DataFlex
DataFlex
PKCS11 Certificate Chain
See more PKCS11 Examples
Demonstrates how to make CA certs available for the certificate chain to be included when creating a signature (using a PKCS11 compatible smart card / USB token) such as for PDF, XMLDSig, etc.Note: This example requires Chilkat v9.5.0.88 or later.
Chilkat DataFlex Downloads
Use ChilkatAx-win32.pkg
Procedure Test
Boolean iSuccess
Handle hoPkcs11
Integer iSlotID
Boolean iReadWrite
Integer iUserType
String sPin
Variant vCert
Handle hoCert
Variant vCertVault
Handle hoCertVault
String sTemp1
Move False To iSuccess
// This example requires the Chilkat API to have been previously unlocked.
// See Global Unlock Sample for sample code.
// Note: Chilkat's PKCS11 implementation runs on Windows, Linux, Mac OS X, and other supported operating systems.
Get Create (RefClass(cComChilkatPkcs11)) To hoPkcs11
If (Not(IsComObjectCreated(hoPkcs11))) Begin
Send CreateComObject of hoPkcs11
End
// You will use the DLL (or shared lib) provided by your smart card vendor, or a DLL compatible with your smart card.
// On Windows, if the DLL is located in C:\Windows\System32, specify only the filename.
// Otherwise provide the full path.
Set ComSharedLibPath Of hoPkcs11 To "bit4xpki.dll"
Get ComInitialize Of hoPkcs11 To iSuccess
If (iSuccess = False) Begin
Get ComLastErrorText Of hoPkcs11 To sTemp1
Showln sTemp1
Procedure_Return
End
// Pass -1 for the slotID to open a session on the first non-empty slot.
Move -1 To iSlotID
// Open a session.
Move True To iReadWrite
Get ComOpenSession Of hoPkcs11 iSlotID iReadWrite To iSuccess
If (iSuccess = False) Begin
Get ComLastErrorText Of hoPkcs11 To sTemp1
Showln sTemp1
Procedure_Return
End
// Make it an authenticated session by calling Login.
Move 1 To iUserType
// Make sure to use the correct PIN for your smart card..
Move "0000" To sPin
Get ComLogin Of hoPkcs11 iUserType sPin To iSuccess
If (iSuccess = False) Begin
Get ComLastErrorText Of hoPkcs11 To sTemp1
Showln sTemp1
Get ComCloseSession Of hoPkcs11 To iSuccess
Procedure_Return
End
// Get the certificate (on the smart card) that has a private key.
Get Create (RefClass(cComChilkatCert)) To hoCert
If (Not(IsComObjectCreated(hoCert))) Begin
Send CreateComObject of hoCert
End
Get pvComObject of hoCert to vCert
Get ComFindCert Of hoPkcs11 "privateKey" "" vCert To iSuccess
If (iSuccess = True) Begin
Get ComSubjectCN Of hoCert To sTemp1
Showln "Cert with private key: " sTemp1
End
Else Begin
Showln "No certificates having a private key were found."
Get ComCloseSession Of hoPkcs11 To iSuccess
Procedure_Return
End
// If the certificates in the chain of authentication were contained on the smart card,
// then Chilkat would already have them (via the FindCert function) and the certs in the chain will be automatically used
// as needed when signing occurs.
// If you have CA certs located elsewhere, such as in .cer files, you can make them available to Chilkat in the following way:
Get Create (RefClass(cComChilkatXmlCertVault)) To hoCertVault
If (Not(IsComObjectCreated(hoCertVault))) Begin
Send CreateComObject of hoCertVault
End
// Please review the methods available in the XML certificate vault class. Different methods exist for adding certificates
// from various sources, such as PEM, PFX, or in-memory sources..
Get ComAddCertFile Of hoCertVault "someDir/caIntermediateCert.cer" To iSuccess
// ...
Get ComAddCertFile Of hoCertVault "someDir/caCert.cer" To iSuccess
// (Your code should check the return value to make sure it succeeded.)
Get pvComObject of hoCertVault to vCertVault
Get ComUseCertVault Of hoCert vCertVault To iSuccess
If (iSuccess = False) Begin
Get ComLastErrorText Of hoCert To sTemp1
Showln sTemp1
Get ComCloseSession Of hoPkcs11 To iSuccess
Procedure_Return
End
// --------------------------------------------------------------------------
// At this point, we have the cert (and certs in the chain of authentication) to be used for signing.
// The code for using the certificate in creating the digital signature, such as for a PDF, XML, etc., go here...
// --------------------------------------------------------------------------
// Revert to an unauthenticated session by calling Logout.
Get ComLogout Of hoPkcs11 To iSuccess
If (iSuccess = False) Begin
Get ComLastErrorText Of hoPkcs11 To sTemp1
Showln sTemp1
Get ComCloseSession Of hoPkcs11 To iSuccess
Procedure_Return
End
// When finished, close the session.
// It is important to close the session (memory leaks will occur if the session is not properly closed).
Get ComCloseSession Of hoPkcs11 To iSuccess
If (iSuccess = False) Begin
Get ComLastErrorText Of hoPkcs11 To sTemp1
Showln sTemp1
Procedure_Return
End
Showln "Success."
End_Procedure