Sample code for 30+ languages & platforms
PureBasic

Get Certificate Authority Information Access

See more Certificates Examples

Demonstrates how to get a certificate's Authority Information Access extension data (if it exists).

Note: This example requires Chilkat v9.5.0.76 or greater.

Chilkat PureBasic Downloads

PureBasic
IncludeFile "CkCert.pb"
IncludeFile "CkStringBuilder.pb"
IncludeFile "CkXml.pb"

Procedure ChilkatExample()

    success.i = 0

    cert.i = CkCert::ckCreate()
    If cert.i = 0
        Debug "Failed to create object."
        ProcedureReturn
    EndIf

    success = CkCert::ckLoadFromFile(cert,"qa_data/certs/test_haswdt.cer")
    If success <> 1
        Debug CkCert::ckLastErrorText(cert)
        CkCert::ckDispose(cert)
        ProcedureReturn
    EndIf

    ; Get the Authority Information Access extension, which is at OID 1.3.6.1.5.5.7.1.1
    extensionXmlStr.s = CkCert::ckGetExtensionAsXml(cert,"1.3.6.1.5.5.7.1.1")
    If CkCert::ckLastMethodSuccess(cert) = 0
        Debug "Certificate does not have the AuthInfoAccess extension."
        CkCert::ckDispose(cert)
        ProcedureReturn
    EndIf

    xml.i = CkXml::ckCreate()
    If xml.i = 0
        Debug "Failed to create object."
        ProcedureReturn
    EndIf

    CkXml::ckLoadXml(xml,extensionXmlStr)

    ; See what we have..
    Debug CkXml::ckGetXml(xml)

    ; We should get XML like this:

    ; <?xml version="1.0" encoding="utf-8" ?>
    ; <sequence>
    ;     <sequence>
    ;         <oid>1.3.6.1.5.5.7.48.2</oid>
    ;         <contextSpecific tag="6" constructed="0">aHR0cDovL2NydC5jb21vZG9jYS5jb20vQ09NT0RPUlNBQ2xpZW50QXV0aGVudGljYXRpb25hbmRTZWN1
    ; cmVFbWFpbENBLmNydA==</contextSpecific>
    ;     </sequence>
    ;     <sequence>
    ;         <oid>1.3.6.1.5.5.7.48.1</oid>
    ;         <contextSpecific tag="6" constructed="0">aHR0cDovL29jc3AuY29tb2RvY2EuY29t</contextSpecific>
    ;     </sequence>
    ; </sequence>

    ; Typically, a certificate AIA(Authority Information access) contains 2 parts:
    ; 
    ;     On-line Certificate Status Protocol (1.3.6.1.5.5.7.48.1)
    ;     Certification Authority Issuer (1.3.6.1.5.5.7.48.2)
    ; 
    ; The base64 content for each OID (in this case) is just a string.  
    ; The data can be accessed and decoded like this:

    sbOcsp.i = CkStringBuilder::ckCreate()
    If sbOcsp.i = 0
        Debug "Failed to create object."
        ProcedureReturn
    EndIf

    success = CkXml::ckGetChildContentSb(xml,"/C/oid,1.3.6.1.5.5.7.48.1|++",sbOcsp)
    If success = 1
        CkStringBuilder::ckDecode(sbOcsp,"base64","utf-8")
        Debug "1.3.6.1.5.5.7.48.1:  " + CkStringBuilder::ckGetAsString(sbOcsp)
    EndIf

    sbIssuer.i = CkStringBuilder::ckCreate()
    If sbIssuer.i = 0
        Debug "Failed to create object."
        ProcedureReturn
    EndIf

    success = CkXml::ckGetChildContentSb(xml,"/C/oid,1.3.6.1.5.5.7.48.2|++",sbIssuer)
    If success = 1
        CkStringBuilder::ckDecode(sbIssuer,"base64","utf-8")
        Debug "1.3.6.1.5.5.7.48.2:  " + CkStringBuilder::ckGetAsString(sbIssuer)
    EndIf

    ; The output looks like this:

    ; 1.3.6.1.5.5.7.48.1:  http://ocsp.comodoca.com
    ; 1.3.6.1.5.5.7.48.2:  http://crt.comodoca.com/COMODORSAClientAuthenticationandSecureEmailCA.crt

    ; -------------------------------------------------------------------------------
    ; Note: The Chilkat path passed to GetChildContentSb is composed of two commands:
    ; The first command is "/C/oid,1.3.6.1.5.5.7.48.1".   It says "traverse the XML tree from the caller
    ; node and stop at the 1st node having tag = "oid" and content = "1.3.6.1.5.5.7.48.1".
    ; The "|" char separates the 1st command from the 2nd.
    ; The 2nd command is "++" and says "move to the next sibling".


    CkCert::ckDispose(cert)
    CkXml::ckDispose(xml)
    CkStringBuilder::ckDispose(sbOcsp)
    CkStringBuilder::ckDispose(sbIssuer)


    ProcedureReturn
EndProcedure