Chilkat HOME .NET Core C# Android™ AutoIt C C# C++ Chilkat2-Python CkPython Classic ASP DataFlex Delphi ActiveX Delphi DLL Go Java Lianja Mono C# Node.js Objective-C PHP ActiveX PHP Extension Perl PowerBuilder PowerShell PureBasic Ruby SQL Server Swift 2 Swift 3,4,5... Tcl Unicode C Unicode C++ VB.NET VBScript Visual Basic 6.0 Visual FoxPro Xojo Plugin
(SQL Server) HTTPS Mutual Authentication using Smartcard or TokenSee more HTTP ExamplesExplains how to do HTTP TLS mutual authentication using an HSM (Smartcard or USB Token).
-- Important: See this note about string length limitations for strings returned by sp_OAMethod calls. -- CREATE PROCEDURE ChilkatSample AS BEGIN DECLARE @hr int -- Important: Do not use nvarchar(max). See the warning about using nvarchar(max). DECLARE @sTmp0 nvarchar(4000) DECLARE @http int -- Use "Chilkat_9_5_0.Http" for versions of Chilkat < 10.0.0 EXEC @hr = sp_OACreate 'Chilkat.Http', @http OUT IF @hr <> 0 BEGIN PRINT 'Failed to create ActiveX component' RETURN END -- To do HTTPS mutual authentication where the certificate and private key are stored -- on a smartcard or token, first load the Chilkat certificate object from the smartcard/token, -- and then pass the certificate object to the Http object's SetSslClientCert method. -- Doing HTTP mutual authentication is the same regardless of the source of the cert + private key. -- The steps are to first load the certificate from the source, then pass the cert object to the HTTP object. -- Chilkat provides methods for loading the certificate from a variety of sources, such as smartcards, tokens, -- .pfx/.p12 files, Windows registry-based certificate stores, PEM files, or other file formats. DECLARE @cert int -- Use "Chilkat_9_5_0.Cert" for versions of Chilkat < 10.0.0 EXEC @hr = sp_OACreate 'Chilkat.Cert', @cert OUT -- The easiest way to load a certificate from an HSM is to call cert.LoadFromSmartcard with -- an empty string argument. Chilkat will detect the HSM and will choose the most appropriate -- underlying means for accessing and loading the default certificate + key from the HSM. -- The underlying means could be PKCS11, ScMinidriver, or MSCNG, depending on the HSM what it -- supports. -- For example: -- If you know the smart card PIN, it's good to set it prior to loading from the smartcard/USB token. EXEC sp_OASetProperty @cert, 'SmartCardPin', '12345678' -- To let Chilkat discover what smartcard or token is connected, pass an empty string to LoadFromSmartcard. -- When testing in this way, it's best to have only a single smartcard or token connected to the system. DECLARE @success int EXEC sp_OAMethod @cert, 'LoadFromSmartcard', @success OUT, '' IF @success = 0 BEGIN EXEC sp_OAGetProperty @cert, 'LastErrorText', @sTmp0 OUT PRINT @sTmp0 PRINT 'Certificate not loaded.' EXEC @hr = sp_OADestroy @http EXEC @hr = sp_OADestroy @cert RETURN END -- If there are multiple certificates stored on the smartcard/token, then -- you can be more specific. See these examples: -- Load a Certificate from an HSM by Common Name -- Load a Certificate from an HSM by Serial Number -- It may be that you need to code at a lower level with a specific -- supported interface, such as PKCS11. -- See these examples: -- Use PKCS11 to Find a Specific Certificate -- Use PKCS11 to Find a Certificate with a Specified Key Usage -- Once you have the desired certificate, pass it to SetSslClientCert. -- Set the certificate to be used for mutual TLS authentication -- (i.e. sets the client-side certificate for two-way TLS authentication) EXEC sp_OAMethod @http, 'SetSslClientCert', @success OUT, @cert IF @success <> 1 BEGIN EXEC sp_OAGetProperty @http, 'LastErrorText', @sTmp0 OUT PRINT @sTmp0 EXEC @hr = sp_OADestroy @http EXEC @hr = sp_OADestroy @cert RETURN END -- At this point, the HTTP object instance is setup with the client-side cert, and any SSL/TLS -- connection will automatically use it if the server demands a client-side cert. EXEC @hr = sp_OADestroy @http EXEC @hr = sp_OADestroy @cert END GO |
© 2000-2024 Chilkat Software, Inc. All Rights Reserved.