Sample code for 30+ languages & platforms
Objective-C

Get ETK Public Key (api-acpt.ehealth.fgov.be)

See more Belgian eHealth Platform Examples

The following URL returns JSON, which contains a PKCS7 signed data:
https://api-acpt.ehealth.fgov.be/etee/v1/etks?identifier=12345678901&type=SSIN

This example extracts the signed data, validates it, and then extracts the public key from the certificate (obtained from signed content in the PKCS7)

Note: The URL above uses "12345678901" which is not valid. You should replace it with a valid number.

Chilkat Objective-C Downloads

Objective-C
#import <CkoHttp.h>
#import <NSString.h>
#import <CkoJsonArray.h>
#import <CkoJsonObject.h>
#import <CkoBinData.h>
#import <CkoCrypt2.h>
#import <CkoCert.h>
#import <CkoPublicKey.h>

BOOL success = NO;

// This example requires the Chilkat API to have been previously unlocked.
// See Global Unlock Sample for sample code.

CkoHttp *http = [[CkoHttp alloc] init];

NSString *jsonStr = [http QuickGetStr: @"https://api-acpt.ehealth.fgov.be/etee/v1/etks?identifier=12345678901&type=SSIN"];
if (http.LastMethodSuccess == NO) {
    NSLog(@"%@",http.LastErrorText);
    return;
}

NSLog(@"%@",jsonStr);

// The JSON contains something like this:

// [
//     {
//         "key": {
//             "applicationIdentifier": "",
//             "ssin": "12345678901"
//         },
//         "value": "MIAGCSq....AAAAAAAA=="
//     }
// ]

// Note: The above is a JSON array (not a JSON object)
// It should be loaded into a Chilkat JSON array.
CkoJsonArray *jarr = [[CkoJsonArray alloc] init];
success = [jarr Load: jsonStr];
if (success == NO) {
    NSLog(@"%@",@"Failed to load JSON.");
    return;
}

CkoJsonObject *json = [jarr ObjectAt: [NSNumber numberWithInt: 0]];
CkoBinData *bdPkcs7 = [[CkoBinData alloc] init];
[bdPkcs7 AppendEncoded: [json StringOf: @"value"] encoding: @"base64"];

// Let's verify the PKCS7, and then examine the signing cert,
// and get the signing cert's public key.
CkoCrypt2 *crypt = [[CkoCrypt2 alloc] init];

// Validate the signedData PKCS7, and replace the contents of bdPkcs7 with the extracted signed content.
success = [crypt OpaqueVerifyBd: bdPkcs7];
if (success == NO) {
    NSLog(@"%@",crypt.LastErrorText);
    return;
}

// The signed content is the DER of a certificate.
// In other words, bdPkcs7 now contains a certificate.
CkoCert *cert = [[CkoCert alloc] init];
success = [cert LoadFromBd: bdPkcs7];
if (success == NO) {
    NSLog(@"%@",cert.LastErrorText);
    return;
}

// Show some certificate information:
NSLog(@"%@%@",@"Subject: ",cert.SubjectDN);
NSLog(@"%@%@",@"Serial: ",cert.SerialNumber);
NSLog(@"%@%@",@"Issuer: ",cert.IssuerDN);

// Let's get the cert's public key...
CkoPublicKey *pubKey = [[CkoPublicKey alloc] init];
[cert GetPublicKey: pubKey];

// OK, you now have the public key and can do whatever is needed..
NSLog(@"%@",pubKey.KeyType);
NSLog(@"%d",[pubKey.KeySize intValue]);