getOCSPUrl static method
Fetches the OSCP url for the given certificate as pem
. Supporting X509 and PKCS7 PEMs.
Will return an empty string if no url is found
Implementation
static String getOCSPUrl(String pem) {
var topLevelSeq;
if (pem.startsWith(BEGIN_PKCS7)) {
// We have a PKCS7 PEM, parse END certificate
var bytes = CryptoUtils.getBytesFromPEMString(pem);
var asn1Parser = ASN1Parser(bytes);
var top = asn1Parser.nextObject() as ASN1Sequence;
if (top.elements != null) {
var obj = top.elements!.elementAt(1);
var seq = ASN1Sequence.fromBytes(obj.valueBytes!);
var obj1 = seq.elements!.elementAt(3);
var seq1 = ASN1Sequence.fromBytes(obj1.encodedBytes!);
topLevelSeq = seq1.elements!.elementAt(0) as ASN1Sequence;
}
} else {
topLevelSeq = _getASN1SequenceFromPem(pem);
}
var dataSequence = topLevelSeq.elements!.elementAt(0) as ASN1Sequence;
var element = 0;
if (dataSequence.elements!.elementAt(0) is ASN1Integer) {
// The version ASN1Object is missing
element = -1;
}
if (dataSequence.elements!.length == 8) {
var extensionObject = dataSequence.elements!.elementAt(element + 7);
var extParser = ASN1Parser(extensionObject.valueBytes);
var extSequence = extParser.nextObject() as ASN1Sequence;
for (var subseq in extSequence.elements!) {
var seq = subseq as ASN1Sequence;
var oi = seq.elements!.elementAt(0) as ASN1ObjectIdentifier;
if (oi.objectIdentifierAsString == '1.3.6.1.5.5.7.1.1') {
var octet = seq.elements!.elementAt(1) as ASN1OctetString;
var sanParser = ASN1Parser(octet.valueBytes);
var authorityInfoAccessSeq = sanParser.nextObject() as ASN1Sequence;
for (var sub in authorityInfoAccessSeq.elements!) {
var seq = sub as ASN1Sequence;
var oi = seq.elements!.elementAt(0) as ASN1ObjectIdentifier;
if (oi.objectIdentifierAsString == '1.3.6.1.5.5.7.48.1') {
var asn1 = seq.elements!.elementAt(1);
var bit = ASN1IA5String.fromBytes(asn1.encodedBytes!);
return bit.stringValue!;
}
}
}
}
}
return '';
}