PureBasic
PureBasic
Get ETK Public Key (api-acpt.ehealth.fgov.be)
See more Belgian eHealth Platform Examples
The following URL returns JSON, which contains a PKCS7 signed data:https://api-acpt.ehealth.fgov.be/etee/v1/etks?identifier=12345678901&type=SSIN
This example extracts the signed data, validates it, and then extracts the public key from the certificate (obtained from signed content in the PKCS7)
Note: The URL above uses "12345678901" which is not valid. You should replace it with a valid number.
Chilkat PureBasic Downloads
IncludeFile "CkPublicKey.pb"
IncludeFile "CkJsonObject.pb"
IncludeFile "CkHttp.pb"
IncludeFile "CkJsonArray.pb"
IncludeFile "CkCrypt2.pb"
IncludeFile "CkCert.pb"
IncludeFile "CkBinData.pb"
Procedure ChilkatExample()
success.i = 0
; This example requires the Chilkat API to have been previously unlocked.
; See Global Unlock Sample for sample code.
http.i = CkHttp::ckCreate()
If http.i = 0
Debug "Failed to create object."
ProcedureReturn
EndIf
jsonStr.s = CkHttp::ckQuickGetStr(http,"https://api-acpt.ehealth.fgov.be/etee/v1/etks?identifier=12345678901&type=SSIN")
If CkHttp::ckLastMethodSuccess(http) = 0
Debug CkHttp::ckLastErrorText(http)
CkHttp::ckDispose(http)
ProcedureReturn
EndIf
Debug jsonStr
; The JSON contains something like this:
; [
; {
; "key": {
; "applicationIdentifier": "",
; "ssin": "12345678901"
; },
; "value": "MIAGCSq....AAAAAAAA=="
; }
; ]
; Note: The above is a JSON array (not a JSON object)
; It should be loaded into a Chilkat JSON array.
jarr.i = CkJsonArray::ckCreate()
If jarr.i = 0
Debug "Failed to create object."
ProcedureReturn
EndIf
success = CkJsonArray::ckLoad(jarr,jsonStr)
If success = 0
Debug "Failed to load JSON."
CkHttp::ckDispose(http)
CkJsonArray::ckDispose(jarr)
ProcedureReturn
EndIf
json.i = CkJsonArray::ckObjectAt(jarr,0)
bdPkcs7.i = CkBinData::ckCreate()
If bdPkcs7.i = 0
Debug "Failed to create object."
ProcedureReturn
EndIf
CkBinData::ckAppendEncoded(bdPkcs7,CkJsonObject::ckStringOf(json,"value"),"base64")
CkJsonObject::ckDispose(json)
; Let's verify the PKCS7, and then examine the signing cert,
; and get the signing cert's public key.
crypt.i = CkCrypt2::ckCreate()
If crypt.i = 0
Debug "Failed to create object."
ProcedureReturn
EndIf
; Validate the signedData PKCS7, and replace the contents of bdPkcs7 with the extracted signed content.
success = CkCrypt2::ckOpaqueVerifyBd(crypt,bdPkcs7)
If success = 0
Debug CkCrypt2::ckLastErrorText(crypt)
CkHttp::ckDispose(http)
CkJsonArray::ckDispose(jarr)
CkBinData::ckDispose(bdPkcs7)
CkCrypt2::ckDispose(crypt)
ProcedureReturn
EndIf
; The signed content is the DER of a certificate.
; In other words, bdPkcs7 now contains a certificate.
cert.i = CkCert::ckCreate()
If cert.i = 0
Debug "Failed to create object."
ProcedureReturn
EndIf
success = CkCert::ckLoadFromBd(cert,bdPkcs7)
If success = 0
Debug CkCert::ckLastErrorText(cert)
CkHttp::ckDispose(http)
CkJsonArray::ckDispose(jarr)
CkBinData::ckDispose(bdPkcs7)
CkCrypt2::ckDispose(crypt)
CkCert::ckDispose(cert)
ProcedureReturn
EndIf
; Show some certificate information:
Debug "Subject: " + CkCert::ckSubjectDN(cert)
Debug "Serial: " + CkCert::ckSerialNumber(cert)
Debug "Issuer: " + CkCert::ckIssuerDN(cert)
; Let's get the cert's public key...
pubKey.i = CkPublicKey::ckCreate()
If pubKey.i = 0
Debug "Failed to create object."
ProcedureReturn
EndIf
CkCert::ckGetPublicKey(cert,pubKey)
; OK, you now have the public key and can do whatever is needed..
Debug CkPublicKey::ckKeyType(pubKey)
Debug Str(CkPublicKey::ckKeySize(pubKey))
CkHttp::ckDispose(http)
CkJsonArray::ckDispose(jarr)
CkBinData::ckDispose(bdPkcs7)
CkCrypt2::ckDispose(crypt)
CkCert::ckDispose(cert)
CkPublicKey::ckDispose(pubKey)
ProcedureReturn
EndProcedure