|
Chilkat • HOME • .NET Core C# • Android™ • AutoIt • C • C# • C++ • Chilkat2-Python • CkPython • Classic ASP • DataFlex • Delphi ActiveX • Delphi DLL • Go • Java • Lianja • Mono C# • Node.js • Objective-C • PHP ActiveX • PHP Extension • Perl • PowerBuilder • PowerShell • PureBasic • Ruby • SQL Server • Swift 2 • Swift 3,4,5... • Tcl • Unicode C • Unicode C++ • VB.NET • VBScript • Visual Basic 6.0 • Visual FoxPro • Xojo Plugin
(Tcl) RFC3161 Timestamp Client - Fetch from Timestamp Authority (TSA) and VerifySends an RFC 3161 timestamp request to a TSA (Timestamp Authority) server and validates the timestamp token response. Note: This example requires Chilkat v9.5.0.75 or greater.
load ./chilkat.dll # Note: Requires Chilkat v9.5.0.75 or greater. # This requires the Chilkat API to have been previously unlocked. # See Global Unlock Sample for sample code. # First sha-256 hash the data that is to be timestamped. # In this example, the data is the string "Hello World" set crypt [new_CkCrypt2] CkCrypt2_put_HashAlgorithm $crypt "sha256" CkCrypt2_put_EncodingMode $crypt "base64" set base64Hash [CkCrypt2_hashStringENC $crypt "Hello World"] set http [new_CkHttp] set requestToken [new_CkBinData] set optionalPolicyOid "" set addNonce 0 set requestTsaCert 1 # Create a time-stamp request token set success [CkHttp_CreateTimestampRequest $http "sha256" $base64Hash $optionalPolicyOid $addNonce $requestTsaCert $requestToken] if {$success != 1} then { puts [CkHttp_lastErrorText $http] delete_CkCrypt2 $crypt delete_CkHttp $http delete_CkBinData $requestToken exit } # Send the time-stamp request token to the TSA. # This is the equivalent of the following CURL command: # curl -H "Content-Type: application/timestamp-query" --data-binary '@file.tsq' https://freetsa.org/tsr > file.tsr set tsaUrl "https://freetsa.org/tsr" # Another timestamp server you could try is: http://timestamp.digicert.com set tsaUrl "http://timestamp.digicert.com" # resp is a CkHttpResponse set resp [CkHttp_PBinaryBd $http "POST" $tsaUrl $requestToken "application/timestamp-query" 0 0] if {[CkHttp_get_LastMethodSuccess $http] != 1} then { puts [CkHttp_lastErrorText $http] delete_CkCrypt2 $crypt delete_CkHttp $http delete_CkBinData $requestToken exit } # Get the timestamp reply from the HTTP response object. set timestampReply [new_CkBinData] CkHttpResponse_GetBodyBd $resp $timestampReply delete_CkHttpResponse $resp # Show the base64 encoded timestamp reply. puts [CkBinData_getEncoded $timestampReply base64] # Let's verify the timestamp reply against the TSA's cert, which we've previously downloaded. # See https://freetsa.org/index_en.php set tsaCert [new_CkCert] set success [CkCert_LoadFromFile $tsaCert "qa_data/certs/freetsa.org.cer"] if {$success != 1} then { puts [CkCert_lastErrorText $tsaCert] delete_CkCrypt2 $crypt delete_CkHttp $http delete_CkBinData $requestToken delete_CkBinData $timestampReply delete_CkCert $tsaCert exit } # The VerifyTimestampReply method will return one of the following values: # -1: The timestampReply does not contain a valid timestamp reply. # -2: The timestampReply is a valid timestamp reply, but failed verification using the public key of the tsaCert. # 0: Granted and verified. # 1: Granted and verified, with mods (see RFC 3161) # 2: Rejected. # 3: Waiting. # 4: Revocation Warning # 5: Revocation Notification set pkiStatus [CkHttp_VerifyTimestampReply $http $timestampReply $tsaCert] if {$pkiStatus < 0} then { puts [CkHttp_lastErrorText $http] delete_CkCrypt2 $crypt delete_CkHttp $http delete_CkBinData $requestToken delete_CkBinData $timestampReply delete_CkCert $tsaCert exit } puts "pkiStatus = $pkiStatus" # json is a CkJsonObject set json [CkHttp_LastJsonData $http] CkJsonObject_put_EmitCompact $json 0 puts [CkJsonObject_emit $json] # The LastJsonData looks like the following. # Note: The "timestampReply.pkiStatus" portion of the LastJsonData was added in Chilkat v9.5.0.83 # Use this online tool to generate parsing code from sample JSON: # Generate Parsing Code from JSON # { # "timestampReply": { # "pkiStatus": { # "value": 0, # "meaning": "granted" # } # }, # "pkcs7": { # "verify": { # "digestAlgorithms": [ # "sha256" # ], # "signerInfo": [ # { # "cert": { # "serialNumber": "04CD3F8568AE76C61BB0FE7160CCA76D", # "issuerCN": "DigiCert SHA2 Assured ID Timestamping CA", # "digestAlgOid": "2.16.840.1.101.3.4.2.1", # "digestAlgName": "SHA256" # }, # "contentType": "1.2.840.113549.1.9.16.1.4", # "signingTime": "200405023019Z", # "messageDigest": "f14zOsdnN9vyyV3HjjBiLzNDi1PF28hAFMODxNkNRZs=", # "signingAlgOid": "1.2.840.113549.1.1.1", # "signingAlgName": "RSA-PKCSV-1_5", # "authAttr": { # "1.2.840.113549.1.9.3": { # "name": "contentType", # "oid": "1.2.840.113549.1.9.16.1.4" # }, # "1.2.840.113549.1.9.5": { # "name": "signingTime", # "utctime": "200405023019Z" # }, # "1.2.840.113549.1.9.16.2.12": { # "name": "signingCertificate", # "der": "MBowGDAWBBQDJb1QXtqWMC3CL0+gHkwovig0xQ==" # }, # "1.2.840.113549.1.9.4": { # "name": "messageDigest", # "digest": "f14zOsdnN9vyyV3HjjBiLzNDi1PF28hAFMODxNkNRZs=" # } # } # } # ] # } # } # } set signingTime [new_CkDtObj] set authAttrSigningTimeUtctime [new_CkDtObj] set timestampReplyPkiStatusValue [CkJsonObject_IntOf $json "timestampReply.pkiStatus.value"] set timestampReplyPkiStatusMeaning [CkJsonObject_stringOf $json "timestampReply.pkiStatus.meaning"] set i 0 set count_i [CkJsonObject_SizeOfArray $json "pkcs7.verify.digestAlgorithms"] while {$i < $count_i} { CkJsonObject_put_I $json $i set strVal [CkJsonObject_stringOf $json "pkcs7.verify.digestAlgorithms[i]"] set i [expr $i + 1] } set i 0 set count_i [CkJsonObject_SizeOfArray $json "pkcs7.verify.signerInfo"] while {$i < $count_i} { CkJsonObject_put_I $json $i set certSerialNumber [CkJsonObject_stringOf $json "pkcs7.verify.signerInfo[i].cert.serialNumber"] set certIssuerCN [CkJsonObject_stringOf $json "pkcs7.verify.signerInfo[i].cert.issuerCN"] set certDigestAlgOid [CkJsonObject_stringOf $json "pkcs7.verify.signerInfo[i].cert.digestAlgOid"] set certDigestAlgName [CkJsonObject_stringOf $json "pkcs7.verify.signerInfo[i].cert.digestAlgName"] set contentType [CkJsonObject_stringOf $json "pkcs7.verify.signerInfo[i].contentType"] CkJsonObject_DtOf $json "pkcs7.verify.signerInfo[i].signingTime" 0 $signingTime set messageDigest [CkJsonObject_stringOf $json "pkcs7.verify.signerInfo[i].messageDigest"] set signingAlgOid [CkJsonObject_stringOf $json "pkcs7.verify.signerInfo[i].signingAlgOid"] set signingAlgName [CkJsonObject_stringOf $json "pkcs7.verify.signerInfo[i].signingAlgName"] set authAttrContentTypeName [CkJsonObject_stringOf $json "pkcs7.verify.signerInfo[i].authAttr.\"1.2.840.113549.1.9.3\".name"] set authAttrContentTypeOid [CkJsonObject_stringOf $json "pkcs7.verify.signerInfo[i].authAttr.\"1.2.840.113549.1.9.3\".oid"] set authAttrSigningTimeName [CkJsonObject_stringOf $json "pkcs7.verify.signerInfo[i].authAttr.\"1.2.840.113549.1.9.5\".name"] CkJsonObject_DtOf $json "pkcs7.verify.signerInfo[i].authAttr.\"1.2.840.113549.1.9.5\".utctime" 0 $authAttrSigningTimeUtctime set authAttrSigningCertificateName [CkJsonObject_stringOf $json "pkcs7.verify.signerInfo[i].authAttr.\"1.2.840.113549.1.9.16.2.12\".name"] set authAttrSigningCertificateDer [CkJsonObject_stringOf $json "pkcs7.verify.signerInfo[i].authAttr.\"1.2.840.113549.1.9.16.2.12\".der"] set authAttrMessageDigestName [CkJsonObject_stringOf $json "pkcs7.verify.signerInfo[i].authAttr.\"1.2.840.113549.1.9.4\".name"] set authAttrMessageDigestDigest [CkJsonObject_stringOf $json "pkcs7.verify.signerInfo[i].authAttr.\"1.2.840.113549.1.9.4\".digest"] set i [expr $i + 1] } delete_CkJsonObject $json delete_CkCrypt2 $crypt delete_CkHttp $http delete_CkBinData $requestToken delete_CkBinData $timestampReply delete_CkCert $tsaCert delete_CkDtObj $signingTime delete_CkDtObj $authAttrSigningTimeUtctime |
||||
© 2000-2024 Chilkat Software, Inc. All Rights Reserved.