getOCSPUrl static method
Fetches the OSCP url for the given certificate as pem. Supporting X509 and PKCS7 PEMs.
Will return an empty string if no url is found
Implementation
static String getOCSPUrl(String pem) {
var topLevelSeq;
if (pem.startsWith(BEGIN_PKCS7)) {
// We have a PKCS7 PEM, parse END certificate
var bytes = CryptoUtils.getBytesFromPEMString(pem);
var asn1Parser = ASN1Parser(bytes);
var top = asn1Parser.nextObject() as ASN1Sequence;
if (top.elements != null) {
var obj = top.elements!.elementAt(1);
var seq = ASN1Sequence.fromBytes(obj.valueBytes!);
var obj1 = seq.elements!.elementAt(3);
var seq1 = ASN1Sequence.fromBytes(obj1.encodedBytes!);
topLevelSeq = seq1.elements!.elementAt(0) as ASN1Sequence;
}
} else {
topLevelSeq = _getASN1SequenceFromPem(pem);
}
var dataSequence = topLevelSeq.elements!.elementAt(0) as ASN1Sequence;
var element = 0;
if (dataSequence.elements!.elementAt(0) is ASN1Integer) {
// The version ASN1Object is missing
element = -1;
}
if (dataSequence.elements!.length == 8) {
var extensionObject = dataSequence.elements!.elementAt(element + 7);
var extParser = ASN1Parser(extensionObject.valueBytes);
var extSequence = extParser.nextObject() as ASN1Sequence;
for (var subseq in extSequence.elements!) {
var seq = subseq as ASN1Sequence;
var oi = seq.elements!.elementAt(0) as ASN1ObjectIdentifier;
if (oi.objectIdentifierAsString == '1.3.6.1.5.5.7.1.1') {
var octet = seq.elements!.elementAt(1) as ASN1OctetString;
var sanParser = ASN1Parser(octet.valueBytes);
var authorityInfoAccessSeq = sanParser.nextObject() as ASN1Sequence;
for (var sub in authorityInfoAccessSeq.elements!) {
var seq = sub as ASN1Sequence;
var oi = seq.elements!.elementAt(0) as ASN1ObjectIdentifier;
if (oi.objectIdentifierAsString == '1.3.6.1.5.5.7.48.1') {
var asn1 = seq.elements!.elementAt(1);
var bit = ASN1IA5String.fromBytes(asn1.encodedBytes!);
return bit.stringValue!;
}
}
}
}
}
return '';
}