Chilkat HOME .NET Core C# Android™ AutoIt C C# C++ Chilkat2-Python CkPython Classic ASP DataFlex Delphi ActiveX Delphi DLL Go Java Lianja Mono C# Node.js Objective-C PHP ActiveX PHP Extension Perl PowerBuilder PowerShell PureBasic Ruby SQL Server Swift 2 Swift 3,4,5... Tcl Unicode C Unicode C++ VB.NET VBScript Visual Basic 6.0 Visual FoxPro Xojo Plugin
(Delphi DLL) HTTPS Client Certificate using Smartcard or TokenSee more HTTP ExamplesExplains how to use a client certificate for HTTP TLS mutual authentication where the certificate and private key exists on an HSM (Smartcard or USB Token).
uses Winapi.Windows, Winapi.Messages, System.SysUtils, System.Variants, System.Classes, Vcl.Graphics, Vcl.Controls, Vcl.Forms, Vcl.Dialogs, Vcl.StdCtrls, Cert, Http; ... procedure TForm1.Button1Click(Sender: TObject); var http: HCkHttp; cert: HCkCert; success: Boolean; begin http := CkHttp_Create(); // To do HTTPS mutual authentication where the certificate and private key are stored // on a smartcard or token, first load the Chilkat certificate object from the smartcard/token, // and then pass the certificate object to the Http object's SetSslClientCert method. // Doing HTTP mutual authentication is the same regardless of the source of the cert + private key. // The steps are to first load the certificate from the source, then pass the cert object to the HTTP object. // Chilkat provides methods for loading the certificate from a variety of sources, such as smartcards, tokens, // .pfx/.p12 files, Windows registry-based certificate stores, PEM files, or other file formats. cert := CkCert_Create(); // The easiest way to load a certificate from an HSM is to call cert.LoadFromSmartcard with // an empty string argument. Chilkat will detect the HSM and will choose the most appropriate // underlying means for accessing and loading the default certificate + key from the HSM. // The underlying means could be PKCS11, ScMinidriver, or MSCNG, depending on the HSM what it // supports. // For example: // If you know the smart card PIN, it's good to set it prior to loading from the smartcard/USB token. CkCert_putSmartCardPin(cert,'12345678'); // To let Chilkat discover what smartcard or token is connected, pass an empty string to LoadFromSmartcard. // When testing in this way, it's best to have only a single smartcard or token connected to the system. success := CkCert_LoadFromSmartcard(cert,''); if (success = False) then begin Memo1.Lines.Add(CkCert__lastErrorText(cert)); Memo1.Lines.Add('Certificate not loaded.'); Exit; end; // If there are multiple certificates stored on the smartcard/token, then // you can be more specific. See these examples: // Load a Certificate from an HSM by Common Name // Load a Certificate from an HSM by Serial Number // It may be that you need to code at a lower level with a specific // supported interface, such as PKCS11. // See these examples: // Use PKCS11 to Find a Specific Certificate // Use PKCS11 to Find a Certificate with a Specified Key Usage // Once you have the desired certificate, pass it to SetSslClientCert. // Set the certificate to be used for mutual TLS authentication // (i.e. sets the client-side certificate for two-way TLS authentication) success := CkHttp_SetSslClientCert(http,cert); if (success <> True) then begin Memo1.Lines.Add(CkHttp__lastErrorText(http)); Exit; end; // At this point, the HTTP object instance is setup with the client-side cert, and any SSL/TLS // connection will automatically use it if the server demands a client-side cert. CkHttp_Dispose(http); CkCert_Dispose(cert); end; |
© 2000-2024 Chilkat Software, Inc. All Rights Reserved.