Sample code for 30+ languages & platforms
Unicode C

Get ETK Public Key (api-acpt.ehealth.fgov.be)

See more Belgian eHealth Platform Examples

The following URL returns JSON, which contains a PKCS7 signed data:
https://api-acpt.ehealth.fgov.be/etee/v1/etks?identifier=12345678901&type=SSIN

This example extracts the signed data, validates it, and then extracts the public key from the certificate (obtained from signed content in the PKCS7)

Note: The URL above uses "12345678901" which is not valid. You should replace it with a valid number.

Chilkat Unicode C Downloads

Unicode C
#include <C_CkHttpW.h>
#include <C_CkJsonArrayW.h>
#include <C_CkJsonObjectW.h>
#include <C_CkBinDataW.h>
#include <C_CkCrypt2W.h>
#include <C_CkCertW.h>
#include <C_CkPublicKeyW.h>

void ChilkatSample(void)
    {
    BOOL success;
    HCkHttpW http;
    const wchar_t *jsonStr;
    HCkJsonArrayW jarr;
    HCkJsonObjectW json;
    HCkBinDataW bdPkcs7;
    HCkCrypt2W crypt;
    HCkCertW cert;
    HCkPublicKeyW pubKey;

    success = FALSE;

    // This example requires the Chilkat API to have been previously unlocked.
    // See Global Unlock Sample for sample code.

    http = CkHttpW_Create();

    jsonStr = CkHttpW_quickGetStr(http,L"https://api-acpt.ehealth.fgov.be/etee/v1/etks?identifier=12345678901&type=SSIN");
    if (CkHttpW_getLastMethodSuccess(http) == FALSE) {
        wprintf(L"%s\n",CkHttpW_lastErrorText(http));
        CkHttpW_Dispose(http);
        return;
    }

    wprintf(L"%s\n",jsonStr);

    // The JSON contains something like this:

    // [
    //     {
    //         "key": {
    //             "applicationIdentifier": "",
    //             "ssin": "12345678901"
    //         },
    //         "value": "MIAGCSq....AAAAAAAA=="
    //     }
    // ]

    // Note: The above is a JSON array (not a JSON object)
    // It should be loaded into a Chilkat JSON array.
    jarr = CkJsonArrayW_Create();
    success = CkJsonArrayW_Load(jarr,jsonStr);
    if (success == FALSE) {
        wprintf(L"Failed to load JSON.\n");
        CkHttpW_Dispose(http);
        CkJsonArrayW_Dispose(jarr);
        return;
    }

    json = CkJsonArrayW_ObjectAt(jarr,0);
    bdPkcs7 = CkBinDataW_Create();
    CkBinDataW_AppendEncoded(bdPkcs7,CkJsonObjectW_stringOf(json,L"value"),L"base64");
    CkJsonObjectW_Dispose(json);

    // Let's verify the PKCS7, and then examine the signing cert,
    // and get the signing cert's public key.
    crypt = CkCrypt2W_Create();

    // Validate the signedData PKCS7, and replace the contents of bdPkcs7 with the extracted signed content.
    success = CkCrypt2W_OpaqueVerifyBd(crypt,bdPkcs7);
    if (success == FALSE) {
        wprintf(L"%s\n",CkCrypt2W_lastErrorText(crypt));
        CkHttpW_Dispose(http);
        CkJsonArrayW_Dispose(jarr);
        CkBinDataW_Dispose(bdPkcs7);
        CkCrypt2W_Dispose(crypt);
        return;
    }

    // The signed content is the DER of a certificate.
    // In other words, bdPkcs7 now contains a certificate.
    cert = CkCertW_Create();
    success = CkCertW_LoadFromBd(cert,bdPkcs7);
    if (success == FALSE) {
        wprintf(L"%s\n",CkCertW_lastErrorText(cert));
        CkHttpW_Dispose(http);
        CkJsonArrayW_Dispose(jarr);
        CkBinDataW_Dispose(bdPkcs7);
        CkCrypt2W_Dispose(crypt);
        CkCertW_Dispose(cert);
        return;
    }

    // Show some certificate information:
    wprintf(L"Subject: %s\n",CkCertW_subjectDN(cert));
    wprintf(L"Serial: %s\n",CkCertW_serialNumber(cert));
    wprintf(L"Issuer: %s\n",CkCertW_issuerDN(cert));

    // Let's get the cert's public key...
    pubKey = CkPublicKeyW_Create();
    CkCertW_GetPublicKey(cert,pubKey);

    // OK, you now have the public key and can do whatever is needed..
    wprintf(L"%s\n",CkPublicKeyW_keyType(pubKey));
    wprintf(L"%d\n",CkPublicKeyW_getKeySize(pubKey));


    CkHttpW_Dispose(http);
    CkJsonArrayW_Dispose(jarr);
    CkBinDataW_Dispose(bdPkcs7);
    CkCrypt2W_Dispose(crypt);
    CkCertW_Dispose(cert);
    CkPublicKeyW_Dispose(pubKey);

    }