert.digestAlgOid" To sCertDigestAlgOid
Get ComStringOf Of hoJson "pkcs7.verify.signerInfo[i].cert.digestAlgName" To sCertDigestAlgName
Get ComStringOf Of hoJson "pkcs7.verify.signerInfo[i].contentType" To sContentType
Get pvComObject of hoSigningTime to vSigningTime
Get ComDtOf Of hoJson "pkcs7.verify.signerInfo[i].signingTime" False vSigningTime To iSuccess
Get ComStringOf Of hoJson "pkcs7.verify.signerInfo[i].messageDigest" To sMessageDigest
Get ComStringOf Of hoJson "pkcs7.verify.signerInfo[i].signingAlgOid" To sSigningAlgOid
Get ComStringOf Of hoJson "pkcs7.verify.signerInfo[i].signingAlgName" To sSigningAlgName
Get ComStringOf Of hoJson 'pkcs7.verify.signerInfo[i].authAttr."1.2.840.113549.1.9.3".name' To sAuthAttrContentTypeName
Get ComStringOf Of hoJson 'pkcs7.verify.signerInfo[i].authAttr."1.2.840.113549.1.9.3".oid' To sAuthAttrContentTypeOid
Get ComStringOf Of hoJson 'pkcs7.verify.signerInfo[i].authAttr."1.2.840.113549.1.9.5".name' To sAuthAttrSigningTimeName
Get pvComObject of hoAuthAttrSigningTimeUtctime to vAuthAttrSigningTimeUtctime
Get ComDtOf Of hoJson 'pkcs7.verify.signerInfo[i].authAttr."1.2.840.113549.1.9.5".utctime' False vAuthAttrSigningTimeUtctime To iSuccess
Get ComStringOf Of hoJson 'pkcs7.verify.signerInfo[i].authAttr."1.2.840.113549.1.9.16.2.12".name' To sAuthAttrSigningCertificateName
Get ComStringOf Of hoJson 'pkcs7.verify.signerInfo[i].authAttr."1.2.840.113549.1.9.16.2.12".der' To sAuthAttrSigningCertificateDer
Get ComStringOf Of hoJson 'pkcs7.verify.signerInfo[i].authAttr."1.2.840.113549.1.9.4".name' To sAuthAttrMessageDigestName
Get ComStringOf Of hoJson 'pkcs7.verify.signerInfo[i].authAttr."1.2.840.113549.1.9.4".digest' To sAuthAttrMessageDigestDigest
Move (i + 1) To i
Loop
End_Procedure