Chilkat HOME .NET Core C# Android™ AutoIt C C# C++ Chilkat2-Python CkPython Classic ASP DataFlex Delphi ActiveX Delphi DLL Go Java Lianja Mono C# Node.js Objective-C PHP ActiveX PHP Extension Perl PowerBuilder PowerShell PureBasic Ruby SQL Server Swift 2 Swift 3,4,5... Tcl Unicode C Unicode C++ VB.NET VBScript Visual Basic 6.0 Visual FoxPro Xojo Plugin
(Classic ASP) Validate Certificate using OCSP ProtocolDemonstrates how to validate a certificate (check the revoked status) using the OCSP protocol. Note: This example requires Chilkat v9.5.0.75 or greater
<html> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8"> </head> <body> <% ' Note: Requires Chilkat v9.5.0.75 or greater. ' This requires the Chilkat API to have been previously unlocked. ' See Global Unlock Sample for sample code. ' This example will check the revoked status of a certificate loaded from a file. set cert = Server.CreateObject("Chilkat_9_5_0.Cert") success = cert.LoadFromFile("qa_data/certs/google.crt") If (success <> 1) Then Response.Write "<pre>" & Server.HTMLEncode( cert.LastErrorText) & "</pre>" Response.End End If ' Get the cert's OCSP URL. ocspUrl = cert.OcspUrl ' Build the JSON that will be the OCSP request. set prng = Server.CreateObject("Chilkat_9_5_0.Prng") set json = Server.CreateObject("Chilkat_9_5_0.JsonObject") json.EmitCompact = 0 success = json.UpdateString("extensions.ocspNonce",prng.GenRandom(36,"base64")) json.I = 0 success = json.UpdateString("request[i].cert.hashAlg","sha1") success = json.UpdateString("request[i].cert.issuerNameHash",cert.HashOf("IssuerDN","sha1","base64")) success = json.UpdateString("request[i].cert.issuerKeyHash",cert.HashOf("IssuerPublicKey","sha1","base64")) success = json.UpdateString("request[i].cert.serialNumber",cert.SerialNumber) Response.Write "<pre>" & Server.HTMLEncode( json.Emit()) & "</pre>" ' Our OCSP request looks like this: ' { ' "extensions": { ' "ocspNonce": "qZDfbpO+nUxRzz6c/SPjE5QCAsPfpkQlRDxTnGl0gnxt7iXO" ' }, ' "request": [ ' { ' "cert": { ' "hashAlg": "sha1", ' "issuerNameHash": "9u2wY2IygZo19o11oJ0CShGqbK0=", ' "issuerKeyHash": "d8K4UJpndnaxLcKG0IOgfqZ+uks=", ' "serialNumber": "6175535D87BF94B6" ' } ' } ' ] ' } set ocspRequest = Server.CreateObject("Chilkat_9_5_0.BinData") set http = Server.CreateObject("Chilkat_9_5_0.Http") ' Convert our JSON to a binary (ASN.1) OCSP request success = http.CreateOcspRequest(json,ocspRequest) ' Send the OCSP request to the OCSP server ' resp is a Chilkat_9_5_0.HttpResponse Set resp = http.PBinaryBd("POST",ocspUrl,ocspRequest,"application/ocsp-request",0,0) If (http.LastMethodSuccess <> 1) Then Response.Write "<pre>" & Server.HTMLEncode( http.LastErrorText) & "</pre>" Response.End End If ' Get the binary (ASN.1) OCSP reply set ocspReply = Server.CreateObject("Chilkat_9_5_0.BinData") success = resp.GetBodyBd(ocspReply) ' Convert the binary reply to JSON. ' Also returns the overall OCSP response status. set jsonReply = Server.CreateObject("Chilkat_9_5_0.JsonObject") ocspStatus = http.ParseOcspReply(ocspReply,jsonReply) ' The ocspStatus can have one of these values: ' -1: The ARG1 does not contain a valid OCSP reply. ' 0: Successful - Response has valid confirmations.. ' 1: Malformed request - Illegal confirmation request. ' 2: Internal error - Internal error in issuer. ' 3: Try later - Try again later. ' 4: Not used - This value is never returned. ' 5: Sig required - Must sign the request. ' 6: Unauthorized - Request unauthorized. If (ocspStatus < 0) Then Response.Write "<pre>" & Server.HTMLEncode( "Invalid OCSP reply.") & "</pre>" Response.End End If Response.Write "<pre>" & Server.HTMLEncode( "Overall OCSP Response Status: " & ocspStatus) & "</pre>" ' Let's examine the OCSP response (in JSON). jsonReply.EmitCompact = 0 Response.Write "<pre>" & Server.HTMLEncode( jsonReply.Emit()) & "</pre>" ' The JSON reply looks like this: ' (Use the online tool at https://tools.chilkat.io/jsonParse.cshtml ' to generate JSON parsing code.) ' { ' "responseStatus": 0, ' "responseTypeOid": "1.3.6.1.5.5.7.48.1.1", ' "responseTypeName": "ocspBasic", ' "response": { ' "responderIdChoice": "KeyHash", ' "responderKeyHash": "d8K4UJpndnaxLcKG0IOgfqZ+uks=", ' "dateTime": "20180803193937Z", ' "cert": [ ' { ' "hashOid": "1.3.14.3.2.26", ' "hashAlg": "SHA-1", ' "issuerNameHash": "9u2wY2IygZo19o11oJ0CShGqbK0=", ' "issuerKeyHash": "d8K4UJpndnaxLcKG0IOgfqZ+uks=", ' "serialNumber": "6175535D87BF94B6", ' "status": 0, ' "thisUpdate": "20180803193937Z", ' "nextUpdate": "20180810193937Z" ' } ' ] ' } ' } ' ' The certificate status: certStatus = jsonReply.IntOf("response.cert[0].status") ' Possible certStatus values are: ' 0: Good ' 1: Revoked ' 2: Unknown. Response.Write "<pre>" & Server.HTMLEncode( "Certificate Status: " & certStatus) & "</pre>" %> </body> </html> |
© 2000-2024 Chilkat Software, Inc. All Rights Reserved.