(Node.js) Get PDF DSS (Document Security Store)

See more PDF Signatures Examples

This example demonstrates how to extract the information from a PDF's DSS (Document Security Store), if a /DSS exists. (Just because a PDF is signed does not mean a /DSS will exists. In fact, the /DSS is typically created at the point of adding the 2nd or greater signature because the /DSS contains LTV (long term validation) information about the previous signature at the time of adding an additional signature.)

Note: This example requires Chilkat v9.5.0.85 or greater.

Install Chilkat for Node.js and Electron using npm at Chilkat npm packages for Node.js Chilkat npm packages for Electron on Windows, Linux, MacOSX, and ARM

var os = require('os');
if (os.platform() == 'win32') {  
    if (os.arch() == 'ia32') {
        var chilkat = require('@chilkat/ck-node21-win-ia32');
    } else {
        var chilkat = require('@chilkat/ck-node21-win64'); 
    }
} else if (os.platform() == 'linux') {
    if (os.arch() == 'arm') {
        var chilkat = require('@chilkat/ck-node21-arm');
    } else if (os.arch() == 'x86') {
        var chilkat = require('@chilkat/ck-node21-linux32');
    } else {
        var chilkat = require('@chilkat/ck-node21-linux64');
    }
} else if (os.platform() == 'darwin') {
    if (os.arch() == 'arm64') {
        var chilkat = require('@chilkat/ck-node21-mac-m1');
    } else {
        var chilkat = require('@chilkat/ck-node21-macosx');
    }
}

function chilkatExample() {

    // This example requires the Chilkat API to have been previously unlocked.
    // See Global Unlock Sample for sample code.

    var pdf = new chilkat.Pdf();

    var success = pdf.LoadFile("qa_data/pdf/sign_testing_1/helloSigned2.pdf");
    if (success == false) {
        console.log(pdf.LastErrorText);
        return;
    }

    var json = new chilkat.JsonObject();
    json.EmitCompact = false;

    success = pdf.GetDss(json);
    console.log(json.Emit());

    // The document security store contains certificates, OCSP responses, and CRLs.
    // The following JSON is a sample of what the /DSS can contain.
    // Unfortunately, our sample contains /Certs and /OCSPs, but no /CRLs.
    // It's no problem because whatever JSON you get back, you can use the
    // following online tool to generate code to parse.
    // Generate Parsing Code from JSON

    // The code generated by the online tool for this JSON is shown below..

    // {
    //   "/VRI": {
    //     "/EC5BB34CC1F8A0C5FE674427E16E313A08C80808": {}
    //   },
    //   "/Certs": [
    //     {
    //       "serial": "02",
    //       "validFrom": "2011-08-07T19:00:00-05:00",
    //       "validTo": "2021-08-10T23:59:59-05:00",
    //       "expired": false,
    //       "subject": {
    //         "CN": "XYZ Corporation",
    //         "O": "XYZ"
    //       },
    //       "issuer": {
    //         "CN": "XYZ Corporation",
    //         "O": "XYZ"
    //       },
    //       "keyType": "RSA",
    //       "keySize": "2048",
    //       "der": "MIIDz...Q4Zt"
    //     },
    //     {
    //       "serial": "01",
    //       "validFrom": "2011-08-07T19:00:00-05:00",
    //       "validTo": "2021-08-10T23:59:59-05:00",
    //       "expired": false,
    //       "subject": {
    //         "CN": "XYZ Corporation",
    //         "O": "XYZ"
    //       },
    //       "issuer": {
    //         "CN": "XYZ Corporation",
    //         "O": "XYZ"
    //       },
    //       "keyType": "RSA",
    //       "keySize": "2048",
    //       "der": "MIID...jXYFc="
    //     },
    //     {
    //       "serial": "0AA125D6D6321B7E41E405DA3697C215",
    //       "validFrom": "2016-01-07T06:00:00-06:00",
    //       "validTo": "2031-01-07T12:00:00-06:00",
    //       "expired": false,
    //       "subject": {
    //         "CN": "DigiCert SHA2 Assured ID Timestamping CA",
    //         "OU": "www.digicert.com",
    //         "O": "DigiCert Inc",
    //         "C": "US"
    //       },
    //       "issuer": {
    //         "CN": "DigiCert Assured ID Root CA",
    //         "OU": "www.digicert.com",
    //         "O": "DigiCert Inc",
    //         "C": "US"
    //       },
    //       "keyType": "RSA",
    //       "keySize": "2048",
    //       "der": "MIIF...OUg=="
    //     },
    //     {
    //       "serial": "04CD3F8568AE76C61BB0FE7160CCA76D",
    //       "validFrom": "2019-09-30T19:00:00-05:00",
    //       "validTo": "2030-10-17T00:00:00-05:00",
    //       "expired": false,
    //       "subject": {
    //         "CN": "TIMESTAMP-SHA256-2019-10-15",
    //         "O": "DigiCert, Inc.",
    //         "C": "US"
    //       },
    //       "issuer": {
    //         "CN": "DigiCert SHA2 Assured ID Timestamping CA",
    //         "OU": "www.digicert.com",
    //         "O": "DigiCert Inc",
    //         "C": "US"
    //       },
    //       "keyType": "RSA",
    //       "keySize": "2048",
    //       "der": "MIIG...MJtPc="
    //     },
    //     {
    //       "serial": "0CE7E0E517D846FE8FE560FC1BF03039",
    //       "validFrom": "2006-11-09T18:00:00-06:00",
    //       "validTo": "2031-11-10T00:00:00-06:00",
    //       "expired": false,
    //       "subject": {
    //         "CN": "DigiCert Assured ID Root CA",
    //         "OU": "www.digicert.com",
    //         "O": "DigiCert Inc",
    //         "C": "US"
    //       },
    //       "issuer": {
    //         "CN": "DigiCert Assured ID Root CA",
    //         "OU": "www.digicert.com",
    //         "O": "DigiCert Inc",
    //         "C": "US"
    //       },
    //       "keyType": "RSA",
    //       "keySize": "2048",
    //       "der": "MIIDt...FL6Lw8g=="
    //     },
    //     {
    //       "serial": "E4D34D01798BE686424AF7F6F0C3BF41",
    //       "validFrom": "2015-03-24T10:58:16-05:00",
    //       "validTo": "2039-12-31T23:59:59-06:00",
    //       "expired": false,
    //       "subject": {
    //         "CN": "www.xyz.com"
    //       },
    //       "issuer": {
    //         "CN": "www.xyz.com"
    //       },
    //       "keyType": "RSA",
    //       "keySize": "1024",
    //       "der": "MIIB9DCCAWG...UR10lz"
    //     }
    //   ],
    //   "/OCSPs": [
    //     {
    //       "responseStatus": 0,
    //       "responseTypeOid": "1.3.6.1.5.5.7.48.1.1",
    //       "responseTypeName": "ocspBasic",
    //       "response": {
    //         "responderIdChoice": "KeyHash",
    //         "responderKeyHash": "Reuir/SSy4IxLVGLp6chnfNtyA8=",
    //         "dateTime": "20201005173921Z",
    //         "cert": [
    //           {
    //             "hashOid": "1.3.14.3.2.26",
    //             "hashAlg": "SHA-1",
    //             "issuerNameHash": "98S+C0C1w0QzPT+uuU1uONr67FE=",
    //             "issuerKeyHash": "Reuir/SSy4IxLVGLp6chnfNtyA8=",
    //             "serialNumber": "0AA125D6D6321B7E41E405DA3697C215",
    //             "status": 0,
    //             "thisUpdate": "20201005173921Z",
    //             "nextUpdate": "20201012173921Z"
    //           }
    //         ]
    //       }
    //     },
    //     {
    //       "responseStatus": 0,
    //       "responseTypeOid": "1.3.6.1.5.5.7.48.1.1",
    //       "responseTypeName": "ocspBasic",
    //       "response": {
    //         "responderIdChoice": "KeyHash",
    //         "responderKeyHash": "9LbhIB3+Ka7S5GGlsqIlssgXNW4=",
    //         "dateTime": "20201006114501Z",
    //         "cert": [
    //           {
    //             "hashOid": "1.3.14.3.2.26",
    //             "hashAlg": "SHA-1",
    //             "issuerNameHash": "+YYA+KSr7NIxRSxCjUNQo25SyD0=",
    //             "issuerKeyHash": "9LbhIB3+Ka7S5GGlsqIlssgXNW4=",
    //             "serialNumber": "04CD3F8568AE76C61BB0FE7160CCA76D",
    //             "status": 0,
    //             "thisUpdate": "20201006114501Z",
    //             "nextUpdate": "20201013110001Z"
    //           }
    //         ]
    //       }
    //     }
    //   ]
    // }

    var responseDateTime = new chilkat.DtObj();
    var thisUpdate = new chilkat.DtObj();
    var nextUpdate = new chilkat.DtObj();
    var serial;
    var validFrom;
    var validTo;
    var expired;
    var subjectCN;
    var subjectO;
    var issuerCN;
    var issuerO;
    var keyType;
    var keySize;
    var der;
    var subjectOU;
    var subjectC;
    var issuerOU;
    var issuerC;
    var responseStatus;
    var responseTypeOid;
    var responseTypeName;
    var responseResponderIdChoice;
    var responseResponderKeyHash;
    var j;
    var count_j;
    var hashOid;
    var hashAlg;
    var issuerNameHash;
    var issuerKeyHash;
    var serialNumber;
    var status;

    var i = 0;
    var count_i = json.SizeOfArray("/Certs");
    while (i < count_i) {
        json.I = i;
        serial = json.StringOf("/Certs[i].serial");
        validFrom = json.StringOf("/Certs[i].validFrom");
        validTo = json.StringOf("/Certs[i].validTo");
        expired = json.BoolOf("/Certs[i].expired");
        subjectCN = json.StringOf("/Certs[i].subject.CN");
        subjectO = json.StringOf("/Certs[i].subject.O");
        issuerCN = json.StringOf("/Certs[i].issuer.CN");
        issuerO = json.StringOf("/Certs[i].issuer.O");
        keyType = json.StringOf("/Certs[i].keyType");
        keySize = json.StringOf("/Certs[i].keySize");
        der = json.StringOf("/Certs[i].der");
        subjectOU = json.StringOf("/Certs[i].subject.OU");
        subjectC = json.StringOf("/Certs[i].subject.C");
        issuerOU = json.StringOf("/Certs[i].issuer.OU");
        issuerC = json.StringOf("/Certs[i].issuer.C");
        i = i+1;
    }

    i = 0;
    count_i = json.SizeOfArray("/OCSPs");
    while (i < count_i) {
        json.I = i;
        responseStatus = json.IntOf("/OCSPs[i].responseStatus");
        responseTypeOid = json.StringOf("/OCSPs[i].responseTypeOid");
        responseTypeName = json.StringOf("/OCSPs[i].responseTypeName");
        responseResponderIdChoice = json.StringOf("/OCSPs[i].response.responderIdChoice");
        responseResponderKeyHash = json.StringOf("/OCSPs[i].response.responderKeyHash");
        json.DtOf("/OCSPs[i].response.dateTime",false,responseDateTime);
        j = 0;
        count_j = json.SizeOfArray("/OCSPs[i].response.cert");
        while (j < count_j) {
            json.J = j;
            hashOid = json.StringOf("/OCSPs[i].response.cert[j].hashOid");
            hashAlg = json.StringOf("/OCSPs[i].response.cert[j].hashAlg");
            issuerNameHash = json.StringOf("/OCSPs[i].response.cert[j].issuerNameHash");
            issuerKeyHash = json.StringOf("/OCSPs[i].response.cert[j].issuerKeyHash");
            serialNumber = json.StringOf("/OCSPs[i].response.cert[j].serialNumber");
            status = json.IntOf("/OCSPs[i].response.cert[j].status");
            json.DtOf("/OCSPs[i].response.cert[j].thisUpdate",false,thisUpdate);
            json.DtOf("/OCSPs[i].response.cert[j].nextUpdate",false,nextUpdate);
            j = j+1;
        }

        i = i+1;
    }


}

chilkatExample();