(Visual Basic 6.0) RFC3161 Timestamp Client - Fetch from Timestamp Authority (TSA) and Verify

Sends an RFC 3161 timestamp request to a TSA (Timestamp Authority) server and validates the timestamp token response.

Note: This example requires Chilkat v9.5.0.75 or greater.

Chilkat ActiveX Downloads ActiveX for 32-bit and 64-bit Windows

' Note: Requires Chilkat v9.5.0.75 or greater.

' This requires the Chilkat API to have been previously unlocked.
' See Global Unlock Sample for sample code.

' First sha-256 hash the data that is to be timestamped.
' In this example, the data is the string "Hello World"
Dim success As Long
Dim crypt As New ChilkatCrypt2
crypt.HashAlgorithm = "sha256"
crypt.EncodingMode = "base64"
Dim base64Hash As String
base64Hash = crypt.HashStringENC("Hello World")

Dim http As New ChilkatHttp

Dim requestToken As New ChilkatBinData
Dim optionalPolicyOid As String
optionalPolicyOid = ""
Dim addNonce As Long
addNonce = 0
Dim requestTsaCert As Long
requestTsaCert = 1

' Create a time-stamp request token
success = http.CreateTimestampRequest("sha256",base64Hash,optionalPolicyOid,addNonce,requestTsaCert,requestToken)
If (success <> 1) Then
    Debug.Print http.LastErrorText
    Exit Sub
End If

' Send the time-stamp request token to the TSA.
' This is the equivalent of the following CURL command:
' curl -H "Content-Type: application/timestamp-query" --data-binary '@file.tsq' https://freetsa.org/tsr > file.tsr
Dim tsaUrl As String
tsaUrl = "https://freetsa.org/tsr"
' Another timestamp server you could try is: http://timestamp.digicert.com
tsaUrl = "http://timestamp.digicert.com"
Dim resp As ChilkatHttpResponse
Set resp = http.PBinaryBd("POST",tsaUrl,requestToken,"application/timestamp-query",0,0)
If (http.LastMethodSuccess <> 1) Then
    Debug.Print http.LastErrorText
    Exit Sub
End If

' Get the timestamp reply from the HTTP response object.
Dim timestampReply As New ChilkatBinData
success = resp.GetBodyBd(timestampReply)

' Show the base64 encoded timestamp reply.
Debug.Print timestampReply.GetEncoded("base64")

' Let's verify the timestamp reply against the TSA's cert, which we've previously downloaded.
' See https://freetsa.org/index_en.php
Dim tsaCert As New ChilkatCert
success = tsaCert.LoadFromFile("qa_data/certs/freetsa.org.cer")
If (success <> 1) Then
    Debug.Print tsaCert.LastErrorText
    Exit Sub
End If

' The VerifyTimestampReply method will return one of the following values:
' -1:  The timestampReply does not contain a valid timestamp reply.
' -2: The  timestampReply is a valid timestamp reply, but failed verification using the public key of the tsaCert.
' 0:  Granted and verified.
' 1: Granted and verified, with mods (see RFC 3161)
' 2: Rejected.
' 3: Waiting.
' 4: Revocation Warning
' 5: Revocation Notification
Dim pkiStatus As Long
pkiStatus = http.VerifyTimestampReply(timestampReply,tsaCert)
If (pkiStatus < 0) Then
    Debug.Print http.LastErrorText
    Exit Sub
End If

Debug.Print "pkiStatus = " & pkiStatus

Dim json As ChilkatJsonObject
Set json = http.LastJsonData()
json.EmitCompact = 0
Debug.Print json.Emit()

' The LastJsonData looks like the following.
' Note: The "timestampReply.pkiStatus" portion of the LastJsonData was added in Chilkat v9.5.0.83

' Use this online tool to generate parsing code from sample JSON: 
' Generate Parsing Code from JSON

' {
'   "timestampReply": {
'     "pkiStatus": {
'       "value": 0,
'       "meaning": "granted"
'     }
'   },
'   "pkcs7": {
'     "verify": {
'       "digestAlgorithms": [
'         "sha256"
'       ],
'       "signerInfo": [
'         {
'           "cert": {
'             "serialNumber": "04CD3F8568AE76C61BB0FE7160CCA76D",
'             "issuerCN": "DigiCert SHA2 Assured ID Timestamping CA",
'             "digestAlgOid": "2.16.840.1.101.3.4.2.1",
'             "digestAlgName": "SHA256"
'           },
'           "contentType": "1.2.840.113549.1.9.16.1.4",
'           "signingTime": "200405023019Z",
'           "messageDigest": "f14zOsdnN9vyyV3HjjBiLzNDi1PF28hAFMODxNkNRZs=",
'           "signingAlgOid": "1.2.840.113549.1.1.1",
'           "signingAlgName": "RSA-PKCSV-1_5",
'           "authAttr": {
'             "1.2.840.113549.1.9.3": {
'               "name": "contentType",
'               "oid": "1.2.840.113549.1.9.16.1.4"
'             },
'             "1.2.840.113549.1.9.5": {
'               "name": "signingTime",
'               "utctime": "200405023019Z"
'             },
'             "1.2.840.113549.1.9.16.2.12": {
'               "name": "signingCertificate",
'               "der": "MBowGDAWBBQDJb1QXtqWMC3CL0+gHkwovig0xQ=="
'             },
'             "1.2.840.113549.1.9.4": {
'               "name": "messageDigest",
'               "digest": "f14zOsdnN9vyyV3HjjBiLzNDi1PF28hAFMODxNkNRZs="
'             }
'           }
'         }
'       ]
'     }
'   }
' }

Dim signingTime As New DtObj
Dim authAttrSigningTimeUtctime As New DtObj
Dim strVal As String
Dim certSerialNumber As String
Dim certIssuerCN As String
Dim certDigestAlgOid As String
Dim certDigestAlgName As String
Dim contentType As String
Dim messageDigest As String
Dim signingAlgOid As String
Dim signingAlgName As String
Dim authAttrContentTypeName As String
Dim authAttrContentTypeOid As String
Dim authAttrSigningTimeName As String
Dim authAttrSigningCertificateName As String
Dim authAttrSigningCertificateDer As String
Dim authAttrMessageDigestName As String
Dim authAttrMessageDigestDigest As String

Dim timestampReplyPkiStatusValue As Long
timestampReplyPkiStatusValue = json.IntOf("timestampReply.pkiStatus.value")
Dim timestampReplyPkiStatusMeaning As String
timestampReplyPkiStatusMeaning = json.StringOf("timestampReply.pkiStatus.meaning")
Dim i As Long
i = 0
Dim count_i As Long
count_i = json.SizeOfArray("pkcs7.verify.digestAlgorithms")
Do While i < count_i
    json.I = i
    strVal = json.StringOf("pkcs7.verify.digestAlgorithms[i]")
    i = i + 1
Loop
i = 0
count_i = json.SizeOfArray("pkcs7.verify.signerInfo")
Do While i < count_i
    json.I = i
    certSerialNumber = json.StringOf("pkcs7.verify.signerInfo[i].cert.serialNumber")
    certIssuerCN = json.StringOf("pkcs7.verify.signerInfo[i].cert.issuerCN")
    certDigestAlgOid = json.StringOf("pkcs7.verify.signerInfo[i].cert.digestAlgOid")
    certDigestAlgName = json.StringOf("pkcs7.verify.signerInfo[i].cert.digestAlgName")
    contentType = json.StringOf("pkcs7.verify.signerInfo[i].contentType")
    success = json.DtOf("pkcs7.verify.signerInfo[i].signingTime",0,signingTime)
    messageDigest = json.StringOf("pkcs7.verify.signerInfo[i].messageDigest")
    signingAlgOid = json.StringOf("pkcs7.verify.signerInfo[i].signingAlgOid")
    signingAlgName = json.StringOf("pkcs7.verify.signerInfo[i].signingAlgName")
    authAttrContentTypeName = json.StringOf("pkcs7.verify.signerInfo[i].authAttr.""1.2.840.113549.1.9.3"".name")
    authAttrContentTypeOid = json.StringOf("pkcs7.verify.signerInfo[i].authAttr.""1.2.840.113549.1.9.3"".oid")
    authAttrSigningTimeName = json.StringOf("pkcs7.verify.signerInfo[i].authAttr.""1.2.840.113549.1.9.5"".name")
    success = json.DtOf("pkcs7.verify.signerInfo[i].authAttr.""1.2.840.113549.1.9.5"".utctime",0,authAttrSigningTimeUtctime)
    authAttrSigningCertificateName = json.StringOf("pkcs7.verify.signerInfo[i].authAttr.""1.2.840.113549.1.9.16.2.12"".name")
    authAttrSigningCertificateDer = json.StringOf("pkcs7.verify.signerInfo[i].authAttr.""1.2.840.113549.1.9.16.2.12"".der")
    authAttrMessageDigestName = json.StringOf("pkcs7.verify.signerInfo[i].authAttr.""1.2.840.113549.1.9.4"".name")
    authAttrMessageDigestDigest = json.StringOf("pkcs7.verify.signerInfo[i].authAttr.""1.2.840.113549.1.9.4"".digest")
    i = i + 1
Loop