Sample code for 30+ languages & platforms
Visual FoxPro

Validate Certificate using OCSP Protocol

See more Certificates Examples

Demonstrates how to validate a certificate (check the revoked status) using the OCSP protocol.

Chilkat Visual FoxPro Downloads

Visual FoxPro
LOCAL lnSuccess
LOCAL loCert
LOCAL lcOcspUrl
LOCAL lcHashAlg
LOCAL loPrng
LOCAL loJson
LOCAL loOcspRequest
LOCAL loHttp
LOCAL loResp
LOCAL loOcspReply
LOCAL loJsonReply
LOCAL lnOcspStatus
LOCAL lnCertStatus

lnSuccess = 0

* This requires the Chilkat API to have been previously unlocked.
* See Global Unlock Sample for sample code.

* This example will check the revoked status of a certificate loaded from a file.
loCert = CreateObject('Chilkat.Cert')
lnSuccess = loCert.LoadFromFile("qa_data/certs/google.crt")
IF (lnSuccess = 0) THEN
    ? loCert.LastErrorText
    RELEASE loCert
    CANCEL
ENDIF

* Get the cert's OCSP URL.
lcOcspUrl = loCert.OcspUrl

* Build the JSON that will be the OCSP request.

* Possible hash algorithms are sha1, sha256, sha384, sha512.  
lcHashAlg = "sha256"
loPrng = CreateObject('Chilkat.Prng')
loJson = CreateObject('Chilkat.JsonObject')
loJson.EmitCompact = 0
* Read more about OCSP nonce lengths
loJson.UpdateString("extensions.ocspNonce",loPrng.GenRandom(16,"base64"))
loJson.I = 0
loJson.UpdateString("request[i].cert.hashAlg",lcHashAlg)
loJson.UpdateString("request[i].cert.issuerNameHash",loCert.HashOf("IssuerDN",lcHashAlg,"base64"))
loJson.UpdateString("request[i].cert.issuerKeyHash",loCert.HashOf("IssuerPublicKey",lcHashAlg,"base64"))
loJson.UpdateString("request[i].cert.serialNumber",loCert.SerialNumber)

? loJson.Emit()

* Our OCSP request looks something like this:
* {
*   "extensions": {
*     "ocspNonce": "qZDfbpO+nUxRzz6c/SPjE5QCAsPfpkQlRDxTnGl0gnxt7iXO"
*   },
*   "request": [
*     {
*       "cert": {
*         "hashAlg": "sha1",
*         "issuerNameHash": "9u2wY2IygZo19o11oJ0CShGqbK0=",
*         "issuerKeyHash": "d8K4UJpndnaxLcKG0IOgfqZ+uks=",
*         "serialNumber": "6175535D87BF94B6"
*       }
*     }
*   ]
* }

loOcspRequest = CreateObject('Chilkat.BinData')
loHttp = CreateObject('Chilkat.Http')

* Convert our JSON to a binary (ASN.1) OCSP request
lnSuccess = loHttp.CreateOcspRequest(loJson,loOcspRequest)
IF (lnSuccess = 0) THEN
    ? loHttp.LastErrorText
    RELEASE loCert
    RELEASE loPrng
    RELEASE loJson
    RELEASE loOcspRequest
    RELEASE loHttp
    CANCEL
ENDIF

* Send the OCSP request to the OCSP server
loResp = CreateObject('Chilkat.HttpResponse')
lnSuccess = loHttp.HttpBd("POST",lcOcspUrl,loOcspRequest,"application/ocsp-request",loResp)
IF (lnSuccess = 0) THEN
    ? loHttp.LastErrorText
    RELEASE loCert
    RELEASE loPrng
    RELEASE loJson
    RELEASE loOcspRequest
    RELEASE loHttp
    RELEASE loResp
    CANCEL
ENDIF

* Get the binary (ASN.1) OCSP reply
loOcspReply = CreateObject('Chilkat.BinData')
loResp.GetBodyBd(loOcspReply)

* Convert the binary reply to JSON.
* Also returns the overall OCSP response status.
loJsonReply = CreateObject('Chilkat.JsonObject')
lnOcspStatus = loHttp.ParseOcspReply(loOcspReply,loJsonReply)

* The ocspStatus can have one of these values:
* -1:  The ARG1 does not contain a valid OCSP reply.
* 0:  Successful - Response has valid confirmations..
* 1: Malformed request - Illegal confirmation request.
* 2: Internal error - Internal error in issuer.
* 3: Try later -  Try again later.
* 4: Not used - This value is never returned.
* 5: Sig required - Must sign the request.
* 6: Unauthorized - Request unauthorized.

IF (lnOcspStatus < 0) THEN
    ? "Invalid OCSP reply."
    RELEASE loCert
    RELEASE loPrng
    RELEASE loJson
    RELEASE loOcspRequest
    RELEASE loHttp
    RELEASE loResp
    RELEASE loOcspReply
    RELEASE loJsonReply
    CANCEL
ENDIF

? "Overall OCSP Response Status: " + STR(lnOcspStatus)

* Let's examine the OCSP response (in JSON).
loJsonReply.EmitCompact = 0
? loJsonReply.Emit()

* The JSON reply looks like this:
* (Use the online tool at https://tools.chilkat.io/jsonParse.cshtml
* to generate JSON parsing code.)

* {
*   "responseStatus": 0,
*   "responseTypeOid": "1.3.6.1.5.5.7.48.1.1",
*   "responseTypeName": "ocspBasic",
*   "response": {
*     "responderIdChoice": "KeyHash",
*     "responderKeyHash": "d8K4UJpndnaxLcKG0IOgfqZ+uks=",
*     "dateTime": "20180803193937Z",
*     "cert": [
*       {
*         "hashOid": "1.3.14.3.2.26",
*         "hashAlg": "SHA-1",
*         "issuerNameHash": "9u2wY2IygZo19o11oJ0CShGqbK0=",
*         "issuerKeyHash": "d8K4UJpndnaxLcKG0IOgfqZ+uks=",
*         "serialNumber": "6175535D87BF94B6",
*         "status": 0,
*         "thisUpdate": "20180803193937Z",
*         "nextUpdate": "20180810193937Z"
*       }
*     ]
*   }
* }
* 

* The certificate status:
lnCertStatus = -1
IF (loJsonReply.HasMember("response.cert[0].status") = 1) THEN
    lnCertStatus = loJsonReply.IntOf("response.cert[0].status")
ENDIF

* Possible certStatus values are:
* -1: No status returned.
* 0: Good
* 1: Revoked
* 2: Unknown.
? "Certificate Status: " + STR(lnCertStatus)

RELEASE loCert
RELEASE loPrng
RELEASE loJson
RELEASE loOcspRequest
RELEASE loHttp
RELEASE loResp
RELEASE loOcspReply
RELEASE loJsonReply