|
Chilkat • HOME • .NET Core C# • Android™ • AutoIt • C • C# • C++ • Chilkat2-Python • CkPython • Classic ASP • DataFlex • Delphi ActiveX • Delphi DLL • Go • Java • Lianja • Mono C# • Node.js • Objective-C • PHP ActiveX • PHP Extension • Perl • PowerBuilder • PowerShell • PureBasic • Ruby • SQL Server • Swift 2 • Swift 3,4,5... • Tcl • Unicode C • Unicode C++ • VB.NET • VBScript • Visual Basic 6.0 • Visual FoxPro • Xojo Plugin
(AutoIt) Validate Certificate using OCSP ProtocolDemonstrates how to validate a certificate (check the revoked status) using the OCSP protocol.
; Note: Requires Chilkat v9.5.0.75 or greater. ; This requires the Chilkat API to have been previously unlocked. ; See Global Unlock Sample for sample code. ; This example will check the revoked status of a certificate loaded from a file. $oCert = ObjCreate("Chilkat.Cert") Local $bSuccess = $oCert.LoadFromFile("qa_data/certs/google.crt") If ($bSuccess <> True) Then ConsoleWrite($oCert.LastErrorText & @CRLF) Exit EndIf ; Get the cert's OCSP URL. Local $sOcspUrl = $oCert.OcspUrl ; Build the JSON that will be the OCSP request. ; Possible hash algorithms are sha1, sha256, sha384, sha512. Local $sHashAlg = "sha256" $oPrng = ObjCreate("Chilkat.Prng") $oJson = ObjCreate("Chilkat.JsonObject") $oJson.EmitCompact = False ; Read more about OCSP nonce lengths $oJson.UpdateString("extensions.ocspNonce",$oPrng.GenRandom(16,"base64")) $oJson.I = 0 $oJson.UpdateString("request[i].cert.hashAlg",$sHashAlg) $oJson.UpdateString("request[i].cert.issuerNameHash",$oCert.HashOf("IssuerDN",$sHashAlg,"base64")) $oJson.UpdateString("request[i].cert.issuerKeyHash",$oCert.HashOf("IssuerPublicKey",$sHashAlg,"base64")) $oJson.UpdateString("request[i].cert.serialNumber",$oCert.SerialNumber) ConsoleWrite($oJson.Emit() & @CRLF) ; Our OCSP request looks something like this: ; { ; "extensions": { ; "ocspNonce": "qZDfbpO+nUxRzz6c/SPjE5QCAsPfpkQlRDxTnGl0gnxt7iXO" ; }, ; "request": [ ; { ; "cert": { ; "hashAlg": "sha1", ; "issuerNameHash": "9u2wY2IygZo19o11oJ0CShGqbK0=", ; "issuerKeyHash": "d8K4UJpndnaxLcKG0IOgfqZ+uks=", ; "serialNumber": "6175535D87BF94B6" ; } ; } ; ] ; } $oOcspRequest = ObjCreate("Chilkat.BinData") $oHttp = ObjCreate("Chilkat.Http") ; Convert our JSON to a binary (ASN.1) OCSP request $bSuccess = $oHttp.CreateOcspRequest($oJson,$oOcspRequest) If ($bSuccess = False) Then ConsoleWrite($oHttp.LastErrorText & @CRLF) Exit EndIf ; Send the OCSP request to the OCSP server Local $oResp = $oHttp.PBinaryBd("POST",$sOcspUrl,$oOcspRequest,"application/ocsp-request",False,False) If ($oHttp.LastMethodSuccess <> True) Then ConsoleWrite($oHttp.LastErrorText & @CRLF) Exit EndIf ; Get the binary (ASN.1) OCSP reply $oOcspReply = ObjCreate("Chilkat.BinData") $oResp.GetBodyBd($oOcspReply) ; Convert the binary reply to JSON. ; Also returns the overall OCSP response status. $oJsonReply = ObjCreate("Chilkat.JsonObject") Local $iOcspStatus = $oHttp.ParseOcspReply($oOcspReply,$oJsonReply) ; The ocspStatus can have one of these values: ; -1: The ARG1 does not contain a valid OCSP reply. ; 0: Successful - Response has valid confirmations.. ; 1: Malformed request - Illegal confirmation request. ; 2: Internal error - Internal error in issuer. ; 3: Try later - Try again later. ; 4: Not used - This value is never returned. ; 5: Sig required - Must sign the request. ; 6: Unauthorized - Request unauthorized. If ($iOcspStatus < 0) Then ConsoleWrite("Invalid OCSP reply." & @CRLF) Exit EndIf ConsoleWrite("Overall OCSP Response Status: " & $iOcspStatus & @CRLF) ; Let's examine the OCSP response (in JSON). $oJsonReply.EmitCompact = False ConsoleWrite($oJsonReply.Emit() & @CRLF) ; The JSON reply looks like this: ; (Use the online tool at https://tools.chilkat.io/jsonParse.cshtml ; to generate JSON parsing code.) ; { ; "responseStatus": 0, ; "responseTypeOid": "1.3.6.1.5.5.7.48.1.1", ; "responseTypeName": "ocspBasic", ; "response": { ; "responderIdChoice": "KeyHash", ; "responderKeyHash": "d8K4UJpndnaxLcKG0IOgfqZ+uks=", ; "dateTime": "20180803193937Z", ; "cert": [ ; { ; "hashOid": "1.3.14.3.2.26", ; "hashAlg": "SHA-1", ; "issuerNameHash": "9u2wY2IygZo19o11oJ0CShGqbK0=", ; "issuerKeyHash": "d8K4UJpndnaxLcKG0IOgfqZ+uks=", ; "serialNumber": "6175535D87BF94B6", ; "status": 0, ; "thisUpdate": "20180803193937Z", ; "nextUpdate": "20180810193937Z" ; } ; ] ; } ; } ; ; The certificate status: Local $iCertStatus = -1 If ($oJsonReply.HasMember("response.cert[0].status") = True) Then $iCertStatus = $oJsonReply.IntOf("response.cert[0].status") EndIf ; Possible certStatus values are: ; -1: No status returned. ; 0: Good ; 1: Revoked ; 2: Unknown. ConsoleWrite("Certificate Status: " & $iCertStatus & @CRLF) |
||||
© 2000-2024 Chilkat Software, Inc. All Rights Reserved.