|
Chilkat • HOME • .NET Core C# • Android™ • AutoIt • C • C# • C++ • Chilkat2-Python • CkPython • Classic ASP • DataFlex • Delphi ActiveX • Delphi DLL • Go • Java • Lianja • Mono C# • Node.js • Objective-C • PHP ActiveX • PHP Extension • Perl • PowerBuilder • PowerShell • PureBasic • Ruby • SQL Server • Swift 2 • Swift 3,4,5... • Tcl • Unicode C • Unicode C++ • VB.NET • VBScript • Visual Basic 6.0 • Visual FoxPro • Xojo Plugin
(PowerShell) RFC3161 Timestamp Client - Fetch from Timestamp Authority (TSA) and VerifySends an RFC 3161 timestamp request to a TSA (Timestamp Authority) server and validates the timestamp token response. Note: This example requires Chilkat v9.5.0.75 or greater.
Add-Type -Path "C:\chilkat\ChilkatDotNet47-9.5.0-x64\ChilkatDotNet47.dll" # Note: Requires Chilkat v9.5.0.75 or greater. # This requires the Chilkat API to have been previously unlocked. # See Global Unlock Sample for sample code. # First sha-256 hash the data that is to be timestamped. # In this example, the data is the string "Hello World" $crypt = New-Object Chilkat.Crypt2 $crypt.HashAlgorithm = "sha256" $crypt.EncodingMode = "base64" $base64Hash = $crypt.HashStringENC("Hello World") $http = New-Object Chilkat.Http $requestToken = New-Object Chilkat.BinData $optionalPolicyOid = "" $addNonce = $false $requestTsaCert = $true # Create a time-stamp request token $success = $http.CreateTimestampRequest("sha256",$base64Hash,$optionalPolicyOid,$addNonce,$requestTsaCert,$requestToken) if ($success -ne $true) { $($http.LastErrorText) exit } # Send the time-stamp request token to the TSA. # This is the equivalent of the following CURL command: # curl -H "Content-Type: application/timestamp-query" --data-binary '@file.tsq' https://freetsa.org/tsr > file.tsr $tsaUrl = "https://freetsa.org/tsr" # Another timestamp server you could try is: http://timestamp.digicert.com $tsaUrl = "http://timestamp.digicert.com" $resp = $http.PBinaryBd("POST",$tsaUrl,$requestToken,"application/timestamp-query",$false,$false) if ($http.LastMethodSuccess -ne $true) { $($http.LastErrorText) exit } # Get the timestamp reply from the HTTP response object. $timestampReply = New-Object Chilkat.BinData $resp.GetBodyBd($timestampReply) # Show the base64 encoded timestamp reply. $($timestampReply.GetEncoded("base64")) # Let's verify the timestamp reply against the TSA's cert, which we've previously downloaded. # See https://freetsa.org/index_en.php $tsaCert = New-Object Chilkat.Cert $success = $tsaCert.LoadFromFile("qa_data/certs/freetsa.org.cer") if ($success -ne $true) { $($tsaCert.LastErrorText) exit } # The VerifyTimestampReply method will return one of the following values: # -1: The timestampReply does not contain a valid timestamp reply. # -2: The timestampReply is a valid timestamp reply, but failed verification using the public key of the tsaCert. # 0: Granted and verified. # 1: Granted and verified, with mods (see RFC 3161) # 2: Rejected. # 3: Waiting. # 4: Revocation Warning # 5: Revocation Notification $pkiStatus = $http.VerifyTimestampReply($timestampReply,$tsaCert) if ($pkiStatus -lt 0) { $($http.LastErrorText) exit } $("pkiStatus = " + $pkiStatus) $json = $http.LastJsonData() $json.EmitCompact = $false $($json.Emit()) # The LastJsonData looks like the following. # Note: The "timestampReply.pkiStatus" portion of the LastJsonData was added in Chilkat v9.5.0.83 # Use this online tool to generate parsing code from sample JSON: # Generate Parsing Code from JSON # { # "timestampReply": { # "pkiStatus": { # "value": 0, # "meaning": "granted" # } # }, # "pkcs7": { # "verify": { # "digestAlgorithms": [ # "sha256" # ], # "signerInfo": [ # { # "cert": { # "serialNumber": "04CD3F8568AE76C61BB0FE7160CCA76D", # "issuerCN": "DigiCert SHA2 Assured ID Timestamping CA", # "digestAlgOid": "2.16.840.1.101.3.4.2.1", # "digestAlgName": "SHA256" # }, # "contentType": "1.2.840.113549.1.9.16.1.4", # "signingTime": "200405023019Z", # "messageDigest": "f14zOsdnN9vyyV3HjjBiLzNDi1PF28hAFMODxNkNRZs=", # "signingAlgOid": "1.2.840.113549.1.1.1", # "signingAlgName": "RSA-PKCSV-1_5", # "authAttr": { # "1.2.840.113549.1.9.3": { # "name": "contentType", # "oid": "1.2.840.113549.1.9.16.1.4" # }, # "1.2.840.113549.1.9.5": { # "name": "signingTime", # "utctime": "200405023019Z" # }, # "1.2.840.113549.1.9.16.2.12": { # "name": "signingCertificate", # "der": "MBowGDAWBBQDJb1QXtqWMC3CL0+gHkwovig0xQ==" # }, # "1.2.840.113549.1.9.4": { # "name": "messageDigest", # "digest": "f14zOsdnN9vyyV3HjjBiLzNDi1PF28hAFMODxNkNRZs=" # } # } # } # ] # } # } # } $signingTime = New-Object Chilkat.DtObj $authAttrSigningTimeUtctime = New-Object Chilkat.DtObj $timestampReplyPkiStatusValue = $json.IntOf("timestampReply.pkiStatus.value") $timestampReplyPkiStatusMeaning = $json.StringOf("timestampReply.pkiStatus.meaning") $i = 0 $count_i = $json.SizeOfArray("pkcs7.verify.digestAlgorithms") while ($i -lt $count_i) { $json.I = $i $strVal = $json.StringOf("pkcs7.verify.digestAlgorithms[i]") $i = $i + 1 } $i = 0 $count_i = $json.SizeOfArray("pkcs7.verify.signerInfo") while ($i -lt $count_i) { $json.I = $i $certSerialNumber = $json.StringOf("pkcs7.verify.signerInfo[i].cert.serialNumber") $certIssuerCN = $json.StringOf("pkcs7.verify.signerInfo[i].cert.issuerCN") $certDigestAlgOid = $json.StringOf("pkcs7.verify.signerInfo[i].cert.digestAlgOid") $certDigestAlgName = $json.StringOf("pkcs7.verify.signerInfo[i].cert.digestAlgName") $contentType = $json.StringOf("pkcs7.verify.signerInfo[i].contentType") $json.DtOf("pkcs7.verify.signerInfo[i].signingTime",$false,$signingTime) $messageDigest = $json.StringOf("pkcs7.verify.signerInfo[i].messageDigest") $signingAlgOid = $json.StringOf("pkcs7.verify.signerInfo[i].signingAlgOid") $signingAlgName = $json.StringOf("pkcs7.verify.signerInfo[i].signingAlgName") $authAttrContentTypeName = $json.StringOf("pkcs7.verify.signerInfo[i].authAttr.`"1.2.840.113549.1.9.3`".name") $authAttrContentTypeOid = $json.StringOf("pkcs7.verify.signerInfo[i].authAttr.`"1.2.840.113549.1.9.3`".oid") $authAttrSigningTimeName = $json.StringOf("pkcs7.verify.signerInfo[i].authAttr.`"1.2.840.113549.1.9.5`".name") $json.DtOf("pkcs7.verify.signerInfo[i].authAttr.`"1.2.840.113549.1.9.5`".utctime",$false,$authAttrSigningTimeUtctime) $authAttrSigningCertificateName = $json.StringOf("pkcs7.verify.signerInfo[i].authAttr.`"1.2.840.113549.1.9.16.2.12`".name") $authAttrSigningCertificateDer = $json.StringOf("pkcs7.verify.signerInfo[i].authAttr.`"1.2.840.113549.1.9.16.2.12`".der") $authAttrMessageDigestName = $json.StringOf("pkcs7.verify.signerInfo[i].authAttr.`"1.2.840.113549.1.9.4`".name") $authAttrMessageDigestDigest = $json.StringOf("pkcs7.verify.signerInfo[i].authAttr.`"1.2.840.113549.1.9.4`".digest") $i = $i + 1 } |
||||
© 2000-2024 Chilkat Software, Inc. All Rights Reserved.