DataFlex
DataFlex
HTTPS Mutual Authentication using Smartcard or Token
See more HTTP Examples
Explains how to do HTTP TLS mutual authentication using an HSM (Smartcard or USB Token).Chilkat DataFlex Downloads
Use ChilkatAx-win32.pkg
Procedure Test
Boolean iSuccess
Handle hoHttp
Variant vCert
Handle hoCert
String sTemp1
Move False To iSuccess
Get Create (RefClass(cComChilkatHttp)) To hoHttp
If (Not(IsComObjectCreated(hoHttp))) Begin
Send CreateComObject of hoHttp
End
// To do HTTPS mutual authentication where the certificate and private key are stored
// on a smartcard or token, first load the Chilkat certificate object from the smartcard/token,
// and then pass the certificate object to the Http object's SetSslClientCert method.
// Doing HTTP mutual authentication is the same regardless of the source of the cert + private key.
// The steps are to first load the certificate from the source, then pass the cert object to the HTTP object.
// Chilkat provides methods for loading the certificate from a variety of sources, such as smartcards, tokens,
// .pfx/.p12 files, Windows registry-based certificate stores, PEM files, or other file formats.
Get Create (RefClass(cComChilkatCert)) To hoCert
If (Not(IsComObjectCreated(hoCert))) Begin
Send CreateComObject of hoCert
End
// The easiest way to load a certificate from an HSM is to call cert.LoadFromSmartcard with
// an empty string argument. Chilkat will detect the HSM and will choose the most appropriate
// underlying means for accessing and loading the default certificate + key from the HSM.
// The underlying means could be PKCS11, ScMinidriver, or MSCNG, depending on the HSM what it
// supports.
// For example:
// If you know the smart card PIN, it's good to set it prior to loading from the smartcard/USB token.
Set ComSmartCardPin Of hoCert To "12345678"
// To let Chilkat discover what smartcard or token is connected, pass an empty string to LoadFromSmartcard.
// When testing in this way, it's best to have only a single smartcard or token connected to the system.
Get ComLoadFromSmartcard Of hoCert "" To iSuccess
If (iSuccess = False) Begin
Get ComLastErrorText Of hoCert To sTemp1
Showln sTemp1
Showln "Certificate not loaded."
Procedure_Return
End
// If there are multiple certificates stored on the smartcard/token, then
// you can be more specific. See these examples:
// Load a Certificate from an HSM by Common Name
// Load a Certificate from an HSM by Serial Number
// It may be that you need to code at a lower level with a specific
// supported interface, such as PKCS11.
// See these examples:
// Use PKCS11 to Find a Specific Certificate
// Use PKCS11 to Find a Certificate with a Specified Key Usage
// Once you have the desired certificate, pass it to SetSslClientCert.
// Set the certificate to be used for mutual TLS authentication
// (i.e. sets the client-side certificate for two-way TLS authentication)
Get pvComObject of hoCert to vCert
Get ComSetSslClientCert Of hoHttp vCert To iSuccess
If (iSuccess <> True) Begin
Get ComLastErrorText Of hoHttp To sTemp1
Showln sTemp1
Procedure_Return
End
// At this point, the HTTP object instance is setup with the client-side cert, and any SSL/TLS
// connection will automatically use it if the server demands a client-side cert.
End_Procedure