EldoS | Feel safer!

Software components for data protection, secure storage and transfer

SBCertValidator.TElX509CertificateValidator

Also by EldoS: BizCrypto
Components for BizTalk® and SQL Server® Integration Services that let you securely store and transfer information in your business automation solutions.
#11996
Posted: 12/28/2009 10:56:49
by Qualisoft CQPD (Standard support level)
Joined: 03/13/2007
Posts: 55

How to obtain the CRL and OCSP responses after the call Validate method?

SBB 7.2.167 VB.NET SBCertValidator.TElX509CertificateValidator Validate method

thanks for help
#11997
Posted: 12/28/2009 11:23:13
by Eugene Mayevski (EldoS Corp.)

At the moment Validator doesn't provide them. Can you please describe what your particular need is, i.e. how are you going to use this information?


Sincerely yours
Eugene Mayevski
#11998
Posted: 12/28/2009 11:36:36
by Qualisoft CQPD (Standard support level)
Joined: 03/13/2007
Posts: 55

After the validation of the certificate (with sucess), i want to add the "Validation Data" in CMS package.

The method ElCMSSignature.AddCompleteValidationData does everything that i need to include.

If SBCertValidator.TElX509CertificateValidator Validate method returns the OCSP and the CRL, i can call ElCMSSignature.AddCompleteValidationData.

thanks
#11999
Posted: 12/28/2009 12:11:36
by Eugene Mayevski (EldoS Corp.)

Understood.

Validation of the certificate includes validation of the certificate itself, the certificate chain, and also retrieval and validation of the CRLs and OCSP responses. This means that there can be CRLs and OCSP responses retrieved for other certificates (in the chain or even taken from other CRLs and OCSP responses). We can add events, which will return CRLs and OCSP responses, used to validate certain certificates, but you will need to filter them to add only those, which are applicable. This will be done in Secureblackbox 8.0.


Sincerely yours
Eugene Mayevski
#12000
Posted: 12/28/2009 12:24:20
by Qualisoft CQPD (Standard support level)
Joined: 03/13/2007
Posts: 55

ok thanks.

which is the best way to obtain the CRL and OCSP responses?
CRL = ElHTTPCRLRetriever
OCSP = TElOCSPClient

Could you show an little example for ElHTTPCRLRetriever?

thanks
luis ricardo
#12001
Posted: 12/28/2009 12:47:15
by Eugene Mayevski (EldoS Corp.)

Do you want to obtain them by using the client classes yourself? This is *very* untrivial task, and I would recommend you waiting for SBB 8, whose first beta is expected in January.


Sincerely yours
Eugene Mayevski
#12002
Posted: 12/28/2009 12:56:04
by Qualisoft CQPD (Standard support level)
Joined: 03/13/2007
Posts: 55

I dont understand why is *very* untrivial task.
What SBB8 will do?

thanks
luis ricardo
#12015
Posted: 12/30/2009 09:03:31
by Eugene Mayevski (EldoS Corp.)

Quote
luis ricardo wrote:
I dont understand why is *very* untrivial task.


As I understand it, you want to retrieve the CRL location from the certificate, and then get the corresponding CRL? Then I recommend reading the RFC regarding CRLs and Delta CRLs. There are also other complexities in this aspect. but if you want to do this, you are welcome. ElHTTPCRLRetriever is an internal class. You should use regular HTTP/HTTPS client, as CRLs are retrieved via regular HTTP .

As for OCSP client, we don't have examples by hand, but the class is quite simple: you need to specify the certificate you want to check and it's CA certificate (this is a must), then call the appropriate method of TElHTTPOCSPClient to retrieve and parse the result.


Sincerely yours
Eugene Mayevski
Also by EldoS: MsgConnect
Cross-platform protocol-independent communication framework for building peer-to-peer and client-server applications and middleware components.

Reply

Statistics

Topic viewed 2158 times

Number of guests: 1, registered members: 0, in total hidden: 0




|

Back to top

As of July 15, 2016 EldoS Corporation will operate as a division of /n software inc. For more information, please read the announcement.

Got it!