(PureBasic) Get PDF DSS (Document Security Store)

See more PDF Signatures Examples

This example demonstrates how to extract the information from a PDF's DSS (Document Security Store), if a /DSS exists. (Just because a PDF is signed does not mean a /DSS will exists. In fact, the /DSS is typically created at the point of adding the 2nd or greater signature because the /DSS contains LTV (long term validation) information about the previous signature at the time of adding an additional signature.)

Note: This example requires Chilkat v9.5.0.85 or greater.

Chilkat PureBasic Module Download Chilkat PureBasic Module

IncludeFile "CkDtObj.pb"
IncludeFile "CkJsonObject.pb"
IncludeFile "CkPdf.pb"

Procedure ChilkatExample()

    ; This example requires the Chilkat API to have been previously unlocked.
    ; See Global Unlock Sample for sample code.

    pdf.i = CkPdf::ckCreate()
    If pdf.i = 0
        Debug "Failed to create object."
        ProcedureReturn
    EndIf

    success.i = CkPdf::ckLoadFile(pdf,"qa_data/pdf/sign_testing_1/helloSigned2.pdf")
    If success = 0
        Debug CkPdf::ckLastErrorText(pdf)
        CkPdf::ckDispose(pdf)
        ProcedureReturn
    EndIf

    json.i = CkJsonObject::ckCreate()
    If json.i = 0
        Debug "Failed to create object."
        ProcedureReturn
    EndIf

    CkJsonObject::setCkEmitCompact(json, 0)

    success = CkPdf::ckGetDss(pdf,json)
    Debug CkJsonObject::ckEmit(json)

    ; The document security store contains certificates, OCSP responses, and CRLs.
    ; The following JSON is a sample of what the /DSS can contain.
    ; Unfortunately, our sample contains /Certs and /OCSPs, but no /CRLs.
    ; It's no problem because whatever JSON you get back, you can use the
    ; following online tool to generate code to parse.
    ; Generate Parsing Code from JSON

    ; The code generated by the online tool for this JSON is shown below..

    ; {
    ;   "/VRI": {
    ;     "/EC5BB34CC1F8A0C5FE674427E16E313A08C80808": {}
    ;   },
    ;   "/Certs": [
    ;     {
    ;       "serial": "02",
    ;       "validFrom": "2011-08-07T19:00:00-05:00",
    ;       "validTo": "2021-08-10T23:59:59-05:00",
    ;       "expired": false,
    ;       "subject": {
    ;         "CN": "XYZ Corporation",
    ;         "O": "XYZ"
    ;       },
    ;       "issuer": {
    ;         "CN": "XYZ Corporation",
    ;         "O": "XYZ"
    ;       },
    ;       "keyType": "RSA",
    ;       "keySize": "2048",
    ;       "der": "MIIDz...Q4Zt"
    ;     },
    ;     {
    ;       "serial": "01",
    ;       "validFrom": "2011-08-07T19:00:00-05:00",
    ;       "validTo": "2021-08-10T23:59:59-05:00",
    ;       "expired": false,
    ;       "subject": {
    ;         "CN": "XYZ Corporation",
    ;         "O": "XYZ"
    ;       },
    ;       "issuer": {
    ;         "CN": "XYZ Corporation",
    ;         "O": "XYZ"
    ;       },
    ;       "keyType": "RSA",
    ;       "keySize": "2048",
    ;       "der": "MIID...jXYFc="
    ;     },
    ;     {
    ;       "serial": "0AA125D6D6321B7E41E405DA3697C215",
    ;       "validFrom": "2016-01-07T06:00:00-06:00",
    ;       "validTo": "2031-01-07T12:00:00-06:00",
    ;       "expired": false,
    ;       "subject": {
    ;         "CN": "DigiCert SHA2 Assured ID Timestamping CA",
    ;         "OU": "www.digicert.com",
    ;         "O": "DigiCert Inc",
    ;         "C": "US"
    ;       },
    ;       "issuer": {
    ;         "CN": "DigiCert Assured ID Root CA",
    ;         "OU": "www.digicert.com",
    ;         "O": "DigiCert Inc",
    ;         "C": "US"
    ;       },
    ;       "keyType": "RSA",
    ;       "keySize": "2048",
    ;       "der": "MIIF...OUg=="
    ;     },
    ;     {
    ;       "serial": "04CD3F8568AE76C61BB0FE7160CCA76D",
    ;       "validFrom": "2019-09-30T19:00:00-05:00",
    ;       "validTo": "2030-10-17T00:00:00-05:00",
    ;       "expired": false,
    ;       "subject": {
    ;         "CN": "TIMESTAMP-SHA256-2019-10-15",
    ;         "O": "DigiCert, Inc.",
    ;         "C": "US"
    ;       },
    ;       "issuer": {
    ;         "CN": "DigiCert SHA2 Assured ID Timestamping CA",
    ;         "OU": "www.digicert.com",
    ;         "O": "DigiCert Inc",
    ;         "C": "US"
    ;       },
    ;       "keyType": "RSA",
    ;       "keySize": "2048",
    ;       "der": "MIIG...MJtPc="
    ;     },
    ;     {
    ;       "serial": "0CE7E0E517D846FE8FE560FC1BF03039",
    ;       "validFrom": "2006-11-09T18:00:00-06:00",
    ;       "validTo": "2031-11-10T00:00:00-06:00",
    ;       "expired": false,
    ;       "subject": {
    ;         "CN": "DigiCert Assured ID Root CA",
    ;         "OU": "www.digicert.com",
    ;         "O": "DigiCert Inc",
    ;         "C": "US"
    ;       },
    ;       "issuer": {
    ;         "CN": "DigiCert Assured ID Root CA",
    ;         "OU": "www.digicert.com",
    ;         "O": "DigiCert Inc",
    ;         "C": "US"
    ;       },
    ;       "keyType": "RSA",
    ;       "keySize": "2048",
    ;       "der": "MIIDt...FL6Lw8g=="
    ;     },
    ;     {
    ;       "serial": "E4D34D01798BE686424AF7F6F0C3BF41",
    ;       "validFrom": "2015-03-24T10:58:16-05:00",
    ;       "validTo": "2039-12-31T23:59:59-06:00",
    ;       "expired": false,
    ;       "subject": {
    ;         "CN": "www.xyz.com"
    ;       },
    ;       "issuer": {
    ;         "CN": "www.xyz.com"
    ;       },
    ;       "keyType": "RSA",
    ;       "keySize": "1024",
    ;       "der": "MIIB9DCCAWG...UR10lz"
    ;     }
    ;   ],
    ;   "/OCSPs": [
    ;     {
    ;       "responseStatus": 0,
    ;       "responseTypeOid": "1.3.6.1.5.5.7.48.1.1",
    ;       "responseTypeName": "ocspBasic",
    ;       "response": {
    ;         "responderIdChoice": "KeyHash",
    ;         "responderKeyHash": "Reuir/SSy4IxLVGLp6chnfNtyA8=",
    ;         "dateTime": "20201005173921Z",
    ;         "cert": [
    ;           {
    ;             "hashOid": "1.3.14.3.2.26",
    ;             "hashAlg": "SHA-1",
    ;             "issuerNameHash": "98S+C0C1w0QzPT+uuU1uONr67FE=",
    ;             "issuerKeyHash": "Reuir/SSy4IxLVGLp6chnfNtyA8=",
    ;             "serialNumber": "0AA125D6D6321B7E41E405DA3697C215",
    ;             "status": 0,
    ;             "thisUpdate": "20201005173921Z",
    ;             "nextUpdate": "20201012173921Z"
    ;           }
    ;         ]
    ;       }
    ;     },
    ;     {
    ;       "responseStatus": 0,
    ;       "responseTypeOid": "1.3.6.1.5.5.7.48.1.1",
    ;       "responseTypeName": "ocspBasic",
    ;       "response": {
    ;         "responderIdChoice": "KeyHash",
    ;         "responderKeyHash": "9LbhIB3+Ka7S5GGlsqIlssgXNW4=",
    ;         "dateTime": "20201006114501Z",
    ;         "cert": [
    ;           {
    ;             "hashOid": "1.3.14.3.2.26",
    ;             "hashAlg": "SHA-1",
    ;             "issuerNameHash": "+YYA+KSr7NIxRSxCjUNQo25SyD0=",
    ;             "issuerKeyHash": "9LbhIB3+Ka7S5GGlsqIlssgXNW4=",
    ;             "serialNumber": "04CD3F8568AE76C61BB0FE7160CCA76D",
    ;             "status": 0,
    ;             "thisUpdate": "20201006114501Z",
    ;             "nextUpdate": "20201013110001Z"
    ;           }
    ;         ]
    ;       }
    ;     }
    ;   ]
    ; }

    responseDateTime.i = CkDtObj::ckCreate()
    If responseDateTime.i = 0
        Debug "Failed to create object."
        ProcedureReturn
    EndIf

    thisUpdate.i = CkDtObj::ckCreate()
    If thisUpdate.i = 0
        Debug "Failed to create object."
        ProcedureReturn
    EndIf

    nextUpdate.i = CkDtObj::ckCreate()
    If nextUpdate.i = 0
        Debug "Failed to create object."
        ProcedureReturn
    EndIf

    serial.s
    validFrom.s
    validTo.s
    expired.i
    subjectCN.s
    subjectO.s
    issuerCN.s
    issuerO.s
    keyType.s
    keySize.s
    der.s
    subjectOU.s
    subjectC.s
    issuerOU.s
    issuerC.s
    responseStatus.i
    responseTypeOid.s
    responseTypeName.s
    responseResponderIdChoice.s
    responseResponderKeyHash.s
    j.i
    count_j.i
    hashOid.s
    hashAlg.s
    issuerNameHash.s
    issuerKeyHash.s
    serialNumber.s
    status.i

    i.i = 0
    count_i.i = CkJsonObject::ckSizeOfArray(json,"/Certs")
    While i < count_i
        CkJsonObject::setCkI(json, i)
        serial = CkJsonObject::ckStringOf(json,"/Certs[i].serial")
        validFrom = CkJsonObject::ckStringOf(json,"/Certs[i].validFrom")
        validTo = CkJsonObject::ckStringOf(json,"/Certs[i].validTo")
        expired = CkJsonObject::ckBoolOf(json,"/Certs[i].expired")
        subjectCN = CkJsonObject::ckStringOf(json,"/Certs[i].subject.CN")
        subjectO = CkJsonObject::ckStringOf(json,"/Certs[i].subject.O")
        issuerCN = CkJsonObject::ckStringOf(json,"/Certs[i].issuer.CN")
        issuerO = CkJsonObject::ckStringOf(json,"/Certs[i].issuer.O")
        keyType = CkJsonObject::ckStringOf(json,"/Certs[i].keyType")
        keySize = CkJsonObject::ckStringOf(json,"/Certs[i].keySize")
        der = CkJsonObject::ckStringOf(json,"/Certs[i].der")
        subjectOU = CkJsonObject::ckStringOf(json,"/Certs[i].subject.OU")
        subjectC = CkJsonObject::ckStringOf(json,"/Certs[i].subject.C")
        issuerOU = CkJsonObject::ckStringOf(json,"/Certs[i].issuer.OU")
        issuerC = CkJsonObject::ckStringOf(json,"/Certs[i].issuer.C")
        i = i + 1
    Wend
    i = 0
    count_i = CkJsonObject::ckSizeOfArray(json,"/OCSPs")
    While i < count_i
        CkJsonObject::setCkI(json, i)
        responseStatus = CkJsonObject::ckIntOf(json,"/OCSPs[i].responseStatus")
        responseTypeOid = CkJsonObject::ckStringOf(json,"/OCSPs[i].responseTypeOid")
        responseTypeName = CkJsonObject::ckStringOf(json,"/OCSPs[i].responseTypeName")
        responseResponderIdChoice = CkJsonObject::ckStringOf(json,"/OCSPs[i].response.responderIdChoice")
        responseResponderKeyHash = CkJsonObject::ckStringOf(json,"/OCSPs[i].response.responderKeyHash")
        CkJsonObject::ckDtOf(json,"/OCSPs[i].response.dateTime",0,responseDateTime)
        j = 0
        count_j = CkJsonObject::ckSizeOfArray(json,"/OCSPs[i].response.cert")
        While j < count_j
            CkJsonObject::setCkJ(json, j)
            hashOid = CkJsonObject::ckStringOf(json,"/OCSPs[i].response.cert[j].hashOid")
            hashAlg = CkJsonObject::ckStringOf(json,"/OCSPs[i].response.cert[j].hashAlg")
            issuerNameHash = CkJsonObject::ckStringOf(json,"/OCSPs[i].response.cert[j].issuerNameHash")
            issuerKeyHash = CkJsonObject::ckStringOf(json,"/OCSPs[i].response.cert[j].issuerKeyHash")
            serialNumber = CkJsonObject::ckStringOf(json,"/OCSPs[i].response.cert[j].serialNumber")
            status = CkJsonObject::ckIntOf(json,"/OCSPs[i].response.cert[j].status")
            CkJsonObject::ckDtOf(json,"/OCSPs[i].response.cert[j].thisUpdate",0,thisUpdate)
            CkJsonObject::ckDtOf(json,"/OCSPs[i].response.cert[j].nextUpdate",0,nextUpdate)
            j = j + 1
        Wend
        i = i + 1
    Wend


    CkPdf::ckDispose(pdf)
    CkJsonObject::ckDispose(json)
    CkDtObj::ckDispose(responseDateTime)
    CkDtObj::ckDispose(thisUpdate)
    CkDtObj::ckDispose(nextUpdate)


    ProcedureReturn
EndProcedure