Sample code for 30+ languages & platforms
Tcl

Extract TSTInfo from RFC3161 Timestamp Reply

See more HTTP Examples

Sends an RFC 3161 timestamp request to a TSA (Timestamp Authority) server and converts the timestamp reply to XML, and then extracts the TSTInfo from the XML and converts it to XML.

Chilkat Tcl Downloads

Tcl

load ./chilkat.dll

set success 0

# Note: Requires Chilkat v9.5.0.75 or greater.

# This requires the Chilkat API to have been previously unlocked.
# See Global Unlock Sample for sample code.

# First sha-256 hash the data that is to be timestamped.
# In this example, the data is the string "Hello World"

set crypt [new_CkCrypt2]

CkCrypt2_put_HashAlgorithm $crypt "sha256"
CkCrypt2_put_EncodingMode $crypt "base64"
set base64Hash [CkCrypt2_hashFileENC $crypt "qa_data/hamlet.xml"]

set http [new_CkHttp]

set requestToken [new_CkBinData]

set optionalPolicyOid ""
set addNonce 0
set requestTsaCert 1

# Create a time-stamp request token
set success [CkHttp_CreateTimestampRequest $http "sha256" $base64Hash $optionalPolicyOid $addNonce $requestTsaCert $requestToken]
if {$success == 0} then {
    puts [CkHttp_lastErrorText $http]
    delete_CkCrypt2 $crypt
    delete_CkHttp $http
    delete_CkBinData $requestToken
    exit
}

# Send the time-stamp request token to the TSA.
# This is the equivalent of the following CURL command:
# curl -H "Content-Type: application/timestamp-query" --data-binary '@file.tsq' http://timestamp.digicert.com > file.tsr
set tsaUrl "http://timestamp.digicert.com"
set resp [new_CkHttpResponse]

set success [CkHttp_HttpBd $http "POST" $tsaUrl $requestToken "application/timestamp-query" $resp]
if {$success == 0} then {
    puts [CkHttp_lastErrorText $http]
    delete_CkCrypt2 $crypt
    delete_CkHttp $http
    delete_CkBinData $requestToken
    delete_CkHttpResponse $resp
    exit
}

# Get the timestamp reply from the HTTP response object.
set timestampReply [new_CkBinData]

CkHttpResponse_GetBodyBd $resp $timestampReply

# Convert the binary timestamp reply to XML
set asn [new_CkAsn]

set success [CkAsn_LoadBd $asn $timestampReply]
if {$success == 0} then {
    puts [CkAsn_lastErrorText $asn]
    delete_CkCrypt2 $crypt
    delete_CkHttp $http
    delete_CkBinData $requestToken
    delete_CkHttpResponse $resp
    delete_CkBinData $timestampReply
    delete_CkAsn $asn
    exit
}

set xml [new_CkXml]

set success [CkXml_LoadXml $xml [CkAsn_asnToXml $asn]]

# Extract the TSTInfo from the XML.
# The TSTInfo is this base64 encoded ASN.1 

# TSTInfo ::= SEQUENCE  {
#    version                      INTEGER  { v1(1) },
#    policy                       TSAPolicyId,
#    messageImprint               MessageImprint,
#      -- MUST have the same value as the similar field in
#      -- TimeStampReq
#    serialNumber                 INTEGER,
#     -- Time-Stamping users MUST be ready to accommodate integers
#     -- up to 160 bits.
#    genTime                      GeneralizedTime,
#    accuracy                     Accuracy                 OPTIONAL,
#    ordering                     BOOLEAN             DEFAULT FALSE,
#    nonce                        INTEGER                  OPTIONAL,
#      -- MUST be present if the similar field was present
#      -- in TimeStampReq.  In that case it MUST have the same value.
#    tsa                          [0] GeneralName          OPTIONAL,
#    extensions                   [1] IMPLICIT Extensions   OPTIONAL  }

set tstInfoBase64 [CkXml_getChildContent $xml "sequence[1]|contextSpecific|sequence|sequence|contextSpecific|octets"]

set bdTstInfo [new_CkBinData]

CkBinData_AppendEncoded $bdTstInfo $tstInfoBase64 "base64"

set asnTstInfo [new_CkAsn]

set success [CkAsn_LoadBd $asnTstInfo $bdTstInfo]
if {$success == 0} then {
    puts [CkAsn_lastErrorText $asnTstInfo]
    delete_CkCrypt2 $crypt
    delete_CkHttp $http
    delete_CkBinData $requestToken
    delete_CkHttpResponse $resp
    delete_CkBinData $timestampReply
    delete_CkAsn $asn
    delete_CkXml $xml
    delete_CkBinData $bdTstInfo
    delete_CkAsn $asnTstInfo
    exit
}

set xmlTstInfo [new_CkXml]

set success [CkXml_LoadXml $xmlTstInfo [CkAsn_asnToXml $asnTstInfo]]
puts [CkXml_getXml $xmlTstInfo]

# Here's the TSTInfo XML:

# <?xml version="1.0" encoding="utf-8"?>
# <sequence>
#     <int>01</int>
#     <oid>2.16.840.1.114412.7.1</oid>
#     <sequence>
#         <sequence>
#             <oid>2.16.840.1.101.3.4.2.1</oid>
#             <null/>
#         </sequence>
#         <octets>4sRRyWOzC7EOic4fQ9+Op1pa10DbgoBGjBvkq09LZmE=</octets>
#     </sequence>
#     <int>00AD2C86E49872597B60F87D5C54BCFFAE</int>
#     <universal tag="24" constructed="0">MjAyMzAzMTYxMTQ5NTJa</universal>
# </sequence>

#    The genTime (GeneralizedTime) is contained in the final "universal" XML element and is 
#    in base64. It is the time at which the time-stamp token has been created by
#    the TSA. After decoding from base64, it is:
# 
#    The syntax is: YYYYMMDDhhmmss[.s...]Z
#    Example: 19990609001326.34352Z

set sbGenTime [new_CkStringBuilder]

CkStringBuilder_DecodeAndAppend $sbGenTime [CkXml_getChildContent $xmlTstInfo "universal"] "base64" "utf-8"
puts [CkStringBuilder_getAsString $sbGenTime]

# Result:
# 20230316115718Z

delete_CkCrypt2 $crypt
delete_CkHttp $http
delete_CkBinData $requestToken
delete_CkHttpResponse $resp
delete_CkBinData $timestampReply
delete_CkAsn $asn
delete_CkXml $xml
delete_CkBinData $bdTstInfo
delete_CkAsn $asnTstInfo
delete_CkXml $xmlTstInfo
delete_CkStringBuilder $sbGenTime