Chilkat HOME .NET Core C# Android™ AutoIt C C# C++ Chilkat2-Python CkPython Classic ASP DataFlex Delphi ActiveX Delphi DLL Go Java Lianja Mono C# Node.js Objective-C PHP ActiveX PHP Extension Perl PowerBuilder PowerShell PureBasic Ruby SQL Server Swift 2 Swift 3,4,5... Tcl Unicode C Unicode C++ VB.NET VBScript Visual Basic 6.0 Visual FoxPro Xojo Plugin
(Visual FoxPro) Validate Certificate using OCSP ProtocolDemonstrates how to validate a certificate (check the revoked status) using the OCSP protocol. Note: This example requires Chilkat v9.5.0.75 or greater
LOCAL loCert LOCAL lnSuccess LOCAL lcOcspUrl LOCAL loPrng LOCAL loJson LOCAL loOcspRequest LOCAL loHttp LOCAL loResp LOCAL loOcspReply LOCAL loJsonReply LOCAL lnOcspStatus LOCAL lnCertStatus * Note: Requires Chilkat v9.5.0.75 or greater. * This requires the Chilkat API to have been previously unlocked. * See Global Unlock Sample for sample code. * This example will check the revoked status of a certificate loaded from a file. loCert = CreateObject('Chilkat_9_5_0.Cert') lnSuccess = loCert.LoadFromFile("qa_data/certs/google.crt") IF (lnSuccess <> 1) THEN ? loCert.LastErrorText RELEASE loCert CANCEL ENDIF * Get the cert's OCSP URL. lcOcspUrl = loCert.OcspUrl * Build the JSON that will be the OCSP request. loPrng = CreateObject('Chilkat_9_5_0.Prng') loJson = CreateObject('Chilkat_9_5_0.JsonObject') loJson.EmitCompact = 0 loJson.UpdateString("extensions.ocspNonce",loPrng.GenRandom(36,"base64")) loJson.I = 0 loJson.UpdateString("request[i].cert.hashAlg","sha1") loJson.UpdateString("request[i].cert.issuerNameHash",loCert.HashOf("IssuerDN","sha1","base64")) loJson.UpdateString("request[i].cert.issuerKeyHash",loCert.HashOf("IssuerPublicKey","sha1","base64")) loJson.UpdateString("request[i].cert.serialNumber",loCert.SerialNumber) ? loJson.Emit() * Our OCSP request looks like this: * { * "extensions": { * "ocspNonce": "qZDfbpO+nUxRzz6c/SPjE5QCAsPfpkQlRDxTnGl0gnxt7iXO" * }, * "request": [ * { * "cert": { * "hashAlg": "sha1", * "issuerNameHash": "9u2wY2IygZo19o11oJ0CShGqbK0=", * "issuerKeyHash": "d8K4UJpndnaxLcKG0IOgfqZ+uks=", * "serialNumber": "6175535D87BF94B6" * } * } * ] * } loOcspRequest = CreateObject('Chilkat_9_5_0.BinData') loHttp = CreateObject('Chilkat_9_5_0.Http') * Convert our JSON to a binary (ASN.1) OCSP request loHttp.CreateOcspRequest(loJson,loOcspRequest) * Send the OCSP request to the OCSP server loResp = loHttp.PBinaryBd("POST",lcOcspUrl,loOcspRequest,"application/ocsp-request",0,0) IF (loHttp.LastMethodSuccess <> 1) THEN ? loHttp.LastErrorText RELEASE loCert RELEASE loPrng RELEASE loJson RELEASE loOcspRequest RELEASE loHttp CANCEL ENDIF * Get the binary (ASN.1) OCSP reply loOcspReply = CreateObject('Chilkat_9_5_0.BinData') loResp.GetBodyBd(loOcspReply) RELEASE loResp * Convert the binary reply to JSON. * Also returns the overall OCSP response status. loJsonReply = CreateObject('Chilkat_9_5_0.JsonObject') lnOcspStatus = loHttp.ParseOcspReply(loOcspReply,loJsonReply) * The ocspStatus can have one of these values: * -1: The ARG1 does not contain a valid OCSP reply. * 0: Successful - Response has valid confirmations.. * 1: Malformed request - Illegal confirmation request. * 2: Internal error - Internal error in issuer. * 3: Try later - Try again later. * 4: Not used - This value is never returned. * 5: Sig required - Must sign the request. * 6: Unauthorized - Request unauthorized. IF (lnOcspStatus < 0) THEN ? "Invalid OCSP reply." RELEASE loCert RELEASE loPrng RELEASE loJson RELEASE loOcspRequest RELEASE loHttp RELEASE loOcspReply RELEASE loJsonReply CANCEL ENDIF ? "Overall OCSP Response Status: " + STR(lnOcspStatus) * Let's examine the OCSP response (in JSON). loJsonReply.EmitCompact = 0 ? loJsonReply.Emit() * The JSON reply looks like this: * (Use the online tool at https://tools.chilkat.io/jsonParse.cshtml * to generate JSON parsing code.) * { * "responseStatus": 0, * "responseTypeOid": "1.3.6.1.5.5.7.48.1.1", * "responseTypeName": "ocspBasic", * "response": { * "responderIdChoice": "KeyHash", * "responderKeyHash": "d8K4UJpndnaxLcKG0IOgfqZ+uks=", * "dateTime": "20180803193937Z", * "cert": [ * { * "hashOid": "1.3.14.3.2.26", * "hashAlg": "SHA-1", * "issuerNameHash": "9u2wY2IygZo19o11oJ0CShGqbK0=", * "issuerKeyHash": "d8K4UJpndnaxLcKG0IOgfqZ+uks=", * "serialNumber": "6175535D87BF94B6", * "status": 0, * "thisUpdate": "20180803193937Z", * "nextUpdate": "20180810193937Z" * } * ] * } * } * * The certificate status: lnCertStatus = loJsonReply.IntOf("response.cert[0].status") * Possible certStatus values are: * 0: Good * 1: Revoked * 2: Unknown. ? "Certificate Status: " + STR(lnCertStatus) RELEASE loCert RELEASE loPrng RELEASE loJson RELEASE loOcspRequest RELEASE loHttp RELEASE loOcspReply RELEASE loJsonReply |
© 2000-2023 Chilkat Software, Inc. All Rights Reserved.