Objective-C
Objective-C
RFC3161 Timestamp Client - Fetch from Timestamp Authority (TSA) and Verify
See more HTTP Examples
Sends an RFC 3161 timestamp request to a TSA (Timestamp Authority) server and validates the timestamp token response.Chilkat Objective-C Downloads
#import <CkoCrypt2.h>
#import <NSString.h>
#import <CkoHttp.h>
#import <CkoBinData.h>
#import <CkoHttpResponse.h>
#import <CkoCert.h>
#import <CkoJsonObject.h>
#import <CkoDtObj.h>
BOOL success = NO;
// This requires the Chilkat API to have been previously unlocked.
// See Global Unlock Sample for sample code.
// First sha-256 hash the data that is to be timestamped.
// In this example, the data is the string "Hello World"
CkoCrypt2 *crypt = [[CkoCrypt2 alloc] init];
crypt.HashAlgorithm = @"sha256";
crypt.EncodingMode = @"base64";
NSString *base64Hash = [crypt HashStringENC: @"Hello World"];
CkoHttp *http = [[CkoHttp alloc] init];
CkoBinData *requestToken = [[CkoBinData alloc] init];
NSString *optionalPolicyOid = @"";
BOOL addNonce = NO;
BOOL requestTsaCert = YES;
// Create a time-stamp request token
success = [http CreateTimestampRequest: @"sha256" hashVal: base64Hash reqPolicyOid: optionalPolicyOid addNonce: addNonce reqTsaCert: requestTsaCert timestampToken: requestToken];
if (success == NO) {
NSLog(@"%@",http.LastErrorText);
return;
}
// Send the time-stamp request token to the TSA.
// This is the equivalent of the following CURL command:
// curl -H "Content-Type: application/timestamp-query" --data-binary '@file.tsq' https://freetsa.org/tsr > file.tsr
NSString *tsaUrl = @"https://freetsa.org/tsr";
// Another timestamp server you could try is: http://timestamp.digicert.com
tsaUrl = @"http://timestamp.digicert.com";
CkoHttpResponse *resp = [[CkoHttpResponse alloc] init];
success = [http HttpBd: @"POST" url: tsaUrl bd: requestToken contentType: @"application/timestamp-query" response: resp];
if (success == NO) {
NSLog(@"%@",http.LastErrorText);
return;
}
// Get the timestamp reply from the HTTP response object.
CkoBinData *timestampReply = [[CkoBinData alloc] init];
[resp GetBodyBd: timestampReply];
// Show the base64 encoded timestamp reply.
NSLog(@"%@",[timestampReply GetEncoded: @"base64"]);
// Let's verify the timestamp reply against the TSA's cert, which we've previously downloaded.
// See https://freetsa.org/index_en.php
CkoCert *tsaCert = [[CkoCert alloc] init];
success = [tsaCert LoadFromFile: @"qa_data/certs/freetsa.org.cer"];
if (success == NO) {
NSLog(@"%@",tsaCert.LastErrorText);
return;
}
// The VerifyTimestampReply method will return one of the following values:
// -1: The timestampReply does not contain a valid timestamp reply.
// -2: The timestampReply is a valid timestamp reply, but failed verification using the public key of the tsaCert.
// 0: Granted and verified.
// 1: Granted and verified, with mods (see RFC 3161)
// 2: Rejected.
// 3: Waiting.
// 4: Revocation Warning
// 5: Revocation Notification
int pkiStatus = [[http VerifyTimestampReply: timestampReply tsaCert: tsaCert] intValue];
if (pkiStatus < 0) {
NSLog(@"%@",http.LastErrorText);
return;
}
NSLog(@"%@%d",@"pkiStatus = ",pkiStatus);
CkoJsonObject *json = [[CkoJsonObject alloc] init];
[http GetLastJsonData: json];
json.EmitCompact = NO;
NSLog(@"%@",[json Emit]);
// The JSON looks like the following.
// Use this online tool to generate parsing code from sample JSON:
// Generate Parsing Code from JSON
// {
// "timestampReply": {
// "pkiStatus": {
// "value": 0,
// "meaning": "granted"
// }
// },
// "pkcs7": {
// "verify": {
// "digestAlgorithms": [
// "sha256"
// ],
// "signerInfo": [
// {
// "cert": {
// "serialNumber": "04CD3F8568AE76C61BB0FE7160CCA76D",
// "issuerCN": "DigiCert SHA2 Assured ID Timestamping CA",
// "digestAlgOid": "2.16.840.1.101.3.4.2.1",
// "digestAlgName": "SHA256"
// },
// "contentType": "1.2.840.113549.1.9.16.1.4",
// "signingTime": "200405023019Z",
// "messageDigest": "f14zOsdnN9vyyV3HjjBiLzNDi1PF28hAFMODxNkNRZs=",
// "signingAlgOid": "1.2.840.113549.1.1.1",
// "signingAlgName": "RSA-PKCSV-1_5",
// "authAttr": {
// "1.2.840.113549.1.9.3": {
// "name": "contentType",
// "oid": "1.2.840.113549.1.9.16.1.4"
// },
// "1.2.840.113549.1.9.5": {
// "name": "signingTime",
// "utctime": "200405023019Z"
// },
// "1.2.840.113549.1.9.16.2.12": {
// "name": "signingCertificate",
// "der": "MBowGDAWBBQDJb1QXtqWMC3CL0+gHkwovig0xQ=="
// },
// "1.2.840.113549.1.9.4": {
// "name": "messageDigest",
// "digest": "f14zOsdnN9vyyV3HjjBiLzNDi1PF28hAFMODxNkNRZs="
// }
// }
// }
// ]
// }
// }
// }
CkoDtObj *signingTime = [[CkoDtObj alloc] init];
CkoDtObj *authAttrSigningTimeUtctime = [[CkoDtObj alloc] init];
NSString *strVal = 0;
NSString *certSerialNumber = 0;
NSString *certIssuerCN = 0;
NSString *certDigestAlgOid = 0;
NSString *certDigestAlgName = 0;
NSString *contentType = 0;
NSString *messageDigest = 0;
NSString *signingAlgOid = 0;
NSString *signingAlgName = 0;
NSString *authAttrContentTypeName = 0;
NSString *authAttrContentTypeOid = 0;
NSString *authAttrSigningTimeName = 0;
NSString *authAttrSigningCertificateName = 0;
NSString *authAttrSigningCertificateDer = 0;
NSString *authAttrMessageDigestName = 0;
NSString *authAttrMessageDigestDigest = 0;
int timestampReplyPkiStatusValue = [[json IntOf: @"timestampReply.pkiStatus.value"] intValue];
NSString *timestampReplyPkiStatusMeaning = [json StringOf: @"timestampReply.pkiStatus.meaning"];
int i = 0;
int count_i = [[json SizeOfArray: @"pkcs7.verify.digestAlgorithms"] intValue];
while (i < count_i) {
json.I = [NSNumber numberWithInt: i];
strVal = [json StringOf: @"pkcs7.verify.digestAlgorithms[i]"];
i = i + 1;
}
i = 0;
count_i = [[json SizeOfArray: @"pkcs7.verify.signerInfo"] intValue];
while (i < count_i) {
json.I = [NSNumber numberWithInt: i];
certSerialNumber = [json StringOf: @"pkcs7.verify.signerInfo[i].cert.serialNumber"];
certIssuerCN = [json StringOf: @"pkcs7.verify.signerInfo[i].cert.issuerCN"];
certDigestAlgOid = [json StringOf: @"pkcs7.verify.signerInfo[i].cert.digestAlgOid"];
certDigestAlgName = [json StringOf: @"pkcs7.verify.signerInfo[i].cert.digestAlgName"];
contentType = [json StringOf: @"pkcs7.verify.signerInfo[i].contentType"];
[json DtOf: @"pkcs7.verify.signerInfo[i].signingTime" bLocal: NO dt: signingTime];
messageDigest = [json StringOf: @"pkcs7.verify.signerInfo[i].messageDigest"];
signingAlgOid = [json StringOf: @"pkcs7.verify.signerInfo[i].signingAlgOid"];
signingAlgName = [json StringOf: @"pkcs7.verify.signerInfo[i].signingAlgName"];
authAttrContentTypeName = [json StringOf: @"pkcs7.verify.signerInfo[i].authAttr.\"1.2.840.113549.1.9.3\".name"];
authAttrContentTypeOid = [json StringOf: @"pkcs7.verify.signerInfo[i].authAttr.\"1.2.840.113549.1.9.3\".oid"];
authAttrSigningTimeName = [json StringOf: @"pkcs7.verify.signerInfo[i].authAttr.\"1.2.840.113549.1.9.5\".name"];
[json DtOf: @"pkcs7.verify.signerInfo[i].authAttr.\"1.2.840.113549.1.9.5\".utctime" bLocal: NO dt: authAttrSigningTimeUtctime];
authAttrSigningCertificateName = [json StringOf: @"pkcs7.verify.signerInfo[i].authAttr.\"1.2.840.113549.1.9.16.2.12\".name"];
authAttrSigningCertificateDer = [json StringOf: @"pkcs7.verify.signerInfo[i].authAttr.\"1.2.840.113549.1.9.16.2.12\".der"];
authAttrMessageDigestName = [json StringOf: @"pkcs7.verify.signerInfo[i].authAttr.\"1.2.840.113549.1.9.4\".name"];
authAttrMessageDigestDigest = [json StringOf: @"pkcs7.verify.signerInfo[i].authAttr.\"1.2.840.113549.1.9.4\".digest"];
i = i + 1;
}