Sample code for 30+ languages & platforms
Pascal (Lazarus/Delphi)

Get ETK Public Key (api-acpt.ehealth.fgov.be)

See more Belgian eHealth Platform Examples

The following URL returns JSON, which contains a PKCS7 signed data:
https://api-acpt.ehealth.fgov.be/etee/v1/etks?identifier=12345678901&type=SSIN

This example extracts the signed data, validates it, and then extracts the public key from the certificate (obtained from signed content in the PKCS7)

Note: The URL above uses "12345678901" which is not valid. You should replace it with a valid number.

Chilkat Pascal (Lazarus/Delphi) Downloads

Pascal (Lazarus/Delphi)
program ChilkatDemo;

// Demonstrates using the Chilkat Pascal wrapper via the C bridge DLL.
// Builds as a console application under Lazarus (FPC) or Delphi.

{$IFDEF FPC}
  {$MODE DELPHI}
{$ENDIF}
{$APPTYPE CONSOLE}

uses
  {$IFDEF UNIX}
  cthreads,
  {$ENDIF}
  SysUtils,
  CkDllLoader,
  Chilkat.PublicKey,
  Chilkat.JsonArray,
  Chilkat.Http,
  Chilkat.JsonObject,
  Chilkat.Cert,
  Chilkat.Crypt2,
  Chilkat.BinData;

// ---------------------------------------------------------------------------

procedure RunDemo;
var
  success: Boolean;
  http: THttp;
  jsonStr: string;
  jarr: TJsonArray;
  json: TJsonObject;
  bdPkcs7: TBinData;
  crypt: TCrypt2;
  cert: TCert;
  pubKey: TPublicKey;

begin
  success := False;

  //  This example requires the Chilkat API to have been previously unlocked.
  //  See Global Unlock Sample for sample code.

  http := THttp.Create;

  jsonStr := http.QuickGetStr('https://api-acpt.ehealth.fgov.be/etee/v1/etks?identifier=12345678901&type=SSIN');
  if (http.LastMethodSuccess = False) then
    begin
      WriteLn(http.LastErrorText);
      Exit;
    end;

  WriteLn(jsonStr);

  //  The JSON contains something like this:

  //  [
  //      {
  //          "key": {
  //              "applicationIdentifier": "",
  //              "ssin": "12345678901"
  //          },
  //          "value": "MIAGCSq....AAAAAAAA=="
  //      }
  //  ]

  //  Note: The above is a JSON array (not a JSON object)
  //  It should be loaded into a Chilkat JSON array.
  jarr := TJsonArray.Create;
  success := jarr.Load(jsonStr);
  if (success = False) then
    begin
      WriteLn('Failed to load JSON.');
      Exit;
    end;

  json := jarr.ObjectAt(0);
  bdPkcs7 := TBinData.Create;
  bdPkcs7.AppendEncoded(json.StringOf('value'),'base64');
  json.Free;

  //  Let's verify the PKCS7, and then examine the signing cert,
  //  and get the signing cert's public key.
  crypt := TCrypt2.Create;

  //  Validate the signedData PKCS7, and replace the contents of bdPkcs7 with the extracted signed content.
  success := crypt.OpaqueVerifyBd(bdPkcs7);
  if (success = False) then
    begin
      WriteLn(crypt.LastErrorText);
      Exit;
    end;

  //  The signed content is the DER of a certificate.
  //  In other words, bdPkcs7 now contains a certificate.
  cert := TCert.Create;
  success := cert.LoadFromBd(bdPkcs7);
  if (success = False) then
    begin
      WriteLn(cert.LastErrorText);
      Exit;
    end;

  //  Show some certificate information:
  WriteLn('Subject: ' + cert.SubjectDN);
  WriteLn('Serial: ' + cert.SerialNumber);
  WriteLn('Issuer: ' + cert.IssuerDN);

  //  Let's get the cert's public key...
  pubKey := TPublicKey.Create;
  cert.GetPublicKey(pubKey);

  //  OK, you now have the public key and can do whatever is needed..
  WriteLn(pubKey.KeyType);
  WriteLn(pubKey.KeySize);


  http.Free;
  jarr.Free;
  bdPkcs7.Free;
  crypt.Free;
  cert.Free;
  pubKey.Free;

end;

// ---------------------------------------------------------------------------

begin

  try
    RunDemo;
  except
    on E: Exception do
      WriteLn('Unhandled exception: ', E.ClassName, ': ', E.Message);
  end;

  WriteLn;
  {$IFDEF MSWINDOWS}
  WriteLn('Press Enter to exit...');
  ReadLn;
  {$ENDIF}
end.