Sample code for 30+ languages & platforms
Unicode C++

Get ETK Public Key (api-acpt.ehealth.fgov.be)

See more Belgian eHealth Platform Examples

The following URL returns JSON, which contains a PKCS7 signed data:
https://api-acpt.ehealth.fgov.be/etee/v1/etks?identifier=12345678901&type=SSIN

This example extracts the signed data, validates it, and then extracts the public key from the certificate (obtained from signed content in the PKCS7)

Note: The URL above uses "12345678901" which is not valid. You should replace it with a valid number.

Chilkat Unicode C++ Downloads

Unicode C++
#include <CkHttpW.h>
#include <CkJsonArrayW.h>
#include <CkJsonObjectW.h>
#include <CkBinDataW.h>
#include <CkCrypt2W.h>
#include <CkCertW.h>
#include <CkPublicKeyW.h>

void ChilkatSample(void)
    {
    bool success = false;

    // This example requires the Chilkat API to have been previously unlocked.
    // See Global Unlock Sample for sample code.

    CkHttpW http;

    const wchar_t *jsonStr = http.quickGetStr(L"https://api-acpt.ehealth.fgov.be/etee/v1/etks?identifier=12345678901&type=SSIN");
    if (http.get_LastMethodSuccess() == false) {
        wprintf(L"%s\n",http.lastErrorText());
        return;
    }

    wprintf(L"%s\n",jsonStr);

    // The JSON contains something like this:

    // [
    //     {
    //         "key": {
    //             "applicationIdentifier": "",
    //             "ssin": "12345678901"
    //         },
    //         "value": "MIAGCSq....AAAAAAAA=="
    //     }
    // ]

    // Note: The above is a JSON array (not a JSON object)
    // It should be loaded into a Chilkat JSON array.
    CkJsonArrayW jarr;
    success = jarr.Load(jsonStr);
    if (success == false) {
        wprintf(L"Failed to load JSON.\n");
        return;
    }

    CkJsonObjectW *json = jarr.ObjectAt(0);
    CkBinDataW bdPkcs7;
    bdPkcs7.AppendEncoded(json->stringOf(L"value"),L"base64");
    delete json;

    // Let's verify the PKCS7, and then examine the signing cert,
    // and get the signing cert's public key.
    CkCrypt2W crypt;

    // Validate the signedData PKCS7, and replace the contents of bdPkcs7 with the extracted signed content.
    success = crypt.OpaqueVerifyBd(bdPkcs7);
    if (success == false) {
        wprintf(L"%s\n",crypt.lastErrorText());
        return;
    }

    // The signed content is the DER of a certificate.
    // In other words, bdPkcs7 now contains a certificate.
    CkCertW cert;
    success = cert.LoadFromBd(bdPkcs7);
    if (success == false) {
        wprintf(L"%s\n",cert.lastErrorText());
        return;
    }

    // Show some certificate information:
    wprintf(L"Subject: %s\n",cert.subjectDN());
    wprintf(L"Serial: %s\n",cert.serialNumber());
    wprintf(L"Issuer: %s\n",cert.issuerDN());

    // Let's get the cert's public key...
    CkPublicKeyW pubKey;
    cert.GetPublicKey(pubKey);

    // OK, you now have the public key and can do whatever is needed..
    wprintf(L"%s\n",pubKey.keyType());
    wprintf(L"%d\n",pubKey.get_KeySize());
    }