Chilkat HOME .NET Core C# Android™ AutoIt C C# C++ Chilkat2-Python CkPython Classic ASP DataFlex Delphi ActiveX Delphi DLL Go Java Lianja Mono C# Node.js Objective-C PHP ActiveX PHP Extension Perl PowerBuilder PowerShell PureBasic Ruby SQL Server Swift 2 Swift 3,4,5... Tcl Unicode C Unicode C++ VB.NET VBScript Visual Basic 6.0 Visual FoxPro Xojo Plugin
(Classic ASP) Validate Certificate using OCSP ProtocolDemonstrates how to validate a certificate (check the revoked status) using the OCSP protocol.
<html> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8"> </head> <body> <% ' Note: Requires Chilkat v9.5.0.75 or greater. ' This requires the Chilkat API to have been previously unlocked. ' See Global Unlock Sample for sample code. ' This example will check the revoked status of a certificate loaded from a file. ' For versions of Chilkat < 10.0.0, use CreateObject("Chilkat_9_5_0.Cert") set cert = Server.CreateObject("Chilkat.Cert") success = cert.LoadFromFile("qa_data/certs/google.crt") If (success <> 1) Then Response.Write "<pre>" & Server.HTMLEncode( cert.LastErrorText) & "</pre>" Response.End End If ' Get the cert's OCSP URL. ocspUrl = cert.OcspUrl ' Build the JSON that will be the OCSP request. ' Possible hash algorithms are sha1, sha256, sha384, sha512. hashAlg = "sha256" ' For versions of Chilkat < 10.0.0, use CreateObject("Chilkat_9_5_0.Prng") set prng = Server.CreateObject("Chilkat.Prng") ' For versions of Chilkat < 10.0.0, use CreateObject("Chilkat_9_5_0.JsonObject") set json = Server.CreateObject("Chilkat.JsonObject") json.EmitCompact = 0 ' Read more about OCSP nonce lengths success = json.UpdateString("extensions.ocspNonce",prng.GenRandom(16,"base64")) json.I = 0 success = json.UpdateString("request[i].cert.hashAlg",hashAlg) success = json.UpdateString("request[i].cert.issuerNameHash",cert.HashOf("IssuerDN",hashAlg,"base64")) success = json.UpdateString("request[i].cert.issuerKeyHash",cert.HashOf("IssuerPublicKey",hashAlg,"base64")) success = json.UpdateString("request[i].cert.serialNumber",cert.SerialNumber) Response.Write "<pre>" & Server.HTMLEncode( json.Emit()) & "</pre>" ' Our OCSP request looks something like this: ' { ' "extensions": { ' "ocspNonce": "qZDfbpO+nUxRzz6c/SPjE5QCAsPfpkQlRDxTnGl0gnxt7iXO" ' }, ' "request": [ ' { ' "cert": { ' "hashAlg": "sha1", ' "issuerNameHash": "9u2wY2IygZo19o11oJ0CShGqbK0=", ' "issuerKeyHash": "d8K4UJpndnaxLcKG0IOgfqZ+uks=", ' "serialNumber": "6175535D87BF94B6" ' } ' } ' ] ' } ' For versions of Chilkat < 10.0.0, use CreateObject("Chilkat_9_5_0.BinData") set ocspRequest = Server.CreateObject("Chilkat.BinData") ' For versions of Chilkat < 10.0.0, use CreateObject("Chilkat_9_5_0.Http") set http = Server.CreateObject("Chilkat.Http") ' Convert our JSON to a binary (ASN.1) OCSP request success = http.CreateOcspRequest(json,ocspRequest) If (success = 0) Then Response.Write "<pre>" & Server.HTMLEncode( http.LastErrorText) & "</pre>" Response.End End If ' Send the OCSP request to the OCSP server ' resp is a Chilkat.HttpResponse Set resp = http.PBinaryBd("POST",ocspUrl,ocspRequest,"application/ocsp-request",0,0) If (http.LastMethodSuccess <> 1) Then Response.Write "<pre>" & Server.HTMLEncode( http.LastErrorText) & "</pre>" Response.End End If ' Get the binary (ASN.1) OCSP reply ' For versions of Chilkat < 10.0.0, use CreateObject("Chilkat_9_5_0.BinData") set ocspReply = Server.CreateObject("Chilkat.BinData") success = resp.GetBodyBd(ocspReply) ' Convert the binary reply to JSON. ' Also returns the overall OCSP response status. ' For versions of Chilkat < 10.0.0, use CreateObject("Chilkat_9_5_0.JsonObject") set jsonReply = Server.CreateObject("Chilkat.JsonObject") ocspStatus = http.ParseOcspReply(ocspReply,jsonReply) ' The ocspStatus can have one of these values: ' -1: The ARG1 does not contain a valid OCSP reply. ' 0: Successful - Response has valid confirmations.. ' 1: Malformed request - Illegal confirmation request. ' 2: Internal error - Internal error in issuer. ' 3: Try later - Try again later. ' 4: Not used - This value is never returned. ' 5: Sig required - Must sign the request. ' 6: Unauthorized - Request unauthorized. If (ocspStatus < 0) Then Response.Write "<pre>" & Server.HTMLEncode( "Invalid OCSP reply.") & "</pre>" Response.End End If Response.Write "<pre>" & Server.HTMLEncode( "Overall OCSP Response Status: " & ocspStatus) & "</pre>" ' Let's examine the OCSP response (in JSON). jsonReply.EmitCompact = 0 Response.Write "<pre>" & Server.HTMLEncode( jsonReply.Emit()) & "</pre>" ' The JSON reply looks like this: ' (Use the online tool at https://tools.chilkat.io/jsonParse.cshtml ' to generate JSON parsing code.) ' { ' "responseStatus": 0, ' "responseTypeOid": "1.3.6.1.5.5.7.48.1.1", ' "responseTypeName": "ocspBasic", ' "response": { ' "responderIdChoice": "KeyHash", ' "responderKeyHash": "d8K4UJpndnaxLcKG0IOgfqZ+uks=", ' "dateTime": "20180803193937Z", ' "cert": [ ' { ' "hashOid": "1.3.14.3.2.26", ' "hashAlg": "SHA-1", ' "issuerNameHash": "9u2wY2IygZo19o11oJ0CShGqbK0=", ' "issuerKeyHash": "d8K4UJpndnaxLcKG0IOgfqZ+uks=", ' "serialNumber": "6175535D87BF94B6", ' "status": 0, ' "thisUpdate": "20180803193937Z", ' "nextUpdate": "20180810193937Z" ' } ' ] ' } ' } ' ' The certificate status: certStatus = -1 If (jsonReply.HasMember("response.cert[0].status") = 1) Then certStatus = jsonReply.IntOf("response.cert[0].status") End If ' Possible certStatus values are: ' -1: No status returned. ' 0: Good ' 1: Revoked ' 2: Unknown. Response.Write "<pre>" & Server.HTMLEncode( "Certificate Status: " & certStatus) & "</pre>" %> </body> </html> |
© 2000-2024 Chilkat Software, Inc. All Rights Reserved.