|
Chilkat • HOME • .NET Core C# • Android™ • AutoIt • C • C# • C++ • Chilkat2-Python • CkPython • Classic ASP • DataFlex • Delphi ActiveX • Delphi DLL • Go • Java • Lianja • Mono C# • Node.js • Objective-C • PHP ActiveX • PHP Extension • Perl • PowerBuilder • PowerShell • PureBasic • Ruby • SQL Server • Swift 2 • Swift 3,4,5... • Tcl • Unicode C • Unicode C++ • VB.NET • VBScript • Visual Basic 6.0 • Visual FoxPro • Xojo Plugin
(DataFlex) Get Certificate As XML (and gets Signature Algorithm Identifier)Demonstrates how to convert a certificate to XML such that the contents can easily be identified and accessed. Typically, the Chilkat Cert API provides properties and methods to access the most commonly needed pieces of information from a certificate. If a bit of information is not readily available then it can likely be retrieved from the XML representation. One such case is the certificate's signature algorithm identifier. The basic internal format of a certificate is as follows (from section 4.1 of RFC 5280).
Certificate ::= SEQUENCE {
tbsCertificate TBSCertificate,
signatureAlgorithm AlgorithmIdentifier,
signatureValue BIT STRING }
TBSCertificate ::= SEQUENCE {
version [0] EXPLICIT Version DEFAULT v1,
serialNumber CertificateSerialNumber,
signature AlgorithmIdentifier,
issuer Name,
validity Validity,
subject Name,
subjectPublicKeyInfo SubjectPublicKeyInfo,
issuerUniqueID [1] IMPLICIT UniqueIdentifier OPTIONAL,
subjectUniqueID [2] IMPLICIT UniqueIdentifier OPTIONAL,
-- If present, version MUST be v2 or v3
extensions [3] EXPLICIT Extensions OPTIONAL
-- If present, version MUST be v3
}
Chilkat does not expect you to fully understand this notation and structure, but you can see that at a high level, the certificate is a sequence of three things, one after the other (a TBSCertifciate, an AlgorithmIdentifier, and a BIT STRING that is the signature). In XML format, it will look like this:
<sequence>
<sequence>
TBSCertificate goes here...
</sequence>
<sequence>
<oid>1.2.840.113549.1.1.11</oid>
<null />
</sequence>
<bits n="2048">3D20E895... 8DA307EC</bits>
</sequence>
The "oid" specifies the signature algorithm (such as sha256RSA), but it is an OID. In this case, the OID "1.2.840.113549.1.1.11" indicates "sha256WithRSAEncryption". (Google "1.2.840.113549.1.1.11" and you will find the 1st search result is http://www.alvestrand.no/objectid/1.2.840.113549.1.1.11.html. You can lookup any OID this way, to see what it means.)
Use ChilkatAx-win32.pkg Procedure Test Handle hoSocket Boolean iUseTls Integer iMaxWaitMillisec String sTlsServerHost Boolean iSuccess Variant vCert Handle hoCert String sCertXml Handle hoXml Variant vAlgId Handle hoAlgId String sOid String sTemp1 Boolean bTemp1 // This example assumes the Chilkat API to have been previously unlocked. // See Global Unlock Sample for sample code. Get Create (RefClass(cComChilkatSocket)) To hoSocket If (Not(IsComObjectCreated(hoSocket))) Begin Send CreateComObject of hoSocket End Move True To iUseTls Move 20000 To iMaxWaitMillisec Move "www.google.com" To sTlsServerHost Get ComConnect Of hoSocket sTlsServerHost 443 iUseTls iMaxWaitMillisec To iSuccess If (iSuccess <> True) Begin Get ComLastErrorText Of hoSocket To sTemp1 Showln sTemp1 Procedure_Return End Get ComGetSslServerCert Of hoSocket To vCert If (IsComObject(vCert)) Begin Get Create (RefClass(cComChilkatCert)) To hoCert Set pvComObject Of hoCert To vCert End Get ComLastMethodSuccess Of hoSocket To bTemp1 If (bTemp1 <> True) Begin Get ComLastErrorText Of hoSocket To sTemp1 Showln sTemp1 Procedure_Return End // Close the connection with the server // Wait a max of 20 millsec for a clean TLS shutdown. Get ComClose Of hoSocket 20 To iSuccess // Examine the server cert in XML format Get ComExportCertXml Of hoCert To sCertXml Showln sCertXml // Let's parse the XML to get the signature algorithm identifier. Get Create (RefClass(cComChilkatXml)) To hoXml If (Not(IsComObjectCreated(hoXml))) Begin Send CreateComObject of hoXml End Get ComLoadXml Of hoXml sCertXml To iSuccess // The 2nd child is at index 1. Get ComGetChild Of hoXml 1 To vAlgId If (IsComObject(vAlgId)) Begin Get Create (RefClass(cComChilkatXml)) To hoAlgId Set pvComObject Of hoAlgId To vAlgId End Get ComGetChildContent Of hoAlgId "oid" To sOid Showln "Signature Algorithm OID = " sOid Send Destroy of hoAlgId Send Destroy of hoCert End_Procedure |
||||
© 2000-2024 Chilkat Software, Inc. All Rights Reserved.