Sample code for 30+ languages & platforms
Java

Get Certificate Authority Information Access

See more Certificates Examples

Demonstrates how to get a certificate's Authority Information Access extension data (if it exists).

Note: This example requires Chilkat v9.5.0.76 or greater.

Chilkat Java Downloads

Java
import com.chilkatsoft.*;

public class ChilkatExample {

  static {
    try {
        System.loadLibrary("chilkat");
    } catch (UnsatisfiedLinkError e) {
      System.err.println("Native code library failed to load.\n" + e);
      System.exit(1);
    }
  }

  public static void main(String argv[])
  {
    boolean success = false;

    CkCert cert = new CkCert();

    success = cert.LoadFromFile("qa_data/certs/test_haswdt.cer");
    if (success != true) {
        System.out.println(cert.lastErrorText());
        return;
        }

    // Get the Authority Information Access extension, which is at OID 1.3.6.1.5.5.7.1.1
    String extensionXmlStr = cert.getExtensionAsXml("1.3.6.1.5.5.7.1.1");
    if (cert.get_LastMethodSuccess() == false) {
        System.out.println("Certificate does not have the AuthInfoAccess extension.");
        return;
        }

    CkXml xml = new CkXml();
    xml.LoadXml(extensionXmlStr);

    // See what we have..
    System.out.println(xml.getXml());

    // We should get XML like this:

    // <?xml version="1.0" encoding="utf-8" ?>
    // <sequence>
    //     <sequence>
    //         <oid>1.3.6.1.5.5.7.48.2</oid>
    //         <contextSpecific tag="6" constructed="0">aHR0cDovL2NydC5jb21vZG9jYS5jb20vQ09NT0RPUlNBQ2xpZW50QXV0aGVudGljYXRpb25hbmRTZWN1
    // cmVFbWFpbENBLmNydA==</contextSpecific>
    //     </sequence>
    //     <sequence>
    //         <oid>1.3.6.1.5.5.7.48.1</oid>
    //         <contextSpecific tag="6" constructed="0">aHR0cDovL29jc3AuY29tb2RvY2EuY29t</contextSpecific>
    //     </sequence>
    // </sequence>

    // Typically, a certificate AIA(Authority Information access) contains 2 parts:
    // 
    //     On-line Certificate Status Protocol (1.3.6.1.5.5.7.48.1)
    //     Certification Authority Issuer (1.3.6.1.5.5.7.48.2)
    // 
    // The base64 content for each OID (in this case) is just a string.  
    // The data can be accessed and decoded like this:

    CkStringBuilder sbOcsp = new CkStringBuilder();
    success = xml.GetChildContentSb("/C/oid,1.3.6.1.5.5.7.48.1|++",sbOcsp);
    if (success == true) {
        sbOcsp.Decode("base64","utf-8");
        System.out.println("1.3.6.1.5.5.7.48.1:  " + sbOcsp.getAsString());
        }

    CkStringBuilder sbIssuer = new CkStringBuilder();
    success = xml.GetChildContentSb("/C/oid,1.3.6.1.5.5.7.48.2|++",sbIssuer);
    if (success == true) {
        sbIssuer.Decode("base64","utf-8");
        System.out.println("1.3.6.1.5.5.7.48.2:  " + sbIssuer.getAsString());
        }

    // The output looks like this:

    // 1.3.6.1.5.5.7.48.1:  http://ocsp.comodoca.com
    // 1.3.6.1.5.5.7.48.2:  http://crt.comodoca.com/COMODORSAClientAuthenticationandSecureEmailCA.crt

    // -------------------------------------------------------------------------------
    // Note: The Chilkat path passed to GetChildContentSb is composed of two commands:
    // The first command is "/C/oid,1.3.6.1.5.5.7.48.1".   It says "traverse the XML tree from the caller
    // node and stop at the 1st node having tag = "oid" and content = "1.3.6.1.5.5.7.48.1".
    // The "|" char separates the 1st command from the 2nd.
    // The 2nd command is "++" and says "move to the next sibling".
  }
}