PowerShell
PowerShell
Get PDF DSS (Document Security Store)
See more PDF Signatures Examples
This example demonstrates how to extract the information from a PDF's DSS (Document Security Store), if a /DSS exists. (Just because a PDF is signed does not mean a /DSS will exists. In fact, the /DSS is typically created at the point of adding the 2nd or greater signature because the /DSS contains LTV (long term validation) information about the previous signature at the time of adding an additional signature.)Note: This example requires Chilkat v9.5.0.85 or greater.
Chilkat PowerShell Downloads
Add-Type -Path "C:\chilkat\ChilkatDotNet47-x64\ChilkatDotNet47.dll"
$success = $false
# This example requires the Chilkat API to have been previously unlocked.
# See Global Unlock Sample for sample code.
$pdf = New-Object Chilkat.Pdf
$success = $pdf.LoadFile("qa_data/pdf/sign_testing_1/helloSigned2.pdf")
if ($success -eq $false) {
$($pdf.LastErrorText)
exit
}
$json = New-Object Chilkat.JsonObject
$json.EmitCompact = $false
$success = $pdf.GetDss($json)
$($json.Emit())
# The document security store contains certificates, OCSP responses, and CRLs.
# The following JSON is a sample of what the /DSS can contain.
# Unfortunately, our sample contains /Certs and /OCSPs, but no /CRLs.
# It's no problem because whatever JSON you get back, you can use the
# following online tool to generate code to parse.
# Generate Parsing Code from JSON
# The code generated by the online tool for this JSON is shown below..
# {
# "/VRI": {
# "/EC5BB34CC1F8A0C5FE674427E16E313A08C80808": {}
# },
# "/Certs": [
# {
# "serial": "02",
# "validFrom": "2011-08-07T19:00:00-05:00",
# "validTo": "2021-08-10T23:59:59-05:00",
# "expired": false,
# "subject": {
# "CN": "XYZ Corporation",
# "O": "XYZ"
# },
# "issuer": {
# "CN": "XYZ Corporation",
# "O": "XYZ"
# },
# "keyType": "RSA",
# "keySize": "2048",
# "der": "MIIDz...Q4Zt"
# },
# {
# "serial": "01",
# "validFrom": "2011-08-07T19:00:00-05:00",
# "validTo": "2021-08-10T23:59:59-05:00",
# "expired": false,
# "subject": {
# "CN": "XYZ Corporation",
# "O": "XYZ"
# },
# "issuer": {
# "CN": "XYZ Corporation",
# "O": "XYZ"
# },
# "keyType": "RSA",
# "keySize": "2048",
# "der": "MIID...jXYFc="
# },
# {
# "serial": "0AA125D6D6321B7E41E405DA3697C215",
# "validFrom": "2016-01-07T06:00:00-06:00",
# "validTo": "2031-01-07T12:00:00-06:00",
# "expired": false,
# "subject": {
# "CN": "DigiCert SHA2 Assured ID Timestamping CA",
# "OU": "www.digicert.com",
# "O": "DigiCert Inc",
# "C": "US"
# },
# "issuer": {
# "CN": "DigiCert Assured ID Root CA",
# "OU": "www.digicert.com",
# "O": "DigiCert Inc",
# "C": "US"
# },
# "keyType": "RSA",
# "keySize": "2048",
# "der": "MIIF...OUg=="
# },
# {
# "serial": "04CD3F8568AE76C61BB0FE7160CCA76D",
# "validFrom": "2019-09-30T19:00:00-05:00",
# "validTo": "2030-10-17T00:00:00-05:00",
# "expired": false,
# "subject": {
# "CN": "TIMESTAMP-SHA256-2019-10-15",
# "O": "DigiCert, Inc.",
# "C": "US"
# },
# "issuer": {
# "CN": "DigiCert SHA2 Assured ID Timestamping CA",
# "OU": "www.digicert.com",
# "O": "DigiCert Inc",
# "C": "US"
# },
# "keyType": "RSA",
# "keySize": "2048",
# "der": "MIIG...MJtPc="
# },
# {
# "serial": "0CE7E0E517D846FE8FE560FC1BF03039",
# "validFrom": "2006-11-09T18:00:00-06:00",
# "validTo": "2031-11-10T00:00:00-06:00",
# "expired": false,
# "subject": {
# "CN": "DigiCert Assured ID Root CA",
# "OU": "www.digicert.com",
# "O": "DigiCert Inc",
# "C": "US"
# },
# "issuer": {
# "CN": "DigiCert Assured ID Root CA",
# "OU": "www.digicert.com",
# "O": "DigiCert Inc",
# "C": "US"
# },
# "keyType": "RSA",
# "keySize": "2048",
# "der": "MIIDt...FL6Lw8g=="
# },
# {
# "serial": "E4D34D01798BE686424AF7F6F0C3BF41",
# "validFrom": "2015-03-24T10:58:16-05:00",
# "validTo": "2039-12-31T23:59:59-06:00",
# "expired": false,
# "subject": {
# "CN": "www.xyz.com"
# },
# "issuer": {
# "CN": "www.xyz.com"
# },
# "keyType": "RSA",
# "keySize": "1024",
# "der": "MIIB9DCCAWG...UR10lz"
# }
# ],
# "/OCSPs": [
# {
# "responseStatus": 0,
# "responseTypeOid": "1.3.6.1.5.5.7.48.1.1",
# "responseTypeName": "ocspBasic",
# "response": {
# "responderIdChoice": "KeyHash",
# "responderKeyHash": "Reuir/SSy4IxLVGLp6chnfNtyA8=",
# "dateTime": "20201005173921Z",
# "cert": [
# {
# "hashOid": "1.3.14.3.2.26",
# "hashAlg": "SHA-1",
# "issuerNameHash": "98S+C0C1w0QzPT+uuU1uONr67FE=",
# "issuerKeyHash": "Reuir/SSy4IxLVGLp6chnfNtyA8=",
# "serialNumber": "0AA125D6D6321B7E41E405DA3697C215",
# "status": 0,
# "thisUpdate": "20201005173921Z",
# "nextUpdate": "20201012173921Z"
# }
# ]
# }
# },
# {
# "responseStatus": 0,
# "responseTypeOid": "1.3.6.1.5.5.7.48.1.1",
# "responseTypeName": "ocspBasic",
# "response": {
# "responderIdChoice": "KeyHash",
# "responderKeyHash": "9LbhIB3+Ka7S5GGlsqIlssgXNW4=",
# "dateTime": "20201006114501Z",
# "cert": [
# {
# "hashOid": "1.3.14.3.2.26",
# "hashAlg": "SHA-1",
# "issuerNameHash": "+YYA+KSr7NIxRSxCjUNQo25SyD0=",
# "issuerKeyHash": "9LbhIB3+Ka7S5GGlsqIlssgXNW4=",
# "serialNumber": "04CD3F8568AE76C61BB0FE7160CCA76D",
# "status": 0,
# "thisUpdate": "20201006114501Z",
# "nextUpdate": "20201013110001Z"
# }
# ]
# }
# }
# ]
# }
$responseDateTime = New-Object Chilkat.DtObj
$thisUpdate = New-Object Chilkat.DtObj
$nextUpdate = New-Object Chilkat.DtObj
$i = 0
$count_i = $json.SizeOfArray("/Certs")
while ($i -lt $count_i) {
$json.I = $i
$serial = $json.StringOf("/Certs[i].serial")
$validFrom = $json.StringOf("/Certs[i].validFrom")
$validTo = $json.StringOf("/Certs[i].validTo")
$expired = $json.BoolOf("/Certs[i].expired")
$subjectCN = $json.StringOf("/Certs[i].subject.CN")
$subjectO = $json.StringOf("/Certs[i].subject.O")
$issuerCN = $json.StringOf("/Certs[i].issuer.CN")
$issuerO = $json.StringOf("/Certs[i].issuer.O")
$keyType = $json.StringOf("/Certs[i].keyType")
$keySize = $json.StringOf("/Certs[i].keySize")
$der = $json.StringOf("/Certs[i].der")
$subjectOU = $json.StringOf("/Certs[i].subject.OU")
$subjectC = $json.StringOf("/Certs[i].subject.C")
$issuerOU = $json.StringOf("/Certs[i].issuer.OU")
$issuerC = $json.StringOf("/Certs[i].issuer.C")
$i = $i + 1
}
$i = 0
$count_i = $json.SizeOfArray("/OCSPs")
while ($i -lt $count_i) {
$json.I = $i
$responseStatus = $json.IntOf("/OCSPs[i].responseStatus")
$responseTypeOid = $json.StringOf("/OCSPs[i].responseTypeOid")
$responseTypeName = $json.StringOf("/OCSPs[i].responseTypeName")
$responseResponderIdChoice = $json.StringOf("/OCSPs[i].response.responderIdChoice")
$responseResponderKeyHash = $json.StringOf("/OCSPs[i].response.responderKeyHash")
$json.DtOf("/OCSPs[i].response.dateTime",$false,$responseDateTime)
$j = 0
$count_j = $json.SizeOfArray("/OCSPs[i].response.cert")
while ($j -lt $count_j) {
$json.J = $j
$hashOid = $json.StringOf("/OCSPs[i].response.cert[j].hashOid")
$hashAlg = $json.StringOf("/OCSPs[i].response.cert[j].hashAlg")
$issuerNameHash = $json.StringOf("/OCSPs[i].response.cert[j].issuerNameHash")
$issuerKeyHash = $json.StringOf("/OCSPs[i].response.cert[j].issuerKeyHash")
$serialNumber = $json.StringOf("/OCSPs[i].response.cert[j].serialNumber")
$status = $json.IntOf("/OCSPs[i].response.cert[j].status")
$json.DtOf("/OCSPs[i].response.cert[j].thisUpdate",$false,$thisUpdate)
$json.DtOf("/OCSPs[i].response.cert[j].nextUpdate",$false,$nextUpdate)
$j = $j + 1
}
$i = $i + 1
}