Sample code for 30+ languages & platforms
Tcl

Get PDF DSS (Document Security Store)

See more PDF Signatures Examples

This example demonstrates how to extract the information from a PDF's DSS (Document Security Store), if a /DSS exists. (Just because a PDF is signed does not mean a /DSS will exists. In fact, the /DSS is typically created at the point of adding the 2nd or greater signature because the /DSS contains LTV (long term validation) information about the previous signature at the time of adding an additional signature.)

Note: This example requires Chilkat v9.5.0.85 or greater.

Chilkat Tcl Downloads

Tcl

load ./chilkat.dll

set success 0

# This example requires the Chilkat API to have been previously unlocked.
# See Global Unlock Sample for sample code.

set pdf [new_CkPdf]

set success [CkPdf_LoadFile $pdf "qa_data/pdf/sign_testing_1/helloSigned2.pdf"]
if {$success == 0} then {
    puts [CkPdf_lastErrorText $pdf]
    delete_CkPdf $pdf
    exit
}

set json [new_CkJsonObject]

CkJsonObject_put_EmitCompact $json 0

set success [CkPdf_GetDss $pdf $json]
puts [CkJsonObject_emit $json]

# The document security store contains certificates, OCSP responses, and CRLs.
# The following JSON is a sample of what the /DSS can contain.
# Unfortunately, our sample contains /Certs and /OCSPs, but no /CRLs.
# It's no problem because whatever JSON you get back, you can use the
# following online tool to generate code to parse.
# Generate Parsing Code from JSON

# The code generated by the online tool for this JSON is shown below..

# {
#   "/VRI": {
#     "/EC5BB34CC1F8A0C5FE674427E16E313A08C80808": {}
#   },
#   "/Certs": [
#     {
#       "serial": "02",
#       "validFrom": "2011-08-07T19:00:00-05:00",
#       "validTo": "2021-08-10T23:59:59-05:00",
#       "expired": false,
#       "subject": {
#         "CN": "XYZ Corporation",
#         "O": "XYZ"
#       },
#       "issuer": {
#         "CN": "XYZ Corporation",
#         "O": "XYZ"
#       },
#       "keyType": "RSA",
#       "keySize": "2048",
#       "der": "MIIDz...Q4Zt"
#     },
#     {
#       "serial": "01",
#       "validFrom": "2011-08-07T19:00:00-05:00",
#       "validTo": "2021-08-10T23:59:59-05:00",
#       "expired": false,
#       "subject": {
#         "CN": "XYZ Corporation",
#         "O": "XYZ"
#       },
#       "issuer": {
#         "CN": "XYZ Corporation",
#         "O": "XYZ"
#       },
#       "keyType": "RSA",
#       "keySize": "2048",
#       "der": "MIID...jXYFc="
#     },
#     {
#       "serial": "0AA125D6D6321B7E41E405DA3697C215",
#       "validFrom": "2016-01-07T06:00:00-06:00",
#       "validTo": "2031-01-07T12:00:00-06:00",
#       "expired": false,
#       "subject": {
#         "CN": "DigiCert SHA2 Assured ID Timestamping CA",
#         "OU": "www.digicert.com",
#         "O": "DigiCert Inc",
#         "C": "US"
#       },
#       "issuer": {
#         "CN": "DigiCert Assured ID Root CA",
#         "OU": "www.digicert.com",
#         "O": "DigiCert Inc",
#         "C": "US"
#       },
#       "keyType": "RSA",
#       "keySize": "2048",
#       "der": "MIIF...OUg=="
#     },
#     {
#       "serial": "04CD3F8568AE76C61BB0FE7160CCA76D",
#       "validFrom": "2019-09-30T19:00:00-05:00",
#       "validTo": "2030-10-17T00:00:00-05:00",
#       "expired": false,
#       "subject": {
#         "CN": "TIMESTAMP-SHA256-2019-10-15",
#         "O": "DigiCert, Inc.",
#         "C": "US"
#       },
#       "issuer": {
#         "CN": "DigiCert SHA2 Assured ID Timestamping CA",
#         "OU": "www.digicert.com",
#         "O": "DigiCert Inc",
#         "C": "US"
#       },
#       "keyType": "RSA",
#       "keySize": "2048",
#       "der": "MIIG...MJtPc="
#     },
#     {
#       "serial": "0CE7E0E517D846FE8FE560FC1BF03039",
#       "validFrom": "2006-11-09T18:00:00-06:00",
#       "validTo": "2031-11-10T00:00:00-06:00",
#       "expired": false,
#       "subject": {
#         "CN": "DigiCert Assured ID Root CA",
#         "OU": "www.digicert.com",
#         "O": "DigiCert Inc",
#         "C": "US"
#       },
#       "issuer": {
#         "CN": "DigiCert Assured ID Root CA",
#         "OU": "www.digicert.com",
#         "O": "DigiCert Inc",
#         "C": "US"
#       },
#       "keyType": "RSA",
#       "keySize": "2048",
#       "der": "MIIDt...FL6Lw8g=="
#     },
#     {
#       "serial": "E4D34D01798BE686424AF7F6F0C3BF41",
#       "validFrom": "2015-03-24T10:58:16-05:00",
#       "validTo": "2039-12-31T23:59:59-06:00",
#       "expired": false,
#       "subject": {
#         "CN": "www.xyz.com"
#       },
#       "issuer": {
#         "CN": "www.xyz.com"
#       },
#       "keyType": "RSA",
#       "keySize": "1024",
#       "der": "MIIB9DCCAWG...UR10lz"
#     }
#   ],
#   "/OCSPs": [
#     {
#       "responseStatus": 0,
#       "responseTypeOid": "1.3.6.1.5.5.7.48.1.1",
#       "responseTypeName": "ocspBasic",
#       "response": {
#         "responderIdChoice": "KeyHash",
#         "responderKeyHash": "Reuir/SSy4IxLVGLp6chnfNtyA8=",
#         "dateTime": "20201005173921Z",
#         "cert": [
#           {
#             "hashOid": "1.3.14.3.2.26",
#             "hashAlg": "SHA-1",
#             "issuerNameHash": "98S+C0C1w0QzPT+uuU1uONr67FE=",
#             "issuerKeyHash": "Reuir/SSy4IxLVGLp6chnfNtyA8=",
#             "serialNumber": "0AA125D6D6321B7E41E405DA3697C215",
#             "status": 0,
#             "thisUpdate": "20201005173921Z",
#             "nextUpdate": "20201012173921Z"
#           }
#         ]
#       }
#     },
#     {
#       "responseStatus": 0,
#       "responseTypeOid": "1.3.6.1.5.5.7.48.1.1",
#       "responseTypeName": "ocspBasic",
#       "response": {
#         "responderIdChoice": "KeyHash",
#         "responderKeyHash": "9LbhIB3+Ka7S5GGlsqIlssgXNW4=",
#         "dateTime": "20201006114501Z",
#         "cert": [
#           {
#             "hashOid": "1.3.14.3.2.26",
#             "hashAlg": "SHA-1",
#             "issuerNameHash": "+YYA+KSr7NIxRSxCjUNQo25SyD0=",
#             "issuerKeyHash": "9LbhIB3+Ka7S5GGlsqIlssgXNW4=",
#             "serialNumber": "04CD3F8568AE76C61BB0FE7160CCA76D",
#             "status": 0,
#             "thisUpdate": "20201006114501Z",
#             "nextUpdate": "20201013110001Z"
#           }
#         ]
#       }
#     }
#   ]
# }

set responseDateTime [new_CkDtObj]

set thisUpdate [new_CkDtObj]

set nextUpdate [new_CkDtObj]

set i 0
set count_i [CkJsonObject_SizeOfArray $json "/Certs"]
while {$i < $count_i} {
    CkJsonObject_put_I $json $i
    set serial [CkJsonObject_stringOf $json "/Certs[i].serial"]
    set validFrom [CkJsonObject_stringOf $json "/Certs[i].validFrom"]
    set validTo [CkJsonObject_stringOf $json "/Certs[i].validTo"]
    set expired [CkJsonObject_BoolOf $json "/Certs[i].expired"]
    set subjectCN [CkJsonObject_stringOf $json "/Certs[i].subject.CN"]
    set subjectO [CkJsonObject_stringOf $json "/Certs[i].subject.O"]
    set issuerCN [CkJsonObject_stringOf $json "/Certs[i].issuer.CN"]
    set issuerO [CkJsonObject_stringOf $json "/Certs[i].issuer.O"]
    set keyType [CkJsonObject_stringOf $json "/Certs[i].keyType"]
    set keySize [CkJsonObject_stringOf $json "/Certs[i].keySize"]
    set der [CkJsonObject_stringOf $json "/Certs[i].der"]
    set subjectOU [CkJsonObject_stringOf $json "/Certs[i].subject.OU"]
    set subjectC [CkJsonObject_stringOf $json "/Certs[i].subject.C"]
    set issuerOU [CkJsonObject_stringOf $json "/Certs[i].issuer.OU"]
    set issuerC [CkJsonObject_stringOf $json "/Certs[i].issuer.C"]
    set i [expr $i + 1]
}
set i 0
set count_i [CkJsonObject_SizeOfArray $json "/OCSPs"]
while {$i < $count_i} {
    CkJsonObject_put_I $json $i
    set responseStatus [CkJsonObject_IntOf $json "/OCSPs[i].responseStatus"]
    set responseTypeOid [CkJsonObject_stringOf $json "/OCSPs[i].responseTypeOid"]
    set responseTypeName [CkJsonObject_stringOf $json "/OCSPs[i].responseTypeName"]
    set responseResponderIdChoice [CkJsonObject_stringOf $json "/OCSPs[i].response.responderIdChoice"]
    set responseResponderKeyHash [CkJsonObject_stringOf $json "/OCSPs[i].response.responderKeyHash"]
    CkJsonObject_DtOf $json "/OCSPs[i].response.dateTime" 0 $responseDateTime
    set j 0
    set count_j [CkJsonObject_SizeOfArray $json "/OCSPs[i].response.cert"]
    while {$j < $count_j} {
        CkJsonObject_put_J $json $j
        set hashOid [CkJsonObject_stringOf $json "/OCSPs[i].response.cert[j].hashOid"]
        set hashAlg [CkJsonObject_stringOf $json "/OCSPs[i].response.cert[j].hashAlg"]
        set issuerNameHash [CkJsonObject_stringOf $json "/OCSPs[i].response.cert[j].issuerNameHash"]
        set issuerKeyHash [CkJsonObject_stringOf $json "/OCSPs[i].response.cert[j].issuerKeyHash"]
        set serialNumber [CkJsonObject_stringOf $json "/OCSPs[i].response.cert[j].serialNumber"]
        set status [CkJsonObject_IntOf $json "/OCSPs[i].response.cert[j].status"]
        CkJsonObject_DtOf $json "/OCSPs[i].response.cert[j].thisUpdate" 0 $thisUpdate
        CkJsonObject_DtOf $json "/OCSPs[i].response.cert[j].nextUpdate" 0 $nextUpdate
        set j [expr $j + 1]
    }
    set i [expr $i + 1]
}

delete_CkPdf $pdf
delete_CkJsonObject $json
delete_CkDtObj $responseDateTime
delete_CkDtObj $thisUpdate
delete_CkDtObj $nextUpdate