Sample code for 30+ languages & platforms
Pascal (Lazarus/Delphi)

Get PDF DSS (Document Security Store)

See more PDF Signatures Examples

This example demonstrates how to extract the information from a PDF's DSS (Document Security Store), if a /DSS exists. (Just because a PDF is signed does not mean a /DSS will exists. In fact, the /DSS is typically created at the point of adding the 2nd or greater signature because the /DSS contains LTV (long term validation) information about the previous signature at the time of adding an additional signature.)

Note: This example requires Chilkat v9.5.0.85 or greater.

Chilkat Pascal (Lazarus/Delphi) Downloads

Pascal (Lazarus/Delphi)
program ChilkatDemo;

// Demonstrates using the Chilkat Pascal wrapper via the C bridge DLL.
// Builds as a console application under Lazarus (FPC) or Delphi.

{$IFDEF FPC}
  {$MODE DELPHI}
{$ENDIF}
{$APPTYPE CONSOLE}

uses
  {$IFDEF UNIX}
  cthreads,
  {$ENDIF}
  SysUtils,
  CkDllLoader,
  Chilkat.DtObj,
  Chilkat.Pdf,
  Chilkat.JsonObject;

// ---------------------------------------------------------------------------

procedure RunDemo;
var
  success: Boolean;
  pdf: TPdf;
  json: TJsonObject;
  responseDateTime: TDtObj;
  thisUpdate: TDtObj;
  nextUpdate: TDtObj;
  serial: string;
  validFrom: string;
  validTo: string;
  expired: Boolean;
  subjectCN: string;
  subjectO: string;
  issuerCN: string;
  issuerO: string;
  keyType: string;
  keySize: string;
  der: string;
  subjectOU: string;
  subjectC: string;
  issuerOU: string;
  issuerC: string;
  responseStatus: Integer;
  responseTypeOid: string;
  responseTypeName: string;
  responseResponderIdChoice: string;
  responseResponderKeyHash: string;
  j: Integer;
  count_j: Integer;
  hashOid: string;
  hashAlg: string;
  issuerNameHash: string;
  issuerKeyHash: string;
  serialNumber: string;
  status: Integer;
  i: Integer;
  count_i: Integer;

begin
  success := False;

  //  This example requires the Chilkat API to have been previously unlocked.
  //  See Global Unlock Sample for sample code.

  pdf := TPdf.Create;

  success := pdf.LoadFile('qa_data/pdf/sign_testing_1/helloSigned2.pdf');
  if (success = False) then
    begin
      WriteLn(pdf.LastErrorText);
      Exit;
    end;

  json := TJsonObject.Create;
  json.EmitCompact := False;

  success := pdf.GetDss(json);
  WriteLn(json.Emit());

  //  The document security store contains certificates, OCSP responses, and CRLs.
  //  The following JSON is a sample of what the /DSS can contain.
  //  Unfortunately, our sample contains /Certs and /OCSPs, but no /CRLs.
  //  It's no problem because whatever JSON you get back, you can use the
  //  following online tool to generate code to parse.
  //  Generate Parsing Code from JSON

  //  The code generated by the online tool for this JSON is shown below..

  //  {
  //    "/VRI": {
  //      "/EC5BB34CC1F8A0C5FE674427E16E313A08C80808": {}
  //    },
  //    "/Certs": [
  //      {
  //        "serial": "02",
  //        "validFrom": "2011-08-07T19:00:00-05:00",
  //        "validTo": "2021-08-10T23:59:59-05:00",
  //        "expired": false,
  //        "subject": {
  //          "CN": "XYZ Corporation",
  //          "O": "XYZ"
  //        },
  //        "issuer": {
  //          "CN": "XYZ Corporation",
  //          "O": "XYZ"
  //        },
  //        "keyType": "RSA",
  //        "keySize": "2048",
  //        "der": "MIIDz...Q4Zt"
  //      },
  //      {
  //        "serial": "01",
  //        "validFrom": "2011-08-07T19:00:00-05:00",
  //        "validTo": "2021-08-10T23:59:59-05:00",
  //        "expired": false,
  //        "subject": {
  //          "CN": "XYZ Corporation",
  //          "O": "XYZ"
  //        },
  //        "issuer": {
  //          "CN": "XYZ Corporation",
  //          "O": "XYZ"
  //        },
  //        "keyType": "RSA",
  //        "keySize": "2048",
  //        "der": "MIID...jXYFc="
  //      },
  //      {
  //        "serial": "0AA125D6D6321B7E41E405DA3697C215",
  //        "validFrom": "2016-01-07T06:00:00-06:00",
  //        "validTo": "2031-01-07T12:00:00-06:00",
  //        "expired": false,
  //        "subject": {
  //          "CN": "DigiCert SHA2 Assured ID Timestamping CA",
  //          "OU": "www.digicert.com",
  //          "O": "DigiCert Inc",
  //          "C": "US"
  //        },
  //        "issuer": {
  //          "CN": "DigiCert Assured ID Root CA",
  //          "OU": "www.digicert.com",
  //          "O": "DigiCert Inc",
  //          "C": "US"
  //        },
  //        "keyType": "RSA",
  //        "keySize": "2048",
  //        "der": "MIIF...OUg=="
  //      },
  //      {
  //        "serial": "04CD3F8568AE76C61BB0FE7160CCA76D",
  //        "validFrom": "2019-09-30T19:00:00-05:00",
  //        "validTo": "2030-10-17T00:00:00-05:00",
  //        "expired": false,
  //        "subject": {
  //          "CN": "TIMESTAMP-SHA256-2019-10-15",
  //          "O": "DigiCert, Inc.",
  //          "C": "US"
  //        },
  //        "issuer": {
  //          "CN": "DigiCert SHA2 Assured ID Timestamping CA",
  //          "OU": "www.digicert.com",
  //          "O": "DigiCert Inc",
  //          "C": "US"
  //        },
  //        "keyType": "RSA",
  //        "keySize": "2048",
  //        "der": "MIIG...MJtPc="
  //      },
  //      {
  //        "serial": "0CE7E0E517D846FE8FE560FC1BF03039",
  //        "validFrom": "2006-11-09T18:00:00-06:00",
  //        "validTo": "2031-11-10T00:00:00-06:00",
  //        "expired": false,
  //        "subject": {
  //          "CN": "DigiCert Assured ID Root CA",
  //          "OU": "www.digicert.com",
  //          "O": "DigiCert Inc",
  //          "C": "US"
  //        },
  //        "issuer": {
  //          "CN": "DigiCert Assured ID Root CA",
  //          "OU": "www.digicert.com",
  //          "O": "DigiCert Inc",
  //          "C": "US"
  //        },
  //        "keyType": "RSA",
  //        "keySize": "2048",
  //        "der": "MIIDt...FL6Lw8g=="
  //      },
  //      {
  //        "serial": "E4D34D01798BE686424AF7F6F0C3BF41",
  //        "validFrom": "2015-03-24T10:58:16-05:00",
  //        "validTo": "2039-12-31T23:59:59-06:00",
  //        "expired": false,
  //        "subject": {
  //          "CN": "www.xyz.com"
  //        },
  //        "issuer": {
  //          "CN": "www.xyz.com"
  //        },
  //        "keyType": "RSA",
  //        "keySize": "1024",
  //        "der": "MIIB9DCCAWG...UR10lz"
  //      }
  //    ],
  //    "/OCSPs": [
  //      {
  //        "responseStatus": 0,
  //        "responseTypeOid": "1.3.6.1.5.5.7.48.1.1",
  //        "responseTypeName": "ocspBasic",
  //        "response": {
  //          "responderIdChoice": "KeyHash",
  //          "responderKeyHash": "Reuir/SSy4IxLVGLp6chnfNtyA8=",
  //          "dateTime": "20201005173921Z",
  //          "cert": [
  //            {
  //              "hashOid": "1.3.14.3.2.26",
  //              "hashAlg": "SHA-1",
  //              "issuerNameHash": "98S+C0C1w0QzPT+uuU1uONr67FE=",
  //              "issuerKeyHash": "Reuir/SSy4IxLVGLp6chnfNtyA8=",
  //              "serialNumber": "0AA125D6D6321B7E41E405DA3697C215",
  //              "status": 0,
  //              "thisUpdate": "20201005173921Z",
  //              "nextUpdate": "20201012173921Z"
  //            }
  //          ]
  //        }
  //      },
  //      {
  //        "responseStatus": 0,
  //        "responseTypeOid": "1.3.6.1.5.5.7.48.1.1",
  //        "responseTypeName": "ocspBasic",
  //        "response": {
  //          "responderIdChoice": "KeyHash",
  //          "responderKeyHash": "9LbhIB3+Ka7S5GGlsqIlssgXNW4=",
  //          "dateTime": "20201006114501Z",
  //          "cert": [
  //            {
  //              "hashOid": "1.3.14.3.2.26",
  //              "hashAlg": "SHA-1",
  //              "issuerNameHash": "+YYA+KSr7NIxRSxCjUNQo25SyD0=",
  //              "issuerKeyHash": "9LbhIB3+Ka7S5GGlsqIlssgXNW4=",
  //              "serialNumber": "04CD3F8568AE76C61BB0FE7160CCA76D",
  //              "status": 0,
  //              "thisUpdate": "20201006114501Z",
  //              "nextUpdate": "20201013110001Z"
  //            }
  //          ]
  //        }
  //      }
  //    ]
  //  }

  responseDateTime := TDtObj.Create;
  thisUpdate := TDtObj.Create;
  nextUpdate := TDtObj.Create;

  i := 0;
  count_i := json.SizeOfArray('/Certs');
  while i < count_i do
    begin
      json.I := i;
      serial := json.StringOf('/Certs[i].serial');
      validFrom := json.StringOf('/Certs[i].validFrom');
      validTo := json.StringOf('/Certs[i].validTo');
      expired := json.BoolOf('/Certs[i].expired');
      subjectCN := json.StringOf('/Certs[i].subject.CN');
      subjectO := json.StringOf('/Certs[i].subject.O');
      issuerCN := json.StringOf('/Certs[i].issuer.CN');
      issuerO := json.StringOf('/Certs[i].issuer.O');
      keyType := json.StringOf('/Certs[i].keyType');
      keySize := json.StringOf('/Certs[i].keySize');
      der := json.StringOf('/Certs[i].der');
      subjectOU := json.StringOf('/Certs[i].subject.OU');
      subjectC := json.StringOf('/Certs[i].subject.C');
      issuerOU := json.StringOf('/Certs[i].issuer.OU');
      issuerC := json.StringOf('/Certs[i].issuer.C');
      i := i + 1;
    end;

  i := 0;
  count_i := json.SizeOfArray('/OCSPs');
  while i < count_i do
    begin
      json.I := i;
      responseStatus := json.IntOf('/OCSPs[i].responseStatus');
      responseTypeOid := json.StringOf('/OCSPs[i].responseTypeOid');
      responseTypeName := json.StringOf('/OCSPs[i].responseTypeName');
      responseResponderIdChoice := json.StringOf('/OCSPs[i].response.responderIdChoice');
      responseResponderKeyHash := json.StringOf('/OCSPs[i].response.responderKeyHash');
      json.DtOf('/OCSPs[i].response.dateTime',False,responseDateTime);
      j := 0;
      count_j := json.SizeOfArray('/OCSPs[i].response.cert');
      while j < count_j do
        begin
          json.J := j;
          hashOid := json.StringOf('/OCSPs[i].response.cert[j].hashOid');
          hashAlg := json.StringOf('/OCSPs[i].response.cert[j].hashAlg');
          issuerNameHash := json.StringOf('/OCSPs[i].response.cert[j].issuerNameHash');
          issuerKeyHash := json.StringOf('/OCSPs[i].response.cert[j].issuerKeyHash');
          serialNumber := json.StringOf('/OCSPs[i].response.cert[j].serialNumber');
          status := json.IntOf('/OCSPs[i].response.cert[j].status');
          json.DtOf('/OCSPs[i].response.cert[j].thisUpdate',False,thisUpdate);
          json.DtOf('/OCSPs[i].response.cert[j].nextUpdate',False,nextUpdate);
          j := j + 1;
        end;

      i := i + 1;
    end;



  pdf.Free;
  json.Free;
  responseDateTime.Free;
  thisUpdate.Free;
  nextUpdate.Free;

end;

// ---------------------------------------------------------------------------

begin

  try
    RunDemo;
  except
    on E: Exception do
      WriteLn('Unhandled exception: ', E.ClassName, ': ', E.Message);
  end;

  WriteLn;
  {$IFDEF MSWINDOWS}
  WriteLn('Press Enter to exit...');
  ReadLn;
  {$ENDIF}
end.