(Visual FoxPro) Get PDF DSS (Document Security Store)

See more PDF Signatures Examples

This example demonstrates how to extract the information from a PDF's DSS (Document Security Store), if a /DSS exists. (Just because a PDF is signed does not mean a /DSS will exists. In fact, the /DSS is typically created at the point of adding the 2nd or greater signature because the /DSS contains LTV (long term validation) information about the previous signature at the time of adding an additional signature.)

Note: This example requires Chilkat v9.5.0.85 or greater.

Chilkat ActiveX Downloads ActiveX for 32-bit and 64-bit Windows

LOCAL loPdf
LOCAL lnSuccess
LOCAL loJson
LOCAL loResponseDateTime
LOCAL loThisUpdate
LOCAL loNextUpdate
LOCAL lcSerial
LOCAL lcValidFrom
LOCAL lcValidTo
LOCAL lnExpired
LOCAL lcSubjectCN
LOCAL lcSubjectO
LOCAL lcIssuerCN
LOCAL lcIssuerO
LOCAL lcKeyType
LOCAL lcKeySize
LOCAL lcDer
LOCAL lcSubjectOU
LOCAL lcSubjectC
LOCAL lcIssuerOU
LOCAL lcIssuerC
LOCAL lnResponseStatus
LOCAL lcResponseTypeOid
LOCAL lcResponseTypeName
LOCAL lcResponseResponderIdChoice
LOCAL lcResponseResponderKeyHash
LOCAL j
LOCAL lnCount_j
LOCAL lcHashOid
LOCAL lcHashAlg
LOCAL lcIssuerNameHash
LOCAL lcIssuerKeyHash
LOCAL lcSerialNumber
LOCAL lnStatus
LOCAL i
LOCAL lnCount_i

* This example requires the Chilkat API to have been previously unlocked.
* See Global Unlock Sample for sample code.

* For versions of Chilkat < 10.0.0, use CreateObject('Chilkat_9_5_0.Pdf')
loPdf = CreateObject('Chilkat.Pdf')

lnSuccess = loPdf.LoadFile("qa_data/pdf/sign_testing_1/helloSigned2.pdf")
IF (lnSuccess = 0) THEN
    ? loPdf.LastErrorText
    RELEASE loPdf
    CANCEL
ENDIF

* For versions of Chilkat < 10.0.0, use CreateObject('Chilkat_9_5_0.JsonObject')
loJson = CreateObject('Chilkat.JsonObject')
loJson.EmitCompact = 0

lnSuccess = loPdf.GetDss(loJson)
? loJson.Emit()

* The document security store contains certificates, OCSP responses, and CRLs.
* The following JSON is a sample of what the /DSS can contain.
* Unfortunately, our sample contains /Certs and /OCSPs, but no /CRLs.
* It's no problem because whatever JSON you get back, you can use the
* following online tool to generate code to parse.
* Generate Parsing Code from JSON

* The code generated by the online tool for this JSON is shown below..

* {
*   "/VRI": {
*     "/EC5BB34CC1F8A0C5FE674427E16E313A08C80808": {}
*   },
*   "/Certs": [
*     {
*       "serial": "02",
*       "validFrom": "2011-08-07T19:00:00-05:00",
*       "validTo": "2021-08-10T23:59:59-05:00",
*       "expired": false,
*       "subject": {
*         "CN": "XYZ Corporation",
*         "O": "XYZ"
*       },
*       "issuer": {
*         "CN": "XYZ Corporation",
*         "O": "XYZ"
*       },
*       "keyType": "RSA",
*       "keySize": "2048",
*       "der": "MIIDz...Q4Zt"
*     },
*     {
*       "serial": "01",
*       "validFrom": "2011-08-07T19:00:00-05:00",
*       "validTo": "2021-08-10T23:59:59-05:00",
*       "expired": false,
*       "subject": {
*         "CN": "XYZ Corporation",
*         "O": "XYZ"
*       },
*       "issuer": {
*         "CN": "XYZ Corporation",
*         "O": "XYZ"
*       },
*       "keyType": "RSA",
*       "keySize": "2048",
*       "der": "MIID...jXYFc="
*     },
*     {
*       "serial": "0AA125D6D6321B7E41E405DA3697C215",
*       "validFrom": "2016-01-07T06:00:00-06:00",
*       "validTo": "2031-01-07T12:00:00-06:00",
*       "expired": false,
*       "subject": {
*         "CN": "DigiCert SHA2 Assured ID Timestamping CA",
*         "OU": "www.digicert.com",
*         "O": "DigiCert Inc",
*         "C": "US"
*       },
*       "issuer": {
*         "CN": "DigiCert Assured ID Root CA",
*         "OU": "www.digicert.com",
*         "O": "DigiCert Inc",
*         "C": "US"
*       },
*       "keyType": "RSA",
*       "keySize": "2048",
*       "der": "MIIF...OUg=="
*     },
*     {
*       "serial": "04CD3F8568AE76C61BB0FE7160CCA76D",
*       "validFrom": "2019-09-30T19:00:00-05:00",
*       "validTo": "2030-10-17T00:00:00-05:00",
*       "expired": false,
*       "subject": {
*         "CN": "TIMESTAMP-SHA256-2019-10-15",
*         "O": "DigiCert, Inc.",
*         "C": "US"
*       },
*       "issuer": {
*         "CN": "DigiCert SHA2 Assured ID Timestamping CA",
*         "OU": "www.digicert.com",
*         "O": "DigiCert Inc",
*         "C": "US"
*       },
*       "keyType": "RSA",
*       "keySize": "2048",
*       "der": "MIIG...MJtPc="
*     },
*     {
*       "serial": "0CE7E0E517D846FE8FE560FC1BF03039",
*       "validFrom": "2006-11-09T18:00:00-06:00",
*       "validTo": "2031-11-10T00:00:00-06:00",
*       "expired": false,
*       "subject": {
*         "CN": "DigiCert Assured ID Root CA",
*         "OU": "www.digicert.com",
*         "O": "DigiCert Inc",
*         "C": "US"
*       },
*       "issuer": {
*         "CN": "DigiCert Assured ID Root CA",
*         "OU": "www.digicert.com",
*         "O": "DigiCert Inc",
*         "C": "US"
*       },
*       "keyType": "RSA",
*       "keySize": "2048",
*       "der": "MIIDt...FL6Lw8g=="
*     },
*     {
*       "serial": "E4D34D01798BE686424AF7F6F0C3BF41",
*       "validFrom": "2015-03-24T10:58:16-05:00",
*       "validTo": "2039-12-31T23:59:59-06:00",
*       "expired": false,
*       "subject": {
*         "CN": "www.xyz.com"
*       },
*       "issuer": {
*         "CN": "www.xyz.com"
*       },
*       "keyType": "RSA",
*       "keySize": "1024",
*       "der": "MIIB9DCCAWG...UR10lz"
*     }
*   ],
*   "/OCSPs": [
*     {
*       "responseStatus": 0,
*       "responseTypeOid": "1.3.6.1.5.5.7.48.1.1",
*       "responseTypeName": "ocspBasic",
*       "response": {
*         "responderIdChoice": "KeyHash",
*         "responderKeyHash": "Reuir/SSy4IxLVGLp6chnfNtyA8=",
*         "dateTime": "20201005173921Z",
*         "cert": [
*           {
*             "hashOid": "1.3.14.3.2.26",
*             "hashAlg": "SHA-1",
*             "issuerNameHash": "98S+C0C1w0QzPT+uuU1uONr67FE=",
*             "issuerKeyHash": "Reuir/SSy4IxLVGLp6chnfNtyA8=",
*             "serialNumber": "0AA125D6D6321B7E41E405DA3697C215",
*             "status": 0,
*             "thisUpdate": "20201005173921Z",
*             "nextUpdate": "20201012173921Z"
*           }
*         ]
*       }
*     },
*     {
*       "responseStatus": 0,
*       "responseTypeOid": "1.3.6.1.5.5.7.48.1.1",
*       "responseTypeName": "ocspBasic",
*       "response": {
*         "responderIdChoice": "KeyHash",
*         "responderKeyHash": "9LbhIB3+Ka7S5GGlsqIlssgXNW4=",
*         "dateTime": "20201006114501Z",
*         "cert": [
*           {
*             "hashOid": "1.3.14.3.2.26",
*             "hashAlg": "SHA-1",
*             "issuerNameHash": "+YYA+KSr7NIxRSxCjUNQo25SyD0=",
*             "issuerKeyHash": "9LbhIB3+Ka7S5GGlsqIlssgXNW4=",
*             "serialNumber": "04CD3F8568AE76C61BB0FE7160CCA76D",
*             "status": 0,
*             "thisUpdate": "20201006114501Z",
*             "nextUpdate": "20201013110001Z"
*           }
*         ]
*       }
*     }
*   ]
* }

* For versions of Chilkat < 10.0.0, use CreateObject('Chilkat_9_5_0.DtObj')
loResponseDateTime = CreateObject('Chilkat.DtObj')
* For versions of Chilkat < 10.0.0, use CreateObject('Chilkat_9_5_0.DtObj')
loThisUpdate = CreateObject('Chilkat.DtObj')
* For versions of Chilkat < 10.0.0, use CreateObject('Chilkat_9_5_0.DtObj')
loNextUpdate = CreateObject('Chilkat.DtObj')

i = 0
lnCount_i = loJson.SizeOfArray("/Certs")
DO WHILE i < lnCount_i
    loJson.I = i
    lcSerial = loJson.StringOf("/Certs[i].serial")
    lcValidFrom = loJson.StringOf("/Certs[i].validFrom")
    lcValidTo = loJson.StringOf("/Certs[i].validTo")
    lnExpired = loJson.BoolOf("/Certs[i].expired")
    lcSubjectCN = loJson.StringOf("/Certs[i].subject.CN")
    lcSubjectO = loJson.StringOf("/Certs[i].subject.O")
    lcIssuerCN = loJson.StringOf("/Certs[i].issuer.CN")
    lcIssuerO = loJson.StringOf("/Certs[i].issuer.O")
    lcKeyType = loJson.StringOf("/Certs[i].keyType")
    lcKeySize = loJson.StringOf("/Certs[i].keySize")
    lcDer = loJson.StringOf("/Certs[i].der")
    lcSubjectOU = loJson.StringOf("/Certs[i].subject.OU")
    lcSubjectC = loJson.StringOf("/Certs[i].subject.C")
    lcIssuerOU = loJson.StringOf("/Certs[i].issuer.OU")
    lcIssuerC = loJson.StringOf("/Certs[i].issuer.C")
    i = i + 1
ENDDO
i = 0
lnCount_i = loJson.SizeOfArray("/OCSPs")
DO WHILE i < lnCount_i
    loJson.I = i
    lnResponseStatus = loJson.IntOf("/OCSPs[i].responseStatus")
    lcResponseTypeOid = loJson.StringOf("/OCSPs[i].responseTypeOid")
    lcResponseTypeName = loJson.StringOf("/OCSPs[i].responseTypeName")
    lcResponseResponderIdChoice = loJson.StringOf("/OCSPs[i].response.responderIdChoice")
    lcResponseResponderKeyHash = loJson.StringOf("/OCSPs[i].response.responderKeyHash")
    loJson.DtOf("/OCSPs[i].response.dateTime",0,loResponseDateTime)
    j = 0
    lnCount_j = loJson.SizeOfArray("/OCSPs[i].response.cert")
    DO WHILE j < lnCount_j
        loJson.J = j
        lcHashOid = loJson.StringOf("/OCSPs[i].response.cert[j].hashOid")
        lcHashAlg = loJson.StringOf("/OCSPs[i].response.cert[j].hashAlg")
        lcIssuerNameHash = loJson.StringOf("/OCSPs[i].response.cert[j].issuerNameHash")
        lcIssuerKeyHash = loJson.StringOf("/OCSPs[i].response.cert[j].issuerKeyHash")
        lcSerialNumber = loJson.StringOf("/OCSPs[i].response.cert[j].serialNumber")
        lnStatus = loJson.IntOf("/OCSPs[i].response.cert[j].status")
        loJson.DtOf("/OCSPs[i].response.cert[j].thisUpdate",0,loThisUpdate)
        loJson.DtOf("/OCSPs[i].response.cert[j].nextUpdate",0,loNextUpdate)
        j = j + 1
    ENDDO
    i = i + 1
ENDDO

RELEASE loPdf
RELEASE loJson
RELEASE loResponseDateTime
RELEASE loThisUpdate
RELEASE loNextUpdate