|
Chilkat • HOME • .NET Core C# • Android™ • AutoIt • C • C# • C++ • Chilkat2-Python • CkPython • Classic ASP • DataFlex • Delphi ActiveX • Delphi DLL • Go • Java • Lianja • Mono C# • Node.js • Objective-C • PHP ActiveX • PHP Extension • Perl • PowerBuilder • PowerShell • PureBasic • Ruby • SQL Server • Swift 2 • Swift 3,4,5... • Tcl • Unicode C • Unicode C++ • VB.NET • VBScript • Visual Basic 6.0 • Visual FoxPro • Xojo Plugin
(VBScript) Validate Certificate using OCSP ProtocolDemonstrates how to validate a certificate (check the revoked status) using the OCSP protocol.
Dim fso, outFile Set fso = CreateObject("Scripting.FileSystemObject") 'Create a Unicode (utf-16) output text file. Set outFile = fso.CreateTextFile("output.txt", True, True) ' Note: Requires Chilkat v9.5.0.75 or greater. ' This requires the Chilkat API to have been previously unlocked. ' See Global Unlock Sample for sample code. ' This example will check the revoked status of a certificate loaded from a file. ' For versions of Chilkat < 10.0.0, use CreateObject("Chilkat_9_5_0.Cert") set cert = CreateObject("Chilkat.Cert") success = cert.LoadFromFile("qa_data/certs/google.crt") If (success <> 1) Then outFile.WriteLine(cert.LastErrorText) WScript.Quit End If ' Get the cert's OCSP URL. ocspUrl = cert.OcspUrl ' Build the JSON that will be the OCSP request. ' Possible hash algorithms are sha1, sha256, sha384, sha512. hashAlg = "sha256" ' For versions of Chilkat < 10.0.0, use CreateObject("Chilkat_9_5_0.Prng") set prng = CreateObject("Chilkat.Prng") ' For versions of Chilkat < 10.0.0, use CreateObject("Chilkat_9_5_0.JsonObject") set json = CreateObject("Chilkat.JsonObject") json.EmitCompact = 0 ' Read more about OCSP nonce lengths success = json.UpdateString("extensions.ocspNonce",prng.GenRandom(16,"base64")) json.I = 0 success = json.UpdateString("request[i].cert.hashAlg",hashAlg) success = json.UpdateString("request[i].cert.issuerNameHash",cert.HashOf("IssuerDN",hashAlg,"base64")) success = json.UpdateString("request[i].cert.issuerKeyHash",cert.HashOf("IssuerPublicKey",hashAlg,"base64")) success = json.UpdateString("request[i].cert.serialNumber",cert.SerialNumber) outFile.WriteLine(json.Emit()) ' Our OCSP request looks something like this: ' { ' "extensions": { ' "ocspNonce": "qZDfbpO+nUxRzz6c/SPjE5QCAsPfpkQlRDxTnGl0gnxt7iXO" ' }, ' "request": [ ' { ' "cert": { ' "hashAlg": "sha1", ' "issuerNameHash": "9u2wY2IygZo19o11oJ0CShGqbK0=", ' "issuerKeyHash": "d8K4UJpndnaxLcKG0IOgfqZ+uks=", ' "serialNumber": "6175535D87BF94B6" ' } ' } ' ] ' } ' For versions of Chilkat < 10.0.0, use CreateObject("Chilkat_9_5_0.BinData") set ocspRequest = CreateObject("Chilkat.BinData") ' For versions of Chilkat < 10.0.0, use CreateObject("Chilkat_9_5_0.Http") set http = CreateObject("Chilkat.Http") ' Convert our JSON to a binary (ASN.1) OCSP request success = http.CreateOcspRequest(json,ocspRequest) If (success = 0) Then outFile.WriteLine(http.LastErrorText) WScript.Quit End If ' Send the OCSP request to the OCSP server ' resp is a Chilkat.HttpResponse Set resp = http.PBinaryBd("POST",ocspUrl,ocspRequest,"application/ocsp-request",0,0) If (http.LastMethodSuccess <> 1) Then outFile.WriteLine(http.LastErrorText) WScript.Quit End If ' Get the binary (ASN.1) OCSP reply ' For versions of Chilkat < 10.0.0, use CreateObject("Chilkat_9_5_0.BinData") set ocspReply = CreateObject("Chilkat.BinData") success = resp.GetBodyBd(ocspReply) ' Convert the binary reply to JSON. ' Also returns the overall OCSP response status. ' For versions of Chilkat < 10.0.0, use CreateObject("Chilkat_9_5_0.JsonObject") set jsonReply = CreateObject("Chilkat.JsonObject") ocspStatus = http.ParseOcspReply(ocspReply,jsonReply) ' The ocspStatus can have one of these values: ' -1: The ARG1 does not contain a valid OCSP reply. ' 0: Successful - Response has valid confirmations.. ' 1: Malformed request - Illegal confirmation request. ' 2: Internal error - Internal error in issuer. ' 3: Try later - Try again later. ' 4: Not used - This value is never returned. ' 5: Sig required - Must sign the request. ' 6: Unauthorized - Request unauthorized. If (ocspStatus < 0) Then outFile.WriteLine("Invalid OCSP reply.") WScript.Quit End If outFile.WriteLine("Overall OCSP Response Status: " & ocspStatus) ' Let's examine the OCSP response (in JSON). jsonReply.EmitCompact = 0 outFile.WriteLine(jsonReply.Emit()) ' The JSON reply looks like this: ' (Use the online tool at https://tools.chilkat.io/jsonParse.cshtml ' to generate JSON parsing code.) ' { ' "responseStatus": 0, ' "responseTypeOid": "1.3.6.1.5.5.7.48.1.1", ' "responseTypeName": "ocspBasic", ' "response": { ' "responderIdChoice": "KeyHash", ' "responderKeyHash": "d8K4UJpndnaxLcKG0IOgfqZ+uks=", ' "dateTime": "20180803193937Z", ' "cert": [ ' { ' "hashOid": "1.3.14.3.2.26", ' "hashAlg": "SHA-1", ' "issuerNameHash": "9u2wY2IygZo19o11oJ0CShGqbK0=", ' "issuerKeyHash": "d8K4UJpndnaxLcKG0IOgfqZ+uks=", ' "serialNumber": "6175535D87BF94B6", ' "status": 0, ' "thisUpdate": "20180803193937Z", ' "nextUpdate": "20180810193937Z" ' } ' ] ' } ' } ' ' The certificate status: certStatus = -1 If (jsonReply.HasMember("response.cert[0].status") = 1) Then certStatus = jsonReply.IntOf("response.cert[0].status") End If ' Possible certStatus values are: ' -1: No status returned. ' 0: Good ' 1: Revoked ' 2: Unknown. outFile.WriteLine("Certificate Status: " & certStatus) outFile.Close |
||||
© 2000-2024 Chilkat Software, Inc. All Rights Reserved.