Visual FoxPro
Visual FoxPro
Validate Certificate using OCSP Protocol
See more Certificates Examples
Demonstrates how to validate a certificate (check the revoked status) using the OCSP protocol.Chilkat Visual FoxPro Downloads
LOCAL lnSuccess
LOCAL loCert
LOCAL lcOcspUrl
LOCAL lcHashAlg
LOCAL loPrng
LOCAL loJson
LOCAL loOcspRequest
LOCAL loHttp
LOCAL loResp
LOCAL loOcspReply
LOCAL loJsonReply
LOCAL lnOcspStatus
LOCAL lnCertStatus
lnSuccess = 0
* This requires the Chilkat API to have been previously unlocked.
* See Global Unlock Sample for sample code.
* This example will check the revoked status of a certificate loaded from a file.
loCert = CreateObject('Chilkat.Cert')
lnSuccess = loCert.LoadFromFile("qa_data/certs/google.crt")
IF (lnSuccess = 0) THEN
? loCert.LastErrorText
RELEASE loCert
CANCEL
ENDIF
* Get the cert's OCSP URL.
lcOcspUrl = loCert.OcspUrl
* Build the JSON that will be the OCSP request.
* Possible hash algorithms are sha1, sha256, sha384, sha512.
lcHashAlg = "sha256"
loPrng = CreateObject('Chilkat.Prng')
loJson = CreateObject('Chilkat.JsonObject')
loJson.EmitCompact = 0
* Read more about OCSP nonce lengths
loJson.UpdateString("extensions.ocspNonce",loPrng.GenRandom(16,"base64"))
loJson.I = 0
loJson.UpdateString("request[i].cert.hashAlg",lcHashAlg)
loJson.UpdateString("request[i].cert.issuerNameHash",loCert.HashOf("IssuerDN",lcHashAlg,"base64"))
loJson.UpdateString("request[i].cert.issuerKeyHash",loCert.HashOf("IssuerPublicKey",lcHashAlg,"base64"))
loJson.UpdateString("request[i].cert.serialNumber",loCert.SerialNumber)
? loJson.Emit()
* Our OCSP request looks something like this:
* {
* "extensions": {
* "ocspNonce": "qZDfbpO+nUxRzz6c/SPjE5QCAsPfpkQlRDxTnGl0gnxt7iXO"
* },
* "request": [
* {
* "cert": {
* "hashAlg": "sha1",
* "issuerNameHash": "9u2wY2IygZo19o11oJ0CShGqbK0=",
* "issuerKeyHash": "d8K4UJpndnaxLcKG0IOgfqZ+uks=",
* "serialNumber": "6175535D87BF94B6"
* }
* }
* ]
* }
loOcspRequest = CreateObject('Chilkat.BinData')
loHttp = CreateObject('Chilkat.Http')
* Convert our JSON to a binary (ASN.1) OCSP request
lnSuccess = loHttp.CreateOcspRequest(loJson,loOcspRequest)
IF (lnSuccess = 0) THEN
? loHttp.LastErrorText
RELEASE loCert
RELEASE loPrng
RELEASE loJson
RELEASE loOcspRequest
RELEASE loHttp
CANCEL
ENDIF
* Send the OCSP request to the OCSP server
loResp = CreateObject('Chilkat.HttpResponse')
lnSuccess = loHttp.HttpBd("POST",lcOcspUrl,loOcspRequest,"application/ocsp-request",loResp)
IF (lnSuccess = 0) THEN
? loHttp.LastErrorText
RELEASE loCert
RELEASE loPrng
RELEASE loJson
RELEASE loOcspRequest
RELEASE loHttp
RELEASE loResp
CANCEL
ENDIF
* Get the binary (ASN.1) OCSP reply
loOcspReply = CreateObject('Chilkat.BinData')
loResp.GetBodyBd(loOcspReply)
* Convert the binary reply to JSON.
* Also returns the overall OCSP response status.
loJsonReply = CreateObject('Chilkat.JsonObject')
lnOcspStatus = loHttp.ParseOcspReply(loOcspReply,loJsonReply)
* The ocspStatus can have one of these values:
* -1: The ARG1 does not contain a valid OCSP reply.
* 0: Successful - Response has valid confirmations..
* 1: Malformed request - Illegal confirmation request.
* 2: Internal error - Internal error in issuer.
* 3: Try later - Try again later.
* 4: Not used - This value is never returned.
* 5: Sig required - Must sign the request.
* 6: Unauthorized - Request unauthorized.
IF (lnOcspStatus < 0) THEN
? "Invalid OCSP reply."
RELEASE loCert
RELEASE loPrng
RELEASE loJson
RELEASE loOcspRequest
RELEASE loHttp
RELEASE loResp
RELEASE loOcspReply
RELEASE loJsonReply
CANCEL
ENDIF
? "Overall OCSP Response Status: " + STR(lnOcspStatus)
* Let's examine the OCSP response (in JSON).
loJsonReply.EmitCompact = 0
? loJsonReply.Emit()
* The JSON reply looks like this:
* (Use the online tool at https://tools.chilkat.io/jsonParse.cshtml
* to generate JSON parsing code.)
* {
* "responseStatus": 0,
* "responseTypeOid": "1.3.6.1.5.5.7.48.1.1",
* "responseTypeName": "ocspBasic",
* "response": {
* "responderIdChoice": "KeyHash",
* "responderKeyHash": "d8K4UJpndnaxLcKG0IOgfqZ+uks=",
* "dateTime": "20180803193937Z",
* "cert": [
* {
* "hashOid": "1.3.14.3.2.26",
* "hashAlg": "SHA-1",
* "issuerNameHash": "9u2wY2IygZo19o11oJ0CShGqbK0=",
* "issuerKeyHash": "d8K4UJpndnaxLcKG0IOgfqZ+uks=",
* "serialNumber": "6175535D87BF94B6",
* "status": 0,
* "thisUpdate": "20180803193937Z",
* "nextUpdate": "20180810193937Z"
* }
* ]
* }
* }
*
* The certificate status:
lnCertStatus = -1
IF (loJsonReply.HasMember("response.cert[0].status") = 1) THEN
lnCertStatus = loJsonReply.IntOf("response.cert[0].status")
ENDIF
* Possible certStatus values are:
* -1: No status returned.
* 0: Good
* 1: Revoked
* 2: Unknown.
? "Certificate Status: " + STR(lnCertStatus)
RELEASE loCert
RELEASE loPrng
RELEASE loJson
RELEASE loOcspRequest
RELEASE loHttp
RELEASE loResp
RELEASE loOcspReply
RELEASE loJsonReply