Sample code for 30+ languages & platforms
Pascal (Lazarus/Delphi)

Get Certificate Authority Information Access

See more Certificates Examples

Demonstrates how to get a certificate's Authority Information Access extension data (if it exists).

Note: This example requires Chilkat v9.5.0.76 or greater.

Chilkat Pascal (Lazarus/Delphi) Downloads

Pascal (Lazarus/Delphi)
program ChilkatDemo;

// Demonstrates using the Chilkat Pascal wrapper via the C bridge DLL.
// Builds as a console application under Lazarus (FPC) or Delphi.

{$IFDEF FPC}
  {$MODE DELPHI}
{$ENDIF}
{$APPTYPE CONSOLE}

uses
  {$IFDEF UNIX}
  cthreads,
  {$ENDIF}
  SysUtils,
  CkDllLoader,
  Chilkat.StringBuilder,
  Chilkat.Xml,
  Chilkat.Cert;

// ---------------------------------------------------------------------------

procedure RunDemo;
var
  success: Boolean;
  cert: TCert;
  extensionXmlStr: string;
  xml: TXml;
  sbOcsp: TStringBuilder;
  sbIssuer: TStringBuilder;

begin
  success := False;

  cert := TCert.Create;

  success := cert.LoadFromFile('qa_data/certs/test_haswdt.cer');
  if (success <> True) then
    begin
      WriteLn(cert.LastErrorText);
      Exit;
    end;

  //  Get the Authority Information Access extension, which is at OID 1.3.6.1.5.5.7.1.1
  extensionXmlStr := cert.GetExtensionAsXml('1.3.6.1.5.5.7.1.1');
  if (cert.LastMethodSuccess = False) then
    begin
      WriteLn('Certificate does not have the AuthInfoAccess extension.');
      Exit;
    end;

  xml := TXml.Create;
  xml.LoadXml(extensionXmlStr);

  //  See what we have..
  WriteLn(xml.GetXml());

  //  We should get XML like this:

  //  <?xml version="1.0" encoding="utf-8" ?>
  //  <sequence>
  //      <sequence>
  //          <oid>1.3.6.1.5.5.7.48.2</oid>
  //          <contextSpecific tag="6" constructed="0">aHR0cDovL2NydC5jb21vZG9jYS5jb20vQ09NT0RPUlNBQ2xpZW50QXV0aGVudGljYXRpb25hbmRTZWN1
  //  cmVFbWFpbENBLmNydA==</contextSpecific>
  //      </sequence>
  //      <sequence>
  //          <oid>1.3.6.1.5.5.7.48.1</oid>
  //          <contextSpecific tag="6" constructed="0">aHR0cDovL29jc3AuY29tb2RvY2EuY29t</contextSpecific>
  //      </sequence>
  //  </sequence>

  //  Typically, a certificate AIA(Authority Information access) contains 2 parts:
  //  
  //      On-line Certificate Status Protocol (1.3.6.1.5.5.7.48.1)
  //      Certification Authority Issuer (1.3.6.1.5.5.7.48.2)
  //  
  //  The base64 content for each OID (in this case) is just a string.  
  //  The data can be accessed and decoded like this:

  sbOcsp := TStringBuilder.Create;
  success := xml.GetChildContentSb('/C/oid,1.3.6.1.5.5.7.48.1|++',sbOcsp);
  if (success = True) then
    begin
      sbOcsp.Decode('base64','utf-8');
      WriteLn('1.3.6.1.5.5.7.48.1:  ' + sbOcsp.GetAsString());
    end;

  sbIssuer := TStringBuilder.Create;
  success := xml.GetChildContentSb('/C/oid,1.3.6.1.5.5.7.48.2|++',sbIssuer);
  if (success = True) then
    begin
      sbIssuer.Decode('base64','utf-8');
      WriteLn('1.3.6.1.5.5.7.48.2:  ' + sbIssuer.GetAsString());
    end;

  //  The output looks like this:

  //  1.3.6.1.5.5.7.48.1:  http://ocsp.comodoca.com
  //  1.3.6.1.5.5.7.48.2:  http://crt.comodoca.com/COMODORSAClientAuthenticationandSecureEmailCA.crt

  //  -------------------------------------------------------------------------------
  //  Note: The Chilkat path passed to GetChildContentSb is composed of two commands:
  //  The first command is "/C/oid,1.3.6.1.5.5.7.48.1".   It says "traverse the XML tree from the caller
  //  node and stop at the 1st node having tag = "oid" and content = "1.3.6.1.5.5.7.48.1".
  //  The "|" char separates the 1st command from the 2nd.
  //  The 2nd command is "++" and says "move to the next sibling".


  cert.Free;
  xml.Free;
  sbOcsp.Free;
  sbIssuer.Free;

end;

// ---------------------------------------------------------------------------

begin

  try
    RunDemo;
  except
    on E: Exception do
      WriteLn('Unhandled exception: ', E.ClassName, ': ', E.Message);
  end;

  WriteLn;
  {$IFDEF MSWINDOWS}
  WriteLn('Press Enter to exit...');
  ReadLn;
  {$ENDIF}
end.