|
Chilkat • HOME • .NET Core C# • Android™ • AutoIt • C • C# • C++ • Chilkat2-Python • CkPython • Classic ASP • DataFlex • Delphi ActiveX • Delphi DLL • Go • Java • Lianja • Mono C# • Node.js • Objective-C • PHP ActiveX • PHP Extension • Perl • PowerBuilder • PowerShell • PureBasic • Ruby • SQL Server • Swift 2 • Swift 3,4,5... • Tcl • Unicode C • Unicode C++ • VB.NET • VBScript • Visual Basic 6.0 • Visual FoxPro • Xojo Plugin
(Delphi DLL) Import a PFX/P12 into the Windows Certificate StoresDemonstrates how to import the certificates contained in a .pfx/.p12 to the Windows certificate stores.
uses Winapi.Windows, Winapi.Messages, System.SysUtils, System.Variants, System.Classes, Vcl.Graphics, Vcl.Controls, Vcl.Forms, Vcl.Dialogs, Vcl.StdCtrls, CertChain, Cert, CertStore; ... procedure TForm1.Button1Click(Sender: TObject); var primaryCert: HCkCert; pfxPassword: PWideChar; success: Boolean; certChain: HCkCertChain; chainReachesRoot: Boolean; cert: HCkCert; i: Integer; numCerts: Integer; certStoreCU: HCkCertStore; certStoreCA: HCkCertStore; certStoreRootCA: HCkCertStore; readOnlyFlag: Boolean; allSuccess: Boolean; begin primaryCert := CkCert_Create(); // Load a PFX file into a certificate object. // The cert object will contain the certificate from the PFX that has a private key. // The certs in the chain of authentication (if contained in the PFX) are also loaded, // and can be accessed by getting the certificate chain (see below). // If the PFX did not include the issuer certs in the chain of authentication, then Chilkat will // automatically try to construct the issuer chain from the CA and intermedicate CA certs // already installed on the Windows system. pfxPassword := 'myPfxPassword'; success := CkCert_LoadPfxFile(primaryCert,'qa_data/pfx/somePfx.p12',pfxPassword); if (success = False) then begin Memo1.Lines.Add(CkCert__lastErrorText(primaryCert)); Exit; end; certChain := CkCert_GetCertChain(primaryCert); if (CkCert_getLastMethodSuccess(primaryCert) = False) then begin Memo1.Lines.Add(CkCert__lastErrorText(primaryCert)); Exit; end; // If the certificate chain reaches the root CA cert, then the last cert in the chain // is the root CA cert. chainReachesRoot := CkCertChain_getReachesRoot(certChain); if (chainReachesRoot = True) then begin Memo1.Lines.Add('The certificate chain reaches the root CA cert.'); end; i := 0; numCerts := CkCertChain_getNumCerts(certChain); while i < numCerts do begin cert := CkCertChain_GetCert(certChain,i); Memo1.Lines.Add('SubjectDN ' + IntToStr(i) + ': ' + CkCert__subjectDN(cert)); Memo1.Lines.Add('IssuerDN ' + IntToStr(i) + ': ' + CkCert__issuerDN(cert)); Memo1.Lines.Add('--'); CkCert_Dispose(cert); i := i + 1; end; // The primary cert having the private key will be imported into the Current User "My" certificate store. // Any intermediate root certificates will be imported into certificate store for intermediate certificate authorities. // The root CA cert will be imported into the Root CA cert store. // Let's open each of these 3 certificate stores.. certStoreCU := CkCertStore_Create(); certStoreCA := CkCertStore_Create(); certStoreRootCA := CkCertStore_Create(); readOnlyFlag := False; // "CurrentUser" and "My" are the exact keywords to select your user account's certificate store. success := CkCertStore_OpenWindowsStore(certStoreCU,'CurrentUser','My',readOnlyFlag); if (success = False) then begin Memo1.Lines.Add('Failed to open the CurrentUser/My certificate store for read/write.'); CkCertChain_Dispose(certChain); Exit; end; // Certificate store for intermediate certification authorities (CAs). success := CkCertStore_OpenWindowsStore(certStoreCA,'CurrentUser','CertificationAuthority',readOnlyFlag); if (success = False) then begin Memo1.Lines.Add('Failed to open the CurrentUser/CertificationAuthority certificate store for read/write.'); CkCertChain_Dispose(certChain); Exit; end; // Certificate store for trusted root certification authorities (CAs). success := CkCertStore_OpenWindowsStore(certStoreRootCA,'CurrentUser','Root',readOnlyFlag); if (success = False) then begin Memo1.Lines.Add('Failed to open the CurrentUser/Root certificate store for read/write.'); CkCertChain_Dispose(certChain); Exit; end; // Iterate over the certs in the chain and import each into the desired certificate store. allSuccess := True; i := 0; while i < numCerts do begin cert := CkCertChain_GetCert(certChain,i); if (i = 0) then begin // Import the primary certificate into the CurrentUser/My certificate store. success := CkCertStore_AddCertificate(certStoreCU,cert); if (success = False) then begin Memo1.Lines.Add(CkCertStore__lastErrorText(certStoreCU)); allSuccess := False; end; end else begin if ((i = (numCerts - 1)) and (chainReachesRoot = True)) then begin // Add the root CA certificate to the CurrentUser/Root certificate store. // (Your application can obviously choose whether this should be done or not. Perhaps you prompt the user.) // Note: If the root CA cert is already present in the Windows certificate store, Windows will display // a dialog to ask if it should be deleted. Chilkat does not explicitly display dialogs. success := CkCertStore_AddCertificate(certStoreRootCA,cert); if (success = False) then begin Memo1.Lines.Add(CkCertStore__lastErrorText(certStoreRootCA)); allSuccess := False; end; end else begin // This is an intermediate CA certificate. success := CkCertStore_AddCertificate(certStoreCA,cert); if (success = False) then begin Memo1.Lines.Add(CkCertStore__lastErrorText(certStoreCA)); allSuccess := False; end; end; end; if (success = False) then begin Memo1.Lines.Add('Failed to import certificate.'); end; CkCert_Dispose(cert); i := i + 1; end; CkCertChain_Dispose(certChain); Memo1.Lines.Add('allSuccess = ' + IntToStr(Ord(allSuccess))); CkCert_Dispose(primaryCert); CkCertStore_Dispose(certStoreCU); CkCertStore_Dispose(certStoreCA); CkCertStore_Dispose(certStoreRootCA); end; |
||||
© 2000-2024 Chilkat Software, Inc. All Rights Reserved.