Chilkat HOME .NET Core C# Android™ AutoIt C C# C++ Chilkat2-Python CkPython Classic ASP DataFlex Delphi ActiveX Delphi DLL Go Java Lianja Mono C# Node.js Objective-C PHP ActiveX PHP Extension Perl PowerBuilder PowerShell PureBasic Ruby SQL Server Swift 2 Swift 3,4,5... Tcl Unicode C Unicode C++ VB.NET VBScript Visual Basic 6.0 Visual FoxPro Xojo Plugin
(DataFlex) Validate Certificate using OCSP ProtocolDemonstrates how to validate a certificate (check the revoked status) using the OCSP protocol. Note: This example requires Chilkat v9.5.0.75 or greater
Use ChilkatAx-9.5.0-win32.pkg Procedure Test Handle hoCert Boolean iSuccess String sOcspUrl Handle hoPrng Variant vJson Handle hoJson Variant vOcspRequest Handle hoOcspRequest Handle hoHttp Variant vResp Handle hoResp Variant vOcspReply Handle hoOcspReply Variant vJsonReply Handle hoJsonReply Integer iOcspStatus Integer iCertStatus String sTemp1 Boolean bTemp1 // Note: Requires Chilkat v9.5.0.75 or greater. // This requires the Chilkat API to have been previously unlocked. // See Global Unlock Sample for sample code. // This example will check the revoked status of a certificate loaded from a file. Get Create (RefClass(cComChilkatCert)) To hoCert If (Not(IsComObjectCreated(hoCert))) Begin Send CreateComObject of hoCert End Get ComLoadFromFile Of hoCert "qa_data/certs/google.crt" To iSuccess If (iSuccess <> True) Begin Get ComLastErrorText Of hoCert To sTemp1 Showln sTemp1 Procedure_Return End // Get the cert's OCSP URL. Get ComOcspUrl Of hoCert To sOcspUrl // Build the JSON that will be the OCSP request. Get Create (RefClass(cComChilkatPrng)) To hoPrng If (Not(IsComObjectCreated(hoPrng))) Begin Send CreateComObject of hoPrng End Get Create (RefClass(cComChilkatJsonObject)) To hoJson If (Not(IsComObjectCreated(hoJson))) Begin Send CreateComObject of hoJson End Set ComEmitCompact Of hoJson To False Get ComGenRandom Of hoPrng 36 "base64" To sTemp1 Get ComUpdateString Of hoJson "extensions.ocspNonce" sTemp1 To iSuccess Set ComI Of hoJson To 0 Get ComUpdateString Of hoJson "request[i].cert.hashAlg" "sha1" To iSuccess Get ComHashOf Of hoCert "IssuerDN" "sha1" "base64" To sTemp1 Get ComUpdateString Of hoJson "request[i].cert.issuerNameHash" sTemp1 To iSuccess Get ComHashOf Of hoCert "IssuerPublicKey" "sha1" "base64" To sTemp1 Get ComUpdateString Of hoJson "request[i].cert.issuerKeyHash" sTemp1 To iSuccess Get ComSerialNumber Of hoCert To sTemp1 Get ComUpdateString Of hoJson "request[i].cert.serialNumber" sTemp1 To iSuccess Get ComEmit Of hoJson To sTemp1 Showln sTemp1 // Our OCSP request looks like this: // { // "extensions": { // "ocspNonce": "qZDfbpO+nUxRzz6c/SPjE5QCAsPfpkQlRDxTnGl0gnxt7iXO" // }, // "request": [ // { // "cert": { // "hashAlg": "sha1", // "issuerNameHash": "9u2wY2IygZo19o11oJ0CShGqbK0=", // "issuerKeyHash": "d8K4UJpndnaxLcKG0IOgfqZ+uks=", // "serialNumber": "6175535D87BF94B6" // } // } // ] // } Get Create (RefClass(cComChilkatBinData)) To hoOcspRequest If (Not(IsComObjectCreated(hoOcspRequest))) Begin Send CreateComObject of hoOcspRequest End Get Create (RefClass(cComChilkatHttp)) To hoHttp If (Not(IsComObjectCreated(hoHttp))) Begin Send CreateComObject of hoHttp End // Convert our JSON to a binary (ASN.1) OCSP request Get pvComObject of hoJson to vJson Get pvComObject of hoOcspRequest to vOcspRequest Get ComCreateOcspRequest Of hoHttp vJson vOcspRequest To iSuccess // Send the OCSP request to the OCSP server Get pvComObject of hoOcspRequest to vOcspRequest Get ComPBinaryBd Of hoHttp "POST" sOcspUrl vOcspRequest "application/ocsp-request" False False To vResp If (IsComObject(vResp)) Begin Get Create (RefClass(cComChilkatHttpResponse)) To hoResp Set pvComObject Of hoResp To vResp End Get ComLastMethodSuccess Of hoHttp To bTemp1 If (bTemp1 <> True) Begin Get ComLastErrorText Of hoHttp To sTemp1 Showln sTemp1 Procedure_Return End // Get the binary (ASN.1) OCSP reply Get Create (RefClass(cComChilkatBinData)) To hoOcspReply If (Not(IsComObjectCreated(hoOcspReply))) Begin Send CreateComObject of hoOcspReply End Get pvComObject of hoOcspReply to vOcspReply Get ComGetBodyBd Of hoResp vOcspReply To iSuccess Send Destroy of hoResp // Convert the binary reply to JSON. // Also returns the overall OCSP response status. Get Create (RefClass(cComChilkatJsonObject)) To hoJsonReply If (Not(IsComObjectCreated(hoJsonReply))) Begin Send CreateComObject of hoJsonReply End Get pvComObject of hoOcspReply to vOcspReply Get pvComObject of hoJsonReply to vJsonReply Get ComParseOcspReply Of hoHttp vOcspReply vJsonReply To iOcspStatus // The ocspStatus can have one of these values: // -1: The ARG1 does not contain a valid OCSP reply. // 0: Successful - Response has valid confirmations.. // 1: Malformed request - Illegal confirmation request. // 2: Internal error - Internal error in issuer. // 3: Try later - Try again later. // 4: Not used - This value is never returned. // 5: Sig required - Must sign the request. // 6: Unauthorized - Request unauthorized. If (iOcspStatus < 0) Begin Showln "Invalid OCSP reply." Procedure_Return End Showln "Overall OCSP Response Status: " iOcspStatus // Let's examine the OCSP response (in JSON). Set ComEmitCompact Of hoJsonReply To False Get ComEmit Of hoJsonReply To sTemp1 Showln sTemp1 // The JSON reply looks like this: // (Use the online tool at https://tools.chilkat.io/jsonParse.cshtml // to generate JSON parsing code.) // { // "responseStatus": 0, // "responseTypeOid": "1.3.6.1.5.5.7.48.1.1", // "responseTypeName": "ocspBasic", // "response": { // "responderIdChoice": "KeyHash", // "responderKeyHash": "d8K4UJpndnaxLcKG0IOgfqZ+uks=", // "dateTime": "20180803193937Z", // "cert": [ // { // "hashOid": "1.3.14.3.2.26", // "hashAlg": "SHA-1", // "issuerNameHash": "9u2wY2IygZo19o11oJ0CShGqbK0=", // "issuerKeyHash": "d8K4UJpndnaxLcKG0IOgfqZ+uks=", // "serialNumber": "6175535D87BF94B6", // "status": 0, // "thisUpdate": "20180803193937Z", // "nextUpdate": "20180810193937Z" // } // ] // } // } // // The certificate status: Get ComIntOf Of hoJsonReply "response.cert[0].status" To iCertStatus // Possible certStatus values are: // 0: Good // 1: Revoked // 2: Unknown. Showln "Certificate Status: " iCertStatus End_Procedure |
© 2000-2024 Chilkat Software, Inc. All Rights Reserved.