|
Chilkat • HOME • Android™ • AutoIt • C • C# • C++ • Chilkat2-Python • CkPython • Classic ASP • DataFlex • Delphi DLL • Go • Java • Node.js • Objective-C • PHP Extension • Perl • PowerBuilder • PowerShell • PureBasic • Ruby • SQL Server • Swift • Tcl • Unicode C • Unicode C++ • VB.NET • VBScript • Visual Basic 6.0 • Visual FoxPro • Xojo Plugin
(Visual FoxPro) Validate Certificate using OCSP ProtocolDemonstrates how to validate a certificate (check the revoked status) using the OCSP protocol.
LOCAL loCert LOCAL lnSuccess LOCAL lcOcspUrl LOCAL lcHashAlg LOCAL loPrng LOCAL loJson LOCAL loOcspRequest LOCAL loHttp LOCAL loResp LOCAL loOcspReply LOCAL loJsonReply LOCAL lnOcspStatus LOCAL lnCertStatus * Note: Requires Chilkat v9.5.0.75 or greater. * This requires the Chilkat API to have been previously unlocked. * See Global Unlock Sample for sample code. * This example will check the revoked status of a certificate loaded from a file. * For versions of Chilkat < 10.0.0, use CreateObject('Chilkat_9_5_0.Cert') loCert = CreateObject('Chilkat.Cert') lnSuccess = loCert.LoadFromFile("qa_data/certs/google.crt") IF (lnSuccess <> 1) THEN ? loCert.LastErrorText RELEASE loCert CANCEL ENDIF * Get the cert's OCSP URL. lcOcspUrl = loCert.OcspUrl * Build the JSON that will be the OCSP request. * Possible hash algorithms are sha1, sha256, sha384, sha512. lcHashAlg = "sha256" * For versions of Chilkat < 10.0.0, use CreateObject('Chilkat_9_5_0.Prng') loPrng = CreateObject('Chilkat.Prng') * For versions of Chilkat < 10.0.0, use CreateObject('Chilkat_9_5_0.JsonObject') loJson = CreateObject('Chilkat.JsonObject') loJson.EmitCompact = 0 * Read more about OCSP nonce lengths loJson.UpdateString("extensions.ocspNonce",loPrng.GenRandom(16,"base64")) loJson.I = 0 loJson.UpdateString("request[i].cert.hashAlg",lcHashAlg) loJson.UpdateString("request[i].cert.issuerNameHash",loCert.HashOf("IssuerDN",lcHashAlg,"base64")) loJson.UpdateString("request[i].cert.issuerKeyHash",loCert.HashOf("IssuerPublicKey",lcHashAlg,"base64")) loJson.UpdateString("request[i].cert.serialNumber",loCert.SerialNumber) ? loJson.Emit() * Our OCSP request looks something like this: * { * "extensions": { * "ocspNonce": "qZDfbpO+nUxRzz6c/SPjE5QCAsPfpkQlRDxTnGl0gnxt7iXO" * }, * "request": [ * { * "cert": { * "hashAlg": "sha1", * "issuerNameHash": "9u2wY2IygZo19o11oJ0CShGqbK0=", * "issuerKeyHash": "d8K4UJpndnaxLcKG0IOgfqZ+uks=", * "serialNumber": "6175535D87BF94B6" * } * } * ] * } * For versions of Chilkat < 10.0.0, use CreateObject('Chilkat_9_5_0.BinData') loOcspRequest = CreateObject('Chilkat.BinData') * For versions of Chilkat < 10.0.0, use CreateObject('Chilkat_9_5_0.Http') loHttp = CreateObject('Chilkat.Http') * Convert our JSON to a binary (ASN.1) OCSP request lnSuccess = loHttp.CreateOcspRequest(loJson,loOcspRequest) IF (lnSuccess = 0) THEN ? loHttp.LastErrorText RELEASE loCert RELEASE loPrng RELEASE loJson RELEASE loOcspRequest RELEASE loHttp CANCEL ENDIF * Send the OCSP request to the OCSP server loResp = loHttp.PBinaryBd("POST",lcOcspUrl,loOcspRequest,"application/ocsp-request",0,0) IF (loHttp.LastMethodSuccess <> 1) THEN ? loHttp.LastErrorText RELEASE loCert RELEASE loPrng RELEASE loJson RELEASE loOcspRequest RELEASE loHttp CANCEL ENDIF * Get the binary (ASN.1) OCSP reply * For versions of Chilkat < 10.0.0, use CreateObject('Chilkat_9_5_0.BinData') loOcspReply = CreateObject('Chilkat.BinData') loResp.GetBodyBd(loOcspReply) RELEASE loResp * Convert the binary reply to JSON. * Also returns the overall OCSP response status. * For versions of Chilkat < 10.0.0, use CreateObject('Chilkat_9_5_0.JsonObject') loJsonReply = CreateObject('Chilkat.JsonObject') lnOcspStatus = loHttp.ParseOcspReply(loOcspReply,loJsonReply) * The ocspStatus can have one of these values: * -1: The ARG1 does not contain a valid OCSP reply. * 0: Successful - Response has valid confirmations.. * 1: Malformed request - Illegal confirmation request. * 2: Internal error - Internal error in issuer. * 3: Try later - Try again later. * 4: Not used - This value is never returned. * 5: Sig required - Must sign the request. * 6: Unauthorized - Request unauthorized. IF (lnOcspStatus < 0) THEN ? "Invalid OCSP reply." RELEASE loCert RELEASE loPrng RELEASE loJson RELEASE loOcspRequest RELEASE loHttp RELEASE loOcspReply RELEASE loJsonReply CANCEL ENDIF ? "Overall OCSP Response Status: " + STR(lnOcspStatus) * Let's examine the OCSP response (in JSON). loJsonReply.EmitCompact = 0 ? loJsonReply.Emit() * The JSON reply looks like this: * (Use the online tool at https://tools.chilkat.io/jsonParse.cshtml * to generate JSON parsing code.) * { * "responseStatus": 0, * "responseTypeOid": "1.3.6.1.5.5.7.48.1.1", * "responseTypeName": "ocspBasic", * "response": { * "responderIdChoice": "KeyHash", * "responderKeyHash": "d8K4UJpndnaxLcKG0IOgfqZ+uks=", * "dateTime": "20180803193937Z", * "cert": [ * { * "hashOid": "1.3.14.3.2.26", * "hashAlg": "SHA-1", * "issuerNameHash": "9u2wY2IygZo19o11oJ0CShGqbK0=", * "issuerKeyHash": "d8K4UJpndnaxLcKG0IOgfqZ+uks=", * "serialNumber": "6175535D87BF94B6", * "status": 0, * "thisUpdate": "20180803193937Z", * "nextUpdate": "20180810193937Z" * } * ] * } * } * * The certificate status: lnCertStatus = -1 IF (loJsonReply.HasMember("response.cert[0].status") = 1) THEN lnCertStatus = loJsonReply.IntOf("response.cert[0].status") ENDIF * Possible certStatus values are: * -1: No status returned. * 0: Good * 1: Revoked * 2: Unknown. ? "Certificate Status: " + STR(lnCertStatus) RELEASE loCert RELEASE loPrng RELEASE loJson RELEASE loOcspRequest RELEASE loHttp RELEASE loOcspReply RELEASE loJsonReply |
||||
© 2000-2025 Chilkat Software, Inc. All Rights Reserved.