Chilkat HOME .NET Core C# Android™ AutoIt C C# C++ Chilkat2-Python CkPython Classic ASP DataFlex Delphi ActiveX Delphi DLL Go Java Lianja Mono C# Node.js Objective-C PHP ActiveX PHP Extension Perl PowerBuilder PowerShell PureBasic Ruby SQL Server Swift 2 Swift 3,4,5... Tcl Unicode C Unicode C++ VB.NET VBScript Visual Basic 6.0 Visual FoxPro Xojo Plugin
(Perl) Validate Certificate using OCSP ProtocolDemonstrates how to validate a certificate (check the revoked status) using the OCSP protocol. Note: This example requires Chilkat v9.5.0.75 or greater
use chilkat(); # Note: Requires Chilkat v9.5.0.75 or greater. # This requires the Chilkat API to have been previously unlocked. # See Global Unlock Sample for sample code. # This example will check the revoked status of a certificate loaded from a file. $cert = chilkat::CkCert->new(); $success = $cert->LoadFromFile("qa_data/certs/google.crt"); if ($success != 1) { print $cert->lastErrorText() . "\r\n"; exit; } # Get the cert's OCSP URL. $ocspUrl = $cert->ocspUrl(); # Build the JSON that will be the OCSP request. $prng = chilkat::CkPrng->new(); $json = chilkat::CkJsonObject->new(); $json->put_EmitCompact(0); $json->UpdateString("extensions.ocspNonce",$prng->genRandom(36,"base64")); $json->put_I(0); $json->UpdateString("request[i].cert.hashAlg","sha1"); $json->UpdateString("request[i].cert.issuerNameHash",$cert->hashOf("IssuerDN","sha1","base64")); $json->UpdateString("request[i].cert.issuerKeyHash",$cert->hashOf("IssuerPublicKey","sha1","base64")); $json->UpdateString("request[i].cert.serialNumber",$cert->serialNumber()); print $json->emit() . "\r\n"; # Our OCSP request looks like this: # { # "extensions": { # "ocspNonce": "qZDfbpO+nUxRzz6c/SPjE5QCAsPfpkQlRDxTnGl0gnxt7iXO" # }, # "request": [ # { # "cert": { # "hashAlg": "sha1", # "issuerNameHash": "9u2wY2IygZo19o11oJ0CShGqbK0=", # "issuerKeyHash": "d8K4UJpndnaxLcKG0IOgfqZ+uks=", # "serialNumber": "6175535D87BF94B6" # } # } # ] # } $ocspRequest = chilkat::CkBinData->new(); $http = chilkat::CkHttp->new(); # Convert our JSON to a binary (ASN.1) OCSP request $http->CreateOcspRequest($json,$ocspRequest); # Send the OCSP request to the OCSP server # resp is a HttpResponse $resp = $http->PBinaryBd("POST",$ocspUrl,$ocspRequest,"application/ocsp-request",0,0); if ($http->get_LastMethodSuccess() != 1) { print $http->lastErrorText() . "\r\n"; exit; } # Get the binary (ASN.1) OCSP reply $ocspReply = chilkat::CkBinData->new(); $resp->GetBodyBd($ocspReply); # Convert the binary reply to JSON. # Also returns the overall OCSP response status. $jsonReply = chilkat::CkJsonObject->new(); $ocspStatus = $http->ParseOcspReply($ocspReply,$jsonReply); # The ocspStatus can have one of these values: # -1: The ARG1 does not contain a valid OCSP reply. # 0: Successful - Response has valid confirmations.. # 1: Malformed request - Illegal confirmation request. # 2: Internal error - Internal error in issuer. # 3: Try later - Try again later. # 4: Not used - This value is never returned. # 5: Sig required - Must sign the request. # 6: Unauthorized - Request unauthorized. if ($ocspStatus < 0) { print "Invalid OCSP reply." . "\r\n"; exit; } print "Overall OCSP Response Status: " . $ocspStatus . "\r\n"; # Let's examine the OCSP response (in JSON). $jsonReply->put_EmitCompact(0); print $jsonReply->emit() . "\r\n"; # The JSON reply looks like this: # (Use the online tool at https://tools.chilkat.io/jsonParse.cshtml # to generate JSON parsing code.) # { # "responseStatus": 0, # "responseTypeOid": "1.3.6.1.5.5.7.48.1.1", # "responseTypeName": "ocspBasic", # "response": { # "responderIdChoice": "KeyHash", # "responderKeyHash": "d8K4UJpndnaxLcKG0IOgfqZ+uks=", # "dateTime": "20180803193937Z", # "cert": [ # { # "hashOid": "1.3.14.3.2.26", # "hashAlg": "SHA-1", # "issuerNameHash": "9u2wY2IygZo19o11oJ0CShGqbK0=", # "issuerKeyHash": "d8K4UJpndnaxLcKG0IOgfqZ+uks=", # "serialNumber": "6175535D87BF94B6", # "status": 0, # "thisUpdate": "20180803193937Z", # "nextUpdate": "20180810193937Z" # } # ] # } # } # # The certificate status: $certStatus = $jsonReply->IntOf("response.cert[0].status"); # Possible certStatus values are: # 0: Good # 1: Revoked # 2: Unknown. print "Certificate Status: " . $certStatus . "\r\n"; |
© 2000-2024 Chilkat Software, Inc. All Rights Reserved.