Sample code for 30+ languages & platforms
Objective-C

RFC3161 Timestamp Client - Fetch from Timestamp Authority (TSA) and Verify

See more HTTP Examples

Sends an RFC 3161 timestamp request to a TSA (Timestamp Authority) server and validates the timestamp token response.

Chilkat Objective-C Downloads

Objective-C
#import <CkoCrypt2.h>
#import <NSString.h>
#import <CkoHttp.h>
#import <CkoBinData.h>
#import <CkoHttpResponse.h>
#import <CkoCert.h>
#import <CkoJsonObject.h>
#import <CkoDtObj.h>

BOOL success = NO;

// This requires the Chilkat API to have been previously unlocked.
// See Global Unlock Sample for sample code.

// First sha-256 hash the data that is to be timestamped.
// In this example, the data is the string "Hello World"

CkoCrypt2 *crypt = [[CkoCrypt2 alloc] init];
crypt.HashAlgorithm = @"sha256";
crypt.EncodingMode = @"base64";
NSString *base64Hash = [crypt HashStringENC: @"Hello World"];

CkoHttp *http = [[CkoHttp alloc] init];

CkoBinData *requestToken = [[CkoBinData alloc] init];
NSString *optionalPolicyOid = @"";
BOOL addNonce = NO;
BOOL requestTsaCert = YES;

// Create a time-stamp request token
success = [http CreateTimestampRequest: @"sha256" hashVal: base64Hash reqPolicyOid: optionalPolicyOid addNonce: addNonce reqTsaCert: requestTsaCert timestampToken: requestToken];
if (success == NO) {
    NSLog(@"%@",http.LastErrorText);
    return;
}

// Send the time-stamp request token to the TSA.
// This is the equivalent of the following CURL command:
// curl -H "Content-Type: application/timestamp-query" --data-binary '@file.tsq' https://freetsa.org/tsr > file.tsr
NSString *tsaUrl = @"https://freetsa.org/tsr";
// Another timestamp server you could try is: http://timestamp.digicert.com
tsaUrl = @"http://timestamp.digicert.com";
CkoHttpResponse *resp = [[CkoHttpResponse alloc] init];
success = [http HttpBd: @"POST" url: tsaUrl bd: requestToken contentType: @"application/timestamp-query" response: resp];
if (success == NO) {
    NSLog(@"%@",http.LastErrorText);
    return;
}

// Get the timestamp reply from the HTTP response object.
CkoBinData *timestampReply = [[CkoBinData alloc] init];
[resp GetBodyBd: timestampReply];

// Show the base64 encoded timestamp reply.
NSLog(@"%@",[timestampReply GetEncoded: @"base64"]);

// Let's verify the timestamp reply against the TSA's cert, which we've previously downloaded.
// See https://freetsa.org/index_en.php
CkoCert *tsaCert = [[CkoCert alloc] init];
success = [tsaCert LoadFromFile: @"qa_data/certs/freetsa.org.cer"];
if (success == NO) {
    NSLog(@"%@",tsaCert.LastErrorText);
    return;
}

// The VerifyTimestampReply method will return one of the following values:
// -1:  The timestampReply does not contain a valid timestamp reply.
// -2: The  timestampReply is a valid timestamp reply, but failed verification using the public key of the tsaCert.
// 0:  Granted and verified.
// 1: Granted and verified, with mods (see RFC 3161)
// 2: Rejected.
// 3: Waiting.
// 4: Revocation Warning
// 5: Revocation Notification
int pkiStatus = [[http VerifyTimestampReply: timestampReply tsaCert: tsaCert] intValue];
if (pkiStatus < 0) {
    NSLog(@"%@",http.LastErrorText);
    return;
}

NSLog(@"%@%d",@"pkiStatus = ",pkiStatus);

CkoJsonObject *json = [[CkoJsonObject alloc] init];
[http GetLastJsonData: json];

json.EmitCompact = NO;
NSLog(@"%@",[json Emit]);

// The JSON looks like the following.

// Use this online tool to generate parsing code from sample JSON: 
// Generate Parsing Code from JSON

// {
//   "timestampReply": {
//     "pkiStatus": {
//       "value": 0,
//       "meaning": "granted"
//     }
//   },
//   "pkcs7": {
//     "verify": {
//       "digestAlgorithms": [
//         "sha256"
//       ],
//       "signerInfo": [
//         {
//           "cert": {
//             "serialNumber": "04CD3F8568AE76C61BB0FE7160CCA76D",
//             "issuerCN": "DigiCert SHA2 Assured ID Timestamping CA",
//             "digestAlgOid": "2.16.840.1.101.3.4.2.1",
//             "digestAlgName": "SHA256"
//           },
//           "contentType": "1.2.840.113549.1.9.16.1.4",
//           "signingTime": "200405023019Z",
//           "messageDigest": "f14zOsdnN9vyyV3HjjBiLzNDi1PF28hAFMODxNkNRZs=",
//           "signingAlgOid": "1.2.840.113549.1.1.1",
//           "signingAlgName": "RSA-PKCSV-1_5",
//           "authAttr": {
//             "1.2.840.113549.1.9.3": {
//               "name": "contentType",
//               "oid": "1.2.840.113549.1.9.16.1.4"
//             },
//             "1.2.840.113549.1.9.5": {
//               "name": "signingTime",
//               "utctime": "200405023019Z"
//             },
//             "1.2.840.113549.1.9.16.2.12": {
//               "name": "signingCertificate",
//               "der": "MBowGDAWBBQDJb1QXtqWMC3CL0+gHkwovig0xQ=="
//             },
//             "1.2.840.113549.1.9.4": {
//               "name": "messageDigest",
//               "digest": "f14zOsdnN9vyyV3HjjBiLzNDi1PF28hAFMODxNkNRZs="
//             }
//           }
//         }
//       ]
//     }
//   }
// }

CkoDtObj *signingTime = [[CkoDtObj alloc] init];
CkoDtObj *authAttrSigningTimeUtctime = [[CkoDtObj alloc] init];
NSString *strVal = 0;
NSString *certSerialNumber = 0;
NSString *certIssuerCN = 0;
NSString *certDigestAlgOid = 0;
NSString *certDigestAlgName = 0;
NSString *contentType = 0;
NSString *messageDigest = 0;
NSString *signingAlgOid = 0;
NSString *signingAlgName = 0;
NSString *authAttrContentTypeName = 0;
NSString *authAttrContentTypeOid = 0;
NSString *authAttrSigningTimeName = 0;
NSString *authAttrSigningCertificateName = 0;
NSString *authAttrSigningCertificateDer = 0;
NSString *authAttrMessageDigestName = 0;
NSString *authAttrMessageDigestDigest = 0;

int timestampReplyPkiStatusValue = [[json IntOf: @"timestampReply.pkiStatus.value"] intValue];
NSString *timestampReplyPkiStatusMeaning = [json StringOf: @"timestampReply.pkiStatus.meaning"];
int i = 0;
int count_i = [[json SizeOfArray: @"pkcs7.verify.digestAlgorithms"] intValue];
while (i < count_i) {
    json.I = [NSNumber numberWithInt: i];
    strVal = [json StringOf: @"pkcs7.verify.digestAlgorithms[i]"];
    i = i + 1;
}

i = 0;
count_i = [[json SizeOfArray: @"pkcs7.verify.signerInfo"] intValue];
while (i < count_i) {
    json.I = [NSNumber numberWithInt: i];
    certSerialNumber = [json StringOf: @"pkcs7.verify.signerInfo[i].cert.serialNumber"];
    certIssuerCN = [json StringOf: @"pkcs7.verify.signerInfo[i].cert.issuerCN"];
    certDigestAlgOid = [json StringOf: @"pkcs7.verify.signerInfo[i].cert.digestAlgOid"];
    certDigestAlgName = [json StringOf: @"pkcs7.verify.signerInfo[i].cert.digestAlgName"];
    contentType = [json StringOf: @"pkcs7.verify.signerInfo[i].contentType"];
    [json DtOf: @"pkcs7.verify.signerInfo[i].signingTime" bLocal: NO dt: signingTime];
    messageDigest = [json StringOf: @"pkcs7.verify.signerInfo[i].messageDigest"];
    signingAlgOid = [json StringOf: @"pkcs7.verify.signerInfo[i].signingAlgOid"];
    signingAlgName = [json StringOf: @"pkcs7.verify.signerInfo[i].signingAlgName"];
    authAttrContentTypeName = [json StringOf: @"pkcs7.verify.signerInfo[i].authAttr.\"1.2.840.113549.1.9.3\".name"];
    authAttrContentTypeOid = [json StringOf: @"pkcs7.verify.signerInfo[i].authAttr.\"1.2.840.113549.1.9.3\".oid"];
    authAttrSigningTimeName = [json StringOf: @"pkcs7.verify.signerInfo[i].authAttr.\"1.2.840.113549.1.9.5\".name"];
    [json DtOf: @"pkcs7.verify.signerInfo[i].authAttr.\"1.2.840.113549.1.9.5\".utctime" bLocal: NO dt: authAttrSigningTimeUtctime];
    authAttrSigningCertificateName = [json StringOf: @"pkcs7.verify.signerInfo[i].authAttr.\"1.2.840.113549.1.9.16.2.12\".name"];
    authAttrSigningCertificateDer = [json StringOf: @"pkcs7.verify.signerInfo[i].authAttr.\"1.2.840.113549.1.9.16.2.12\".der"];
    authAttrMessageDigestName = [json StringOf: @"pkcs7.verify.signerInfo[i].authAttr.\"1.2.840.113549.1.9.4\".name"];
    authAttrMessageDigestDigest = [json StringOf: @"pkcs7.verify.signerInfo[i].authAttr.\"1.2.840.113549.1.9.4\".digest"];
    i = i + 1;
}