Tcl
Tcl
Extract TSTInfo from RFC3161 Timestamp Reply
See more HTTP Examples
Sends an RFC 3161 timestamp request to a TSA (Timestamp Authority) server and converts the timestamp reply to XML, and then extracts the TSTInfo from the XML and converts it to XML.Chilkat Tcl Downloads
load ./chilkat.dll
set success 0
# Note: Requires Chilkat v9.5.0.75 or greater.
# This requires the Chilkat API to have been previously unlocked.
# See Global Unlock Sample for sample code.
# First sha-256 hash the data that is to be timestamped.
# In this example, the data is the string "Hello World"
set crypt [new_CkCrypt2]
CkCrypt2_put_HashAlgorithm $crypt "sha256"
CkCrypt2_put_EncodingMode $crypt "base64"
set base64Hash [CkCrypt2_hashFileENC $crypt "qa_data/hamlet.xml"]
set http [new_CkHttp]
set requestToken [new_CkBinData]
set optionalPolicyOid ""
set addNonce 0
set requestTsaCert 1
# Create a time-stamp request token
set success [CkHttp_CreateTimestampRequest $http "sha256" $base64Hash $optionalPolicyOid $addNonce $requestTsaCert $requestToken]
if {$success == 0} then {
puts [CkHttp_lastErrorText $http]
delete_CkCrypt2 $crypt
delete_CkHttp $http
delete_CkBinData $requestToken
exit
}
# Send the time-stamp request token to the TSA.
# This is the equivalent of the following CURL command:
# curl -H "Content-Type: application/timestamp-query" --data-binary '@file.tsq' http://timestamp.digicert.com > file.tsr
set tsaUrl "http://timestamp.digicert.com"
set resp [new_CkHttpResponse]
set success [CkHttp_HttpBd $http "POST" $tsaUrl $requestToken "application/timestamp-query" $resp]
if {$success == 0} then {
puts [CkHttp_lastErrorText $http]
delete_CkCrypt2 $crypt
delete_CkHttp $http
delete_CkBinData $requestToken
delete_CkHttpResponse $resp
exit
}
# Get the timestamp reply from the HTTP response object.
set timestampReply [new_CkBinData]
CkHttpResponse_GetBodyBd $resp $timestampReply
# Convert the binary timestamp reply to XML
set asn [new_CkAsn]
set success [CkAsn_LoadBd $asn $timestampReply]
if {$success == 0} then {
puts [CkAsn_lastErrorText $asn]
delete_CkCrypt2 $crypt
delete_CkHttp $http
delete_CkBinData $requestToken
delete_CkHttpResponse $resp
delete_CkBinData $timestampReply
delete_CkAsn $asn
exit
}
set xml [new_CkXml]
set success [CkXml_LoadXml $xml [CkAsn_asnToXml $asn]]
# Extract the TSTInfo from the XML.
# The TSTInfo is this base64 encoded ASN.1
# TSTInfo ::= SEQUENCE {
# version INTEGER { v1(1) },
# policy TSAPolicyId,
# messageImprint MessageImprint,
# -- MUST have the same value as the similar field in
# -- TimeStampReq
# serialNumber INTEGER,
# -- Time-Stamping users MUST be ready to accommodate integers
# -- up to 160 bits.
# genTime GeneralizedTime,
# accuracy Accuracy OPTIONAL,
# ordering BOOLEAN DEFAULT FALSE,
# nonce INTEGER OPTIONAL,
# -- MUST be present if the similar field was present
# -- in TimeStampReq. In that case it MUST have the same value.
# tsa [0] GeneralName OPTIONAL,
# extensions [1] IMPLICIT Extensions OPTIONAL }
set tstInfoBase64 [CkXml_getChildContent $xml "sequence[1]|contextSpecific|sequence|sequence|contextSpecific|octets"]
set bdTstInfo [new_CkBinData]
CkBinData_AppendEncoded $bdTstInfo $tstInfoBase64 "base64"
set asnTstInfo [new_CkAsn]
set success [CkAsn_LoadBd $asnTstInfo $bdTstInfo]
if {$success == 0} then {
puts [CkAsn_lastErrorText $asnTstInfo]
delete_CkCrypt2 $crypt
delete_CkHttp $http
delete_CkBinData $requestToken
delete_CkHttpResponse $resp
delete_CkBinData $timestampReply
delete_CkAsn $asn
delete_CkXml $xml
delete_CkBinData $bdTstInfo
delete_CkAsn $asnTstInfo
exit
}
set xmlTstInfo [new_CkXml]
set success [CkXml_LoadXml $xmlTstInfo [CkAsn_asnToXml $asnTstInfo]]
puts [CkXml_getXml $xmlTstInfo]
# Here's the TSTInfo XML:
# <?xml version="1.0" encoding="utf-8"?>
# <sequence>
# <int>01</int>
# <oid>2.16.840.1.114412.7.1</oid>
# <sequence>
# <sequence>
# <oid>2.16.840.1.101.3.4.2.1</oid>
# <null/>
# </sequence>
# <octets>4sRRyWOzC7EOic4fQ9+Op1pa10DbgoBGjBvkq09LZmE=</octets>
# </sequence>
# <int>00AD2C86E49872597B60F87D5C54BCFFAE</int>
# <universal tag="24" constructed="0">MjAyMzAzMTYxMTQ5NTJa</universal>
# </sequence>
# The genTime (GeneralizedTime) is contained in the final "universal" XML element and is
# in base64. It is the time at which the time-stamp token has been created by
# the TSA. After decoding from base64, it is:
#
# The syntax is: YYYYMMDDhhmmss[.s...]Z
# Example: 19990609001326.34352Z
set sbGenTime [new_CkStringBuilder]
CkStringBuilder_DecodeAndAppend $sbGenTime [CkXml_getChildContent $xmlTstInfo "universal"] "base64" "utf-8"
puts [CkStringBuilder_getAsString $sbGenTime]
# Result:
# 20230316115718Z
delete_CkCrypt2 $crypt
delete_CkHttp $http
delete_CkBinData $requestToken
delete_CkHttpResponse $resp
delete_CkBinData $timestampReply
delete_CkAsn $asn
delete_CkXml $xml
delete_CkBinData $bdTstInfo
delete_CkAsn $asnTstInfo
delete_CkXml $xmlTstInfo
delete_CkStringBuilder $sbGenTime